Why Client Logins Are A Compliance Disaster (And How To Avoid One)

Imagine losing your clients’ trust and facing hefty fines — all because of a seemingly harmless practice: sharing client login credentials. Years ago, the industry sounded the alarm on investment advisors using client usernames and passwords to access accounts. Despite widespread adoption of the model rule prohibiting this practice, some firms continue to do so — putting both themselves and their clients at risk. This blog aims to shed light on the risks involved and offer safer alternatives while highlighting how AdvisorLaw can help advisors navigate the ever-evolving compliance landscape.

Avoid Compliance Headaches: The Dangers of Sharing Client Logins

  • Regulatory Violation:  Most States have adopted the NAASA model rule, prohibiting the practice of using client login credentials to access client accounts at custodians. In these states, doing so is a regulatory violation that’s punishable by penalties, including fines and possibly suspensions.
  • Custody Concerns: Granting login access gives advisors the ability to withdraw funds or securities. Where this practice is not yet prohibited, it creates other complications for a firm. Using client login credentials creates a situation where the firm now has custody and is subject to all of the custody rules, including surprise audits. Failure to report this activity as custody on your ADV may lead to hefty fines, other penalties, and reputational damage.
  • Recordkeeping Woes: Differentiating between advisor and client activity becomes an impossible task when shared logins are used. This will lead to inaccurate recordkeeping at the custodian — hindering compliance and exposing the firm to potential regulatory sanctions.
  • Security Vulnerabilities: Sharing sensitive information like passwords increases the risk of cyberattacks. If compromised, both advisor and client are exposed to potential financial losses, which can both damage trust and potentially trigger legal repercussions.
  • Breaching User Agreements: Many online platforms forbid sharing login credentials. Utilizing a client’s login credentials likely induces the client to breach their agreement with the custodian. Doing so could jeopardize account security and potentially lead to disclaimers of liability from the platform in the case of a breach, leaving your client vulnerable and breaching your fiduciary duty to your client.

Safer Alternatives For Compliant Advisors

  • Request Account Statements: Ask clients to regularly provide copies of their account statements for performance monitoring. This fosters transparency and adheres to compliance regulations.
  • Leverage Account Aggregation Platforms: Explore platforms that grant advisors read-only access to client accounts, without the ability to make transactions. This provides valuable insights while maintaining compliance and security. Pontera is an example of a company that offers this solution. 
  • Utilize Limited Access Features: Some platforms offer options for clients to grant advisors limited access, enabling them to view performance but not actively manage the account. In this scenario, the advisor is given their own login credentials. This empowers clients while maintaining compliance.

AdvisorLaw: Your Partner In Compliance Navigation

Navigating the complex world of investment advisor compliance can be daunting. That’s where AdvisorLaw comes in — our team of experienced attorneys and compliance professionals provides:

  • Compliance Audits & Reviews: Identify and address potential compliance risks before they become problems.
  • Customizable Compliance Programs: Develop tailored programs that meet your firm’s unique needs and regulatory requirements.
  • Ongoing Support & Guidance: Stay up to date on the latest regulations and best practices with our ongoing support and expert guidance.

Remember, your client’s financial security and your firm’s reputation are paramount. Choose safer alternatives for monitoring client accounts, and prioritize compliance with the help of AdvisorLaw.

Contact us today for a complimentary consultation and learn how we can help you navigate the ever-evolving regulatory landscape with confidence.

SEC & State | Compliance Blog Contact