Section 4 Laws, Regulations, and Guidelines

Ethical Practices and Fiduciary Obligations

55 min read · Lesson 8 of 8

Ethical practices and fiduciary obligations are the heaviest single category on the Series 66 — testing the rules that separate legal from illegal, prudent from negligent, and disclosure from concealment. About one in four exam questions you face will be drawn from this material.

The chapter is organized around three lenses. Section 1 covers the affirmative duties advisers and agents owe their clients. Section 2 covers the prohibited practices that violate those duties. Section 3 covers the operational safeguards — custody, privacy, vulnerable adult protection, business continuity — that translate those duties into day-to-day practice.

In this chapter
55 min · 15 concept checks
§1
Duties, Standards & Conflicts
~20 min · 5 checks
§2
Prohibited Practices
~22 min · 5 checks
§3
Operational Safeguards
~13 min · 5 checks
Summary
Exam Essentials
Cram-pass review
Section 1 of 3 ~20 min · 5 concept checks

Duties, standards, and conflicts of interest

What "best interest" actually means

The phrase "best interest of the client" appears in three different regulatory regimes that each apply to different professionals at different moments. The Series 66 expects you to distinguish them precisely.

An investment adviser owes a fiduciary duty — the highest standard. It is continuous, not point-of-sale. It survives the recommendation. It requires not just acting in the client's best interest, but proving you did so through disclosure of all material conflicts, full transparency of compensation, and loyalty that places the client's interests ahead of the firm's.

A broker-dealer agent is subject to Regulation Best Interest (Reg BI) under SEC Rule 15l-1. Reg BI applies at the time of recommendation — not before, not after — and requires the agent to act in the customer's best interest without placing the firm's financial interests ahead of the customer's. Reg BI is enforced through four obligations: Care, Disclosure (including Form CRS), Conflict of Interest, and Compliance.

Underlying both standards is the older suitability obligation under FINRA Rule 2111 — a recommendation must be suitable given the customer's profile. Suitability remains in effect but Reg BI is the higher BD standard. Suitability has three components: reasonable-basis (the product works for someone), customer-specific (it fits this customer), and quantitative (the pattern of recommendations is appropriate).

Highest standard

Fiduciary duty

IAA §206 · State USA

Applies toIAs, IARs
TimingContinuous
TriggerAdvice relationship

Components

  • Duty of care
  • Duty of loyalty
  • Full disclosure
  • Conflict management
Point of sale

Regulation Best Interest

SEC Rule 15l-1

Applies toBDs, agents
TimingAt recommendation
TriggerEach recommendation

Four obligations

  • Care
  • Disclosure (Form CRS)
  • Conflict of interest
  • Compliance
Baseline

Suitability

FINRA Rule 2111

Applies toBDs, agents
TimingAt recommendation
TriggerRecommendation

Three components

  • Reasonable-basis
  • Customer-specific
  • Quantitative
⚖️ Fiduciary vs. Reg BI — Scenario Sorter
Read each scenario and decide: does this fall under an adviser's ongoing fiduciary duty or a BD's Regulation Best Interest obligation?
Score: 0 / 0

Compensation

  • Fees: Assets under management (AUM) fees, flat fees, hourly fees. Must be fully disclosed.
  • Commissions: Transaction-based compensation. Creates potential conflict of interest (incentive to trade more).
  • Performance-based fees: Only permitted with qualified clients (generally $1.1 million+ AUM or $2.2 million+ net worth). Must use a fulcrum fee structure.
  • Soft dollars: Using client commissions to pay for research and services. Permitted under Section 28(e) safe harbor if used for eligible research that benefits clients.
  • All compensation must be disclosed to clients

Compensation and the duty to disclose it

How an adviser or agent is paid is itself a conflict of interest, and the duty to disclose compensation is one of the most heavily tested topics in this chapter.

  • AUM, flat, and hourly fees — the standard adviser compensation models. All must be disclosed in Form ADV Part 2A (the brochure) and in the advisory contract.
  • Commissions — transaction-based compensation creates an incentive to recommend more trades. The Reg BI Care Obligation requires BDs to consider whether commission-based recommendations remain in the customer's best interest.
  • Performance-based fees — permitted only with qualified clients: generally $1.1M+ AUM with the adviser or $2.2M+ net worth. The NASAA Performance-Based Compensation Exemption Model Rule 102(f)-3 mirrors the federal threshold.
  • Referral fees and solicitor arrangements — permitted with written disclosure under SEC Rule 206(4)-3 (the Cash Solicitation Rule) and equivalent NASAA rules. The conflict must be disclosed before the client engages, not after.
  • Markups, markdowns, and commissions — governed by FINRA Rule 2121 (Fair Prices and Commissions). Compensation must be fair and reasonable considering the type of security, availability in the market, price, the amount of money involved, the firm's overall pattern of charges, and disclosure to the customer. The historical 5% guideline is a starting reference, not a safe harbor. The rule applies whether the firm acts as principal (markup/markdown) or agent (commission), and excessive markups are a violation regardless of how the charge is labeled.

