I'm a registered rep in a one-man office. In the space I'm leasing there's also a CPA, a business consultant, an insurance agent, and a registered investment advisor. The space is like an executive office suite, and we each have our own private offices around a central square of cubicles occupied by secretaries for the CPA. Until recently, the RIA was also a registered rep of my broker-dealer, and we referred clients to each other. My firm is now saying that I can't refer clients to him due to privacy concerns. I think they're just doing this because he resigned as a registered rep to start his own RIA. What do you think?

— S. D., Oklahoma

It sounds like your broker-dealer may be concerned with possible violations of Regulation S-P. Reg S-P prohibits disclosure to unaffiliated third parties of "nonpublic personal information." This is defined as: "(i) Personally identifiable financial information; and (ii) Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available ...."

The rule goes on to say that nonpublic personal information does not include: "(i) Publicly available information ...[unless] ... disclosed in a manner that indicates the individual is or has been your consumer; or (ii) Any list ... derived without using any personally identifiable financial information that is not publicly available ...." While a name and address, in and of itself, is public information, in your case there would likely be an issue since the referral would likely indicate that they are the broker-dealer's clients.

The way to mitigate this is by complying with §248.10 of Reg S-P, which provides the conditions for disclosure to a nonaffiliated third party where: "(i) You have provided to the consumer an initial notice as required under §248.4; (ii) You have provided to the consumer an opt out notice as required in §248.7; (iii) You have given the consumer a reasonable opportunity ... to opt out of the disclosure; and (iv) The consumer does not opt out." If there's bad blood between the former rep and your broker-dealer, however, it may not authorize you to provide the notice and opt-out offer to clients.

On the other hand, if you also refer clients to the CPA or other nonaffiliated third parties, the clients may have already been provided with the required notice and opt-out offer. In that case, you'll have to decide whether you want to fight with your firm over this issue.

What's the rule regarding providing clients their statements via our website rather than mailing them?

— P. F., Texas

FINRA Rule 2210 talks in general terms about communicating with the public. However, I understand you're looking for more specifics regarding the internet, websites, and client communications. For the most part, the SEC has not updated its policy regarding electronic communications since 1996 when it came out with Release No. 33-7288. Putting aside issues of consent and notice, we're left with essentially two main points. First, the SEC wants to ensure that clients actually receive the electronic communications and second, you need to take reasonable steps to ensure the security of the information transmitted.

As to the first point, the SEC says that "If information is made available electronically through a passive delivery system, such as an internet website...separate notice would be necessary to satisfy the delivery requirements unless [you] can otherwise evidence that delivery to the ... client has been satisfied." While I'm no computer expert, I believe your IT person should be able to set up your website to provide some confirmation that clients have accessed their statements.

As to the second point, the release says that you "should take reasonable precautions to ensure the integrity, confidentiality, and security of that information, regardless of" how it's delivered. The SEC hasn't specified what "reasonable precautions" means but it's safe to say that with hacking becoming more prevalent, you'd better make sure your firewalls are up to the task.

Alan J. Foxman is an attorney with the law offices of Rita G. Dew, P.A.
and a senior consultant with National Compliance Services, Inc.
in Delray Beach, Fla. He can be contacted at: 
this email address.