Recently, I moved to a new firm. One of my clients had a variable annuity, and my new firm had what I thought was a better product. I did a 1035 Exchange, and had it approved by my manager. While the annuity has performed well (better than the old one, in fact) the client has recently begun to make some noise about the surrender charge (which we'd discussed in advance and, which was made up for by a bonus that the new annuity paid). My manager and I both have spoken with the client but I'm still concerned he may file a complaint against me. Is there anything I should be concerned about?

— S.P., Chicago

I'd love to say you have nothing to worry about, but these days you never know what might happen. In general, as long as you have good documentation of your discussions with the client and can demonstrate that the new annuity really is better than the old one, you should be fine, even if the client makes a complaint. In the recent Examination Priorities letter from FINRA, the regulatory agency noted that "examiners will continue to focus on the sale and supervision of variable annuities in 2010 and will closely review recommendations made to senior investors to purchase or redeem variable annuities. They will also continue to review the rationale for instances in which a variable annuity is exchanged for another annuity, including exchanges that involve equity-indexed annuities, exchanges resulting from a representative's change in employment and exchanges that may be based on the financial condition of the issuing insurance company." For more information on variable annuities, log onto www.finra.org/variable_annuities.

Not long ago, I had to terminate a number of registered reps in my branch due to a merger. It was unfortunate, but necessary. I know several of these people were very upset and I sympathize with them. But, I am concerned about some of the security of our client's information and I worry these clients might become victims of identity theft from one or more of the terminated individuals. My superiors, however, seem more concerned about making sure the terminated reps don't steal our clients than they are about them stealing the clients' information. Am I right to be concerned?

— D.G., California

Identity theft should always be a concern these days and the threat from former employees during this time of corporate downsizing can be particularly worrisome. There have been several high-profile problems in recent years as a result of poor information technology management within firms. Consequently, firms must make sure to control employee access and establish checks and balances to ensure that only currently authorized personnel can get into these systems. Not only can such security breaches harm the clients, but they can also be costly and significantly damage a firm's reputation. The Securities and Exchange Commission's Regulation S-P requires firms to have policies and procedures that address administrative, technical and physical safeguards for the protection of customer information and records. And, according to FINRA, firms must ensure that their policies and procedures are "reasonably designed to protect against any anticipated threats or hazards to the security and integrity of customer records and information." For example, could an advisor have obtained a customer's account password? Something as simple as requiring customers to periodically change their passwords could save both the client and the firm problems.

Alan J. Foxman, ESQ., is an attorney with Fred Chikovsky & Assoc. in Boca Raton, Fla. His comments are not intended to be legal advice.