Conflicts of Interest and Prohibited Activities

  • Loans to/from clients: Advisers should not borrow from or lend to clients
  • Sharing in profits/losses: Generally prohibited unless the adviser contributes proportionally
  • Client confidentiality: Must protect non-public personal information (Regulation S-P)
  • Insider trading: Strictly prohibited. Trading on material non-public information (MNPI) violates Section 10b-5
  • Selling away: Engaging in securities transactions outside the scope of employment with the firm — prohibited
  • Market manipulation: Any scheme to artificially influence the price of a security
  • Personal securities transactions: Must be reported and monitored. Access persons must submit holdings and transaction reports.
  • Outside securities accounts: Must be disclosed and approved
  • Political contributions (pay-to-play): Restrictions under SEC Rule 206(4)-5 to prevent advisers from winning government contracts through political donations

Conflicts of interest — the framework

A fiduciary cannot eliminate every conflict of interest, but must identify, mitigate, and disclose each one. The Series 66 tests the categorical prohibitions plus the disclosure-and-mitigate cases.

Prohibitions (no disclosure cures these):

  • Borrowing from or lending to clients (outside approved channels — e.g., margin from the firm's clearing broker)
  • Sharing in profits and losses of a client's account (limited exception for proportional contributions in joint accounts)
  • Trading on or tipping material nonpublic information (insider trading)
  • Misappropriating client assets

Permitted with full written disclosure:

  • Soft dollar arrangements within the Section 28(e) safe harbor
  • Principal trades by an adviser (with prior written client consent per trade under SEC Rule 206(3))
  • Agency cross transactions (NASAA Model Rule 102(f)-1 — covered in Section 3)
  • Outside business activities and outside brokerage accounts (notice to firm)

The Uniform Prudent Investor Act, adopted by most states, supplies the background standard for trustees and advisers managing client assets — diversify, balance risk and return, consider beneficiary circumstances, delegate prudently. The Series 66 does not require detailed knowledge of every UPIA provision but does expect you to recognize the name and its central premise: prudence is evaluated at the portfolio level, not investment-by-investment.

Pay-to-play — SEC Rule 206(4)-5 and MSRB Rule G-37

The pay-to-play rules restrict political contributions by financial professionals who solicit business from government entities. Two parallel regimes apply, and the Series 66 tests both.

SEC Rule 206(4)-5 (investment advisers): An adviser that makes a political contribution to an official with influence over advisory contracts must wait 2 years before receiving compensation from that government entity. De minimis exceptions: $350 per election for officials the contributor can vote for; $150 for those they cannot.

MSRB Rule G-37 (municipal securities professionals): Substantively similar — a 2-year ban on municipal securities business with an issuer following a triggering political contribution by a covered associate, with parallel de minimis thresholds ($250 per election for officials the contributor can vote for, $0 otherwise).

Both rules apply to the firm, not just the individual: a contribution by a covered associate can trigger the time-out for the entire firm. Both rules require ongoing record-keeping of all covered contributions even when no government business is being sought at the time. Refunding the contribution does not cure the violation if it is discovered after the fact.

Code of Ethics — SEC Rule 204A-1

Every registered investment adviser must adopt, distribute, and enforce a written Code of Ethics under SEC Rule 204A-1. The Code governs the personal securities trading of supervised persons and, more strictly, access persons — supervised persons with access to nonpublic information about client transactions or recommendations.

The Rule has three reporting requirements that the Series 66 tests directly:

  • Initial holdings report — due within 10 days of becoming an access person, with data current within 45 days.
  • Quarterly transaction reports — due within 30 days of each quarter-end, listing every reportable personal securities transaction.
  • Annual holdings report — due at least once per 12-month period, again with data current within 45 days.

Pre-clearance is required for IPOs and limited offerings (private placements) — not for routine trading in publicly available securities. The Code must also require prompt internal reporting of violations to the chief compliance officer and must prohibit fraud against clients in any personal trading activity. Failure to maintain or enforce an effective Code of Ethics is itself a violation, independent of any underlying trading misconduct.

Standards-of-care answer framework

When a question asks about a duty owed by an industry professional, identify who and when first:

  • Investment adviser or IAR → fiduciary duty, always, continuously. Look for "ongoing", "monitoring", "review", "throughout the relationship".
  • BD or agent recommending a security → Reg BI. Look for "recommended", "at the time of purchase", "Form CRS".
  • BD or agent without a recommendation → suitability does not attach; only general fair-dealing and anti-fraud duties apply.

