One manager here in Virginia recently enjoyed a surprise SEC Audit. When the examiner learned she had client user ids and passwords (so that she could access their 401k plans to retrieve statements for manual entry), the examiner had her log on to each account. He then spent “considerable time poking around” to see if she could withdraw funds.
Fortunately, no account had withdrawal access. But if it did, she would have been deemed to have custody of the client funds.
Several years ago, a different auditor ruled that simply having the passwords gave my manager custody of assets. That examiner didn’t even bother “poking around.”
What should do if you have client passwords?
- Prepare now. The Securities and Exchange Commission intends to visit all advisors who have never been examined before 2015 ends.
- If you have client account information, logon and “poke around” before the SEC auditor visits. Find out if there is any way to withdraw funds.
- Move every account you can to a place where it can be downloaded.
- If you can’t roll the accounts to your broker, consider a service that aggregates data like DST Fanmail, passPort or ByAllAccounts.
- Have the client change their password and begin sending you PDF statements through a secure drop box.
- Consider whether the manual entry for the accounts involved is worth the extra labor costs and audit risks. It may be better for everyone not to include small accounts in your management.
Bottom line: Beware of having client user ids and passwords. The broker could change their software at any moment and suddenly you’ll have “custody.”
Photo used here under Flickr Creative Commons.