NEW Regulation Requirements with Implications for all RIA's

Feb. 23, 2010 - PRLog -- Massachusetts Regulation 201 CMR 17.00 requires all Investment Advisers with even just one client residing in Massachusetts to:

•Create and implement a Written Information Security Plan (WISP) outlining administrative, technical and physical safeguards for the protection of personal information for Massachusetts residents;  

•Ensure that all records containing any personal information are now digitally encrypted. RIA’s are now responsible for the update of all technology and system security measures on computers that process and retain personal information;

•Include a mandatory breach notification standard where any security breach must be reported to the Attorney General, the Director of Consumer Affairs and Business Regulation, and the affected resident(s);  

•Designate a firm representative to maintain the security program, evaluate on-going internal and external risks and document employee training.

EVEN IF YOU DO NOT HAVE MASSACHUSETTS CLIENTS, Massachusetts may be setting the new standard as many states are now contemplating similar regulation.  

On July 22, 2009, Senator Leahy introduced “The Personal Data Privacy and Security Act of 2009” to prevent and mitigate identity theft, to ensure privacy, and to provide notice of security breaches and misuse of personally identifiable information.

The bill may become law before the end of the year. Essentially, Congress is considering making the Massachusetts rule applicable to all RIA’s in America.

To learn more about the new Massachusetts rule (and what to do about it), please visit www.lexingtoncompliance.com.

Lexington Compliance’s mission is to assist you with this and all other post registration compliance issues. We offer specialized levels of service for all sizes of RIA’s to help you meet your specific compliance obligations.

The regulatory horizon for RIA’s is changing and Lexington Compliance is the reasonably priced way of making sure you stay on top of these issues, for as low as $99/mo.  

For inquiries, please contact our Director of Post Registration Compliance, Hovig Melkonian, at (646) 867-3755 or hmelkonian@lexcompliance.com to learn more.

# # #

Lexington Compliance provides post registration compliance services to registered investment advisory firms. Continuous compliance support is available based on the level needed by each RIA. Lexington provides four levels of continuous service ranging from 7 day a week email support to compliance review of ads and materials to phone support. Lexington also offers on-site mock audits that mimic the real compliance audit conducted by the SEC or your home state. Our Director of Compliance will visit your office and review your entire practice to ensure total compliance with your jurisdiction’s rules and regulations.