A question that names "the investment adviser" and asks about a continuing obligation is almost certainly testing fiduciary duty. A question that names "the registered representative" and references the moment of a trade is almost certainly Reg BI.

Section 2 of 3 ~22 min · 5 concept checks

Prohibited practices

The NASAA Statements of Policy — how prohibited practices are codified

State securities law does not list every prohibited practice in statute. Instead, NASAA has issued Statements of Policy that enumerate dishonest and unethical practices for each kind of registrant. State administrators incorporate these by reference, and the practices listed are testable by name.

  • NASAA Statement of Policy on Dishonest or Unethical Business Practices of Broker-Dealers and Agents — the primary list of prohibited BD and agent conduct. Includes churning, unauthorized trading, market manipulation, misrepresentations, and many more.
  • NASAA Unethical Business Practices of Investment Advisers, Investment Adviser Representatives, and Federal Covered Advisers Model Rule 102(a)(4)-1 — the parallel list for advisory personnel.
  • NASAA Statement of Policy on Dishonest or Unethical Practices in Connection with Investment Company Shares — covers mutual fund-specific abuses including breakpoint sales, switching, and share-class abuse.

The structure that follows organizes the prohibitions into four categories: market manipulation, misrepresentation and omission, account abuse, and personal conduct violations.

Market manipulation

Distorting fair price discovery

  • Spoofing and layering
  • Front-running customer orders
  • Wash sales and matched orders
  • Pump-and-dump schemes

SEA §9, §10(b), Rule 10b-5

Misrepresentation and omission

False or misleading communications

  • Guarantees of return or principal
  • Material omissions of fact
  • Misleading sales literature
  • Off-prospectus claims about funds

SA §17(a), FINRA Rule 2210

Account abuse

Improper handling of customer accounts

  • Churning and excessive trading
  • Unauthorized transactions
  • Unsuitable recommendations
  • Switching funds for commissions

FINRA 2111, 2010; NASAA SoP

Personal conduct violations

Self-interest conflicting with duty

  • Insider trading on MNPI
  • Selling away from the firm
  • Undisclosed outside business activity
  • Outside brokerage accounts

FINRA 3210, 3270, 3280; Rule 10b-5

Market manipulation

Market manipulation is the deliberate creation of false or misleading market activity to influence price or volume. It carries both civil and criminal liability under Section 9(a) of the Securities Exchange Act (manipulative trading) and Section 10(b) plus Rule 10b-5 (manipulative or deceptive devices).

  • Spoofing — entering bids or offers with the intent to cancel before execution, creating false impressions of demand or supply. Made explicitly illegal by Dodd-Frank.
  • Layering — a form of spoofing using multiple non-bona-fide orders at different price levels to push the market.
  • Front-running — trading ahead of a known pending customer order to profit from the price movement that order will cause. Both an internal-policy violation and a Rule 10b-5 fraud.
  • Wash sales and matched orders — transactions in which no real change of beneficial ownership occurs, designed to create the appearance of trading activity.
  • Pump-and-dump — spreading false positive information to inflate a security's price, then selling personal holdings into the manufactured demand.

The Series 66 favors fact-pattern questions: candidates are given a description of trading behavior and asked to identify which prohibited practice it represents. The cleanest tells are intent to cancel (spoofing/layering), trading ahead of customer flow (front-running), and no real change of ownership (wash sales).

Misrepresentation and omission

Misrepresentation includes both affirmative false statements and material omissions — failure to state a fact necessary to make other statements not misleading. Both are fraud under Section 17(a) of the Securities Act, Rule 10b-5, and state antifraud provisions.

  • Guarantees of return or against loss — never permitted, in any product. "Guaranteed by FDIC" applies only to insured deposits; "guaranteed by the U.S. Treasury" applies only to direct Treasury obligations. Any other guarantee language is a violation.
  • Off-prospectus claims — statements about a mutual fund that contradict or exceed prospectus disclosures, including hypothetical performance, projected returns, or unstated benefits.
  • Misleading use of titles or credentials — representing oneself as a "senior specialist" or implying certifications not actually held. The NASAA Model Rule on the Use of Senior-Specific Certifications and Professional Designations addresses this directly.
  • Implying registration confers approval — never claim that registration with the SEC or a state means the regulator has approved the firm, an offering, or its merits. This is one of the most heavily tested violations because the answer is counterintuitive: registration is approval of paperwork, not of merit.

Omissions are equal-rank violations: failing to disclose a material conflict, a material fact about a security, or a material limitation on a representation is fraud, not merely an oversight.

