United States: NASAA Adopts Model Rules On Information Security For Investment Advisers

The North American Securities Administrators Association ("NASAA") adopted a model rule package intended to strengthen the data privacy and information security policies of state-registered investment advisers. The model rule is similar to rules adopted by other regulators and is consistent with the implementation of the Fair Credit Reporting Act. The model rule tracks Rule 248.201 of the SEC's Regulation S-ID ("Duties regarding the Detection, Prevention and Mitigation of Identity Theft").

The model rule package consists of three components:

• a model rule mandating that a state-regulated investment adviser adopt policies on information security and that the adviser provide its privacy policy to its clients on an annual basis;
• an amendment to the existing investment adviser NASAA model recordkeeping requirements rule, mandating that investment advisers maintain a copy of privacy policies; and
• an amendment to the existing NASAA " Unethical Business Practices of Investment Advisers," providing that the failure of an adviser to establish, maintain or enforce a required policy (not limited to a privacy policy) is an unethical business practice.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.