Bank-network sales — NASAA Rules for Sales of Securities at Financial Institutions (1998). When securities are sold on the premises of a bank, savings institution, or credit union, customers must receive four mandatory disclosures — in writing at account opening and orally at the time of any recommendation: the securities are not FDIC-insured, are not a deposit or obligation of the bank, are not guaranteed by the bank, and may lose value, including loss of principal. The selling area must be physically distinct from the deposit-taking area whenever practicable, signage must be displayed, and the institution must establish written customer-complaint procedures. The rule's purpose is to prevent customers from confusing securities products with insured deposits — one of NASAA's most persistent enforcement themes.

Account abuse — including the NASAA SoP on Investment Company Shares

Account abuse is the cluster of prohibited practices that mistreat the customer through the handling of their account. The Series 66 tests each of these by fact-pattern.

  • Churning — excessive trading not justified by the customer's investment objectives. FINRA examiners look at turnover ratio (annualized purchases divided by account equity), cost-to-equity ratio, and the suitability of the pattern. Quantitative suitability under FINRA Rule 2111 codifies the standard.
  • Unauthorized transactions — trades placed without the customer's prior consent, except in accounts where written discretionary authority has been granted. Even a "good faith" trade without authorization is a violation.
  • Unsuitable recommendations — failure to match the recommendation to the customer profile. Three suitability prongs apply: reasonable-basis, customer-specific, quantitative.
  • Switching — recommending the sale of one mutual fund to buy another with the primary motivation of generating commissions, particularly where switching creates new sales charges that erode value.

The NASAA Statement of Policy on Dishonest or Unethical Practices in Connection with Investment Company Shares codifies several mutual-fund-specific abuses by name:

  • Breakpoint sales — failing to inform customers that an investment slightly above their planned amount would qualify for a reduced sales charge.
  • Share-class abuse — recommending a higher-cost share class when the customer qualifies for or would be better served by a lower-cost class.
  • Letter of intent failures — not offering a customer the option to use a Letter of Intent (LOI) to reach a breakpoint over 13 months.

Personal conduct violations

The final category covers acts by the registered person themselves that conflict with their duty to the firm and the firm's customers.

  • Selling away (FINRA Rule 3280) — participating in any securities transaction outside the regular course of employment. Prior written notice to the firm is always required, regardless of compensation. If compensation is received, the firm must approve and supervise the transaction. The transaction need not involve a firm customer to be a violation.
  • Outside business activities (FINRA Rule 3270) — non-securities business activities outside the firm, including any compensated outside work. Written notice to the firm is required prior to commencement.
  • Outside brokerage accounts (FINRA Rule 3210) — brokerage accounts maintained by a registered person at any firm other than their employer require written consent from the employing firm. The executing firm must send duplicate confirmations and statements to the employing firm on request.
  • Gifts and entertainment — FINRA Rule 3220 caps gifts to or from anyone associated with a customer relationship at $100 per person per year. Ordinary business entertainment is excluded.

The distinction between 3270 (OBA, non-securities) and 3280 (selling away, securities) is heavily tested. The single-question diagnostic: does the outside activity involve a securities transaction? If yes, 3280 applies; if no, 3270.

Insider Trading — Material Non-Public Information (MNPI)

Insider trading violations under Section 10b-5 of the Securities Exchange Act of 1934:

  • Material: Information that a reasonable investor would consider important in making an investment decision (e.g., earnings surprises, mergers, FDA approvals, executive departures)
  • Non-public: Not yet widely disseminated to the investing public
  • Who is liable:
    • The person who trades on MNPI
    • The person who tips others (even if they don't trade themselves)
    • The person who receives the tip and trades
    • The firm that fails to supervise and prevent it
  • Penalties: Treble damages (3x the profit gained or loss avoided), criminal fines, imprisonment
  • Prevention: Firms maintain information barriers ("Chinese walls") between departments that have MNPI and trading desks

Anti-Money Laundering (AML)

  • Bank Secrecy Act (BSA) and USA PATRIOT Act requirements
  • Customer Identification Program (CIP): Verify identity before opening accounts
  • Suspicious Activity Reports (SARs): File for transactions of $5,000+ that appear suspicious. Do NOT notify the customer.
  • Currency Transaction Reports (CTRs): File for cash transactions exceeding $10,000

AML answer framework — three rules that win most questions

  • SAR threshold: $5,000 for transactions that appear suspicious. Filed within 30 days. Never tell the customer a SAR has been filed.
  • CTR threshold: more than $10,000 in a single business day of cash transactions. Reported on FinCEN Form 112. Structuring (splitting cash to avoid the threshold) itself triggers SAR obligations.
  • CIP (Customer Identification Program) must verify identity at account opening — not after the first deposit.

When a question asks what an agent should do upon spotting suspicious activity, the trap answer is almost always "notify the customer" or "wait for confirmation." The correct answer is invariably some version of "report internally to compliance and file a SAR without notifying the customer."

Section 3 of 3 ~13 min · 5 concept checks

Operational safeguards

Custody — the federal and state framework

An adviser has custody whenever they hold, directly or indirectly, client funds or securities, or have any authority to obtain possession of them. The Series 66 tests the triggers, the operational requirements, and the financial-eligibility rules separately.

Three authorities, three different things — do not confuse them:

  • Trading authorization — permission to place specific trades the customer has directed. No authority to decide what or how much; no authority to withdraw funds. Not discretion, not custody.
  • Discretionary authority — the ability to choose which securities and how much within a customer's brokerage account without first contacting the customer. Granted in writing. Not custody.
  • Custody — the authority to obtain possession of client funds or securities, including the ability to withdraw funds from the account. The highest level of authority — triggers the qualified custodian rules below.

The single-question diagnostic: can the professional withdraw funds from the account? If yes, custody. If no but they can decide what to buy or sell, discretion. If no and they can only execute what the customer specifies, trading authorization only.

Custody triggers include:

  • Physical possession of client funds or securities
  • Authority to withdraw funds from a client's account (even to deduct advisory fees)
  • Acting as general partner of a limited partnership where the adviser has access to fund assets
  • Having access to client login credentials sufficient to transfer funds

Federal custody requirements (SEC Rule 206(4)-2):

  • Hold client assets with a qualified custodian — a bank, broker-dealer, futures commission merchant, or foreign financial institution
  • Custodian sends account statements directly to clients at least quarterly
  • Annual surprise examination by an independent public accountant
  • Notice on Form ADV that the adviser has custody

State custody requirements — the parallel NASAA Custody Requirements for Investment Advisers Model Rule 102(e)(1)-1 imposes the same core obligations on state-registered advisers, plus additional notice and bonding requirements that vary by jurisdiction.

Minimum financial requirements — NASAA Model Rule 202(d)-1 sets minimum net worth for state-registered advisers based on their authority:

  • Custody: minimum net worth of $35,000
  • Discretion without custody: minimum net worth of $10,000
  • An adviser whose net worth falls below the applicable minimum must notify the administrator by the close of the next business day and file additional financial reports thereafter

Advisers who do not meet the net worth requirement may post a bond in the amount of the deficiency, where state law permits.

Discretion vs. Custody — Know the Difference: Discretion means authority to decide what to buy/sell and how much — but the client's custodian still holds the assets. Custody means the adviser can access or possess client funds. An adviser with discretion does NOT automatically have custody. However, an adviser with the authority to withdraw funds from a client account (even to deduct fees) DOES have custody. The exam tests these as separate concepts.

Soft Dollar Arrangements — Section 28(e) Safe Harbor

Soft dollars occur when an adviser directs client brokerage commissions to a broker in exchange for research and services:

  • Section 28(e) of the Securities Exchange Act provides a safe harbor if the research benefits the clients whose commissions are being used
  • Eligible uses: Research reports, financial databases, analytical tools, market data, portfolio management software
  • NOT eligible: Office rent, furniture, travel expenses, telephone bills, employee salaries — these are overhead, not research
  • The adviser must seek best execution even when using soft dollars — they cannot direct trades to a broker solely for the soft dollar benefit if it means worse execution for the client
  • Disclosure: Soft dollar arrangements must be disclosed in Form ADV Part 2A

Agency cross transactions — NASAA Model Rule 102(f)-1

An agency cross transaction occurs when an adviser acts as agent for both buyer and seller in the same transaction — matching one advisory client's order with another's. Because the adviser owes a fiduciary duty to both sides, the conflict requires specific disclosure and consent.

NASAA Model Rule 102(f)-1 (paralleling federal SEC Rule 206(3)-2) permits agency cross transactions only if all of the following conditions are satisfied:

  • Prior written disclosure and consent — the client must consent in writing before the cross transaction, after receiving a written disclosure describing the conflict, the compensation the adviser will receive, and the right to revoke consent at any time.
  • Confirmation at each transaction — the adviser must send a written confirmation at or before completion stating the nature of the transaction and the compensation received from any party.
  • Annual itemized report — the adviser must furnish each consenting client with an annual itemization of all agency cross transactions and the total compensation received.
  • Not the source of the recommendation — the adviser must not have recommended the transaction to both the buyer and the seller.

The categorical prohibition against recommending both sides is the most testable element: even with full disclosure and consent, an adviser cannot cross two clients where the adviser recommended the trade to both.

1

Detect

NASAA Model Act §3

Reasonable belief of financial exploitation of a person 65+ or impaired adult

Sudden urgency Caregiver pressure Unusual transactions Cognitive decline
2

Place temporary hold

NASAA Model Act §4

Hold disbursement or transaction — trading is not held

Up to 15 business days Extendable to 25 Court order can extend further
3

Notify

NASAA Model Act §5

Internal compliance and the client's designated trusted contact person

Within 2 business days Document the basis Maintain records
4

Report

NASAA Model Act §6 · Safe harbor §7

State securities administrator and Adult Protective Services

State administrator APS Civil immunity if in good faith

Financial Exploitation of Vulnerable Adults

NASAA model rules impose specific obligations on IAs, IARs, BDs, and agents when dealing with vulnerable adults — generally defined as individuals aged 65+ or adults with mental or physical impairments that limit their ability to protect their own interests.

Trusted Contact Person — Firms are required to request that clients designate a trusted contact when opening an account. The trusted contact has no authority over the account — they are an information resource the firm can reach out to if it suspects exploitation, diminished capacity, or cannot reach the client. The client may decline to provide one, but the firm must make a reasonable effort.

Temporary Holds on Disbursements — Under NASAA model rules, firms may place a temporary hold on a disbursement if they reasonably believe exploitation is occurring or has been attempted:

  • Hold lasts up to 15 business days (extendable to 25 in some jurisdictions)
  • Applies to disbursements only — not to purchases or sales within the account
  • Firm must immediately notify the trusted contact person (if designated) and the state securities regulator
  • Firm must conduct an internal review during the hold period

Red Flags — Sudden changes in financial patterns, a new "friend" or caregiver directing transactions, client appearing confused or under duress, unusual wire transfers to unfamiliar parties, and unexplained changes to beneficiary designations or POA documents.

Reporting — IARs and agents who suspect exploitation must report to their firm's compliance department. Depending on state law, reports to Adult Protective Services (APS) or the state securities administrator may also be required. Many states provide safe harbor from liability for good-faith reports.

Vulnerable Adult Questions — The Answer Framework

The exam loves scenarios: "Your 82-year-old client's caregiver requests a $50,000 wire transfer. The client seems confused. What should you do?"

The answer is always: (1) do not process the suspicious transaction, (2) notify your compliance department, (3) contact the trusted contact person, (4) report to the appropriate authority.

Key distinctions: temporary holds apply to disbursements only (not trading activity). The trusted contact has no account authority.

Cybersecurity, Privacy, and Data Protection

Protecting client data is an extension of the firm's safeguarding obligations. The NASAA outline tests your understanding of the regulatory framework, not technical security knowledge.

Regulation S-P (Privacy of Consumer Financial Information) applies to BDs, SEC-registered IAs, and investment companies:

  • Initial privacy notice: Delivered at the start of the customer relationship, describing what nonpublic personal information (NPI) is collected and how it is shared
  • Annual privacy notice: Provided each year (unless the firm qualifies for the FAST Act exception)
  • Opt-out right: Customers must be given the opportunity to opt out of having NPI shared with non-affiliated third parties
  • Safeguard Rule: Firms must adopt written policies to protect customer information against unauthorized access — including administrative, technical, and physical safeguards

SEC Cybersecurity Rules require IAs to adopt written cybersecurity policies, report significant incidents to the SEC, disclose risks and incidents to clients, and maintain records related to cybersecurity.

State-Level Requirements — Many states have data breach notification laws requiring prompt notification to affected clients and the state attorney general or securities administrator when breaches occur.

Business Continuity and Succession Planning

Maintaining a business continuity plan (BCP) is part of the firm's duty of care to clients. Both IAs and BDs are expected to ensure they can continue to operate and serve clients during significant disruptions.

What a BCP Must Address:

  • Data backup and recovery: How client records and essential documents are backed up and can be restored
  • Alternate communications: How the firm will reach clients, employees, and regulators if primary systems are unavailable
  • Alternate physical location: Where employees will work if the primary office is inaccessible
  • Financial and operational assessment: How the firm will assess its ability to continue operations
  • Customer access to funds and securities: How clients can access their assets during a disruption

Succession Planning — The SEC and state regulators increasingly expect IAs — especially small firms with a single principal — to address succession as part of their fiduciary duty. Without a plan, a principal's death or incapacity could leave clients unable to access accounts or receive advice. Key questions: Is there a designated successor adviser? Are client agreements structured for orderly transition? Who manages client assets during the interim?

Disclosure: BDs must disclose their BCP to customers at account opening and post it on their website. IAs are not required to deliver the plan itself, but must have it documented in writing and available for regulatory examination.

Summary Exam essentials · consolidated exam traps

Chapter summary

Ch 4-8 Exam Essentials — Ethical Practices and Fiduciary Obligations

Standards of care. IA owes fiduciary duty (ongoing); BD owes Reg BI (point of sale); both must satisfy suitability (FINRA 2111). Fiduciary = care + loyalty + full disclosure + conflict management. Reg BI has four obligations: Care, Disclosure (Form CRS), Conflict of Interest, Compliance.

Code of Ethics (SEC Rule 204A-1). Initial holdings within 10 days; quarterly transaction reports within 30 days; annual holdings reports. Pre-clearance only for IPOs and limited offerings.

Compensation. Performance fees only with qualified clients ($1.1M AUM or $2.2M net worth). All compensation disclosed in Form ADV Part 2A and the advisory contract.

Pay-to-play. SEC 206(4)-5: 2-year time-out after political contribution exceeding $350 (vote-eligible) or $150 (not). MSRB G-37: parallel 2-year ban with $250/$0 de minimis.

Prohibited practices framework. Four categories: market manipulation (10b-5, §9), misrepresentation (17(a)), account abuse (FINRA 2111 + NASAA SoP), personal conduct (FINRA 3210/3270/3280, 10b-5).

NASAA SoP on Investment Company Shares. Breakpoint sales, share-class abuse, failure to offer a Letter of Intent — all prohibited.

AML thresholds. SAR for any suspicious transaction $5,000+; CTR for cash above $10,000 in a single business day; structuring triggers SAR regardless of amounts. Never tip the customer.

Custody. Triggers: holding funds, withdrawal authority, GP role, login credentials. SEC Rule 206(4)-2 requires qualified custodian, quarterly statements direct from custodian, annual surprise audit. Min net worth under NASAA 202(d)-1: $35,000 with custody, $10,000 with discretion.

Agency cross (NASAA 102(f)-1). Permitted with prior written consent, per-transaction confirmation, and annual itemization — but never where the adviser recommended the trade to both sides.

Vulnerable adults. 15-business-day hold on disbursements (extendable to 25); trading not held; notify trusted contact and compliance; report to state administrator and APS. Civil immunity for good-faith reporting.

Reg S-P. Initial and annual privacy notices; right to opt out of non-affiliated third-party sharing.

Ethics exam traps — consolidated

  1. "Registration means approval." Always false. Registration is approval of paperwork, never of merit.
  2. "Guarantees of return are permitted with disclosure." Always false. No level of disclosure cures a guarantee.
  3. "Selling away requires compensation." False. FINRA 3280 requires prior written notice regardless of compensation.
  4. "Discretion means custody." False. Discretion alone is not custody. The combined authority to decide AND to withdraw is.
  5. "A $9,000 cash deposit is below CTR threshold so no action." False. Pattern suggests structuring — file a SAR.
  6. "Notify the client when filing a SAR." Always wrong. Tipping is itself a federal crime.
  7. "Refunding a pay-to-play contribution cures the violation." False if discovered after the fact. The 2-year time-out applies regardless.
  8. "Suitability applies whenever the BD has a customer." False. Suitability and Reg BI attach at recommendation; without a recommendation, only anti-fraud duties apply.
  9. "Soft dollars require client consent each time." False. The Section 28(e) safe harbor requires disclosure in Form ADV, not per-transaction consent.
  10. "Agency cross is prohibited." False as stated. It is permitted with strict disclosure and consent — but never where the adviser recommended the trade to both sides.
Concept Check

An investment adviser owes which standard of care to their clients?

Investment advisers owe a fiduciary duty to their clients, meaning they must always act in the client's best interest, disclose all conflicts of interest, and not place their own interests ahead of the client's. This is a higher standard than the suitability standard.
Concept Check

Performance-based fees may be charged to:

Performance-based fees are permitted under the Investment Advisers Act, but only for qualified clients (generally those with $1.1 million+ AUM with the adviser or $2.2 million+ net worth). This protects less sophisticated investors from the risks associated with incentive fee structures.
Concept Check

An adviser uses client brokerage commissions to pay for a new Bloomberg terminal subscription. Under Section 28(e), this is:

Financial data terminals (Bloomberg, FactSet) qualify as eligible research under the Section 28(e) safe harbor. The adviser must disclose the soft dollar arrangement in Form ADV Part 2A and must still seek best execution for client trades. Office rent, employee salaries, and non-research overhead would NOT qualify.
Concept Check

An investment adviser representative learns that a publicly traded client company will announce a major acquisition tomorrow. The IAR should:

This is material non-public information (MNPI). Trading on it — for personal accounts, client accounts, or tipping others — violates Section 10b-5. The IAR must not trade until the information is publicly disseminated. The correct action is to do nothing and maintain the information barrier.
Concept Check

An investment adviser makes a $500 political contribution to a state official who can influence advisory contracts. Under the pay-to-play rule:

A $500 contribution exceeds the de minimis threshold ($350 for officials you can vote for, $150 for those you cannot). The adviser triggers a 2-year "time-out" — they cannot receive compensation for advisory services to that government entity for 2 years from the contribution date.
Concept Check

An investment adviser representative suspects that a 79-year-old client is being financially exploited by a family member. The firm places a temporary hold on a pending disbursement. This hold:

Under NASAA model rules, a temporary hold on a disbursement can be placed when there is a reasonable belief of financial exploitation of a vulnerable adult. The hold applies to disbursements only (not trading), lasts up to 15 business days (extendable to 25 in some jurisdictions), and does not require the client's consent or a court order. The firm must notify the trusted contact person and the state regulator.
Concept Check

Under Regulation S-P, which of the following is required of a registered investment adviser?

Regulation S-P requires firms to provide customers with a privacy notice describing information-sharing practices and to give customers the right to opt out of having their nonpublic personal information shared with non-affiliated third parties. The Safeguard Rule within Reg S-P also requires written policies to protect customer information, but the specific methods of protection are left to the firm's discretion.
Concept Check

A small investment advisory firm has a single managing partner and 200 client accounts. The state examiner asks about the firm's succession plan. Which of the following BEST describes why succession planning is important for this firm?

Succession planning is a fiduciary concern for advisory firms, especially small firms where a single principal handles all client relationships. If that person dies or becomes incapacitated without a plan, clients may be unable to access their accounts or receive investment advice. Regulators increasingly view succession planning as part of the adviser's ongoing fiduciary duty to clients.

Custody, Discretion, and Authorization

Custody

An adviser has custody when they hold, directly or indirectly, client funds or securities, or have the authority to obtain possession. Special requirements apply: qualified custodian, account statements, surprise examinations.

Discretion

The authority to make investment decisions (buy/sell, amount, security) without prior client approval for each trade. Requires written authorization. Selecting only the timing of a trade is typically not considered discretion.

Trading Authorization

Limited power of attorney grants discretionary authority. Full power of attorney allows additional actions like withdrawing funds.

Standard of Care

  • Investment advisers: Owe a fiduciary duty — must act in the client's best interest at all times
  • Broker-dealer agents: Subject to Regulation Best Interest (Reg BI) — must act in the customer's best interest at the time of recommendation, with disclosure, care, conflict management, and compliance

Fiduciary Duty vs. Regulation Best Interest (Reg BI)

IA Fiduciary DutyBD Regulation Best Interest
Applies to Investment advisers and IARs Broker-dealers and their agents
Standard Ongoing duty to act in client's best interest at all times Must act in customer's best interest at time of recommendation
Obligation type Continuous and ongoing Point-of-sale
Key components Duty of care + duty of loyalty Disclosure, care, conflicts, compliance (4 obligations)
Compensation model Typically fee-based (AUM, flat, hourly) Typically commission-based
Account monitoring Ongoing monitoring duty No ongoing monitoring obligation (unless agreed to)

Custody Requirements — When an Adviser Has Custody

An adviser is deemed to have custody if they:

  • Hold client funds or securities (directly or through an affiliate)
  • Have the authority to withdraw funds from a client's account
  • Have access to client login credentials

If custody exists, the adviser must:

  • Use a qualified custodian (bank, BD, trust company)
  • Ensure the custodian sends quarterly account statements directly to the client
  • Have an annual surprise examination by an independent accountant (to verify client assets exist)
  • File an audited balance sheet with regulators if the adviser has custody (state-registered advisers)

Exception: Deducting advisory fees directly from a client's custodial account — with client authorization and notice to the client — may not trigger the full surprise exam requirement in many jurisdictions, but it IS a form of custody.

Pay-to-Play Rule (SEC Rule 206(4)-5)

This rule restricts political contributions by advisers seeking government advisory contracts:

  • An adviser who makes a political contribution to an elected official (or candidate) who can influence the award of advisory contracts must wait 2 years before receiving compensation for advisory services to that government entity
  • De minimis exception: Contributions of $350 or less to officials for whom the contributor can vote, or $150 to those for whom they cannot vote, are exempt
  • Third-party solicitation restrictions also apply — advisers cannot use third parties to solicit government clients unless the solicitor is a registered BD or registered adviser
Previous Back to Course
Practice what you just learned

Test yourself with exam-style questions on this topic.

Practice Questions