Email FacebookTwitterMenu burgerClose thin

Client Confidentiality for Financial Advisors

Byline profile imageWritten by Mark Henricks
|
Byline profile imageEdited by Marie White, CEPF®
Byline profile imageEdited by Rebecca Lake, CEPF®
Updated on
| fact checked badgeFact Checked
Share

Financial advisors have a responsibility to keep client information confidential. This responsibility is laid out by professional organizations’ ethical standards, as well as by law. Financial advisors can only share client information without the client’s permission in limited circumstances and must take steps to ensure that client records are safe from outside eyes. Confidential information includes all recorded information that is non-public, including notes and copies in both digital and printed form.

SmartAsset’s Advisor Marketing Platform can help you add new clients at your desired pace. Sign up for a free demo today

What Is Client Confidentiality for Financial Advisors?

Client confidentiality refers to standards and processes that are designed to protect a client’s personal and financial information. Financial advisors have a responsibility to ensure that a client’s confidential data is not misused, disclosed to another party without their consent or accessed by any unauthorized parties. Maintaining confidentiality is vital to building solid and sustainable client relationships.

Here are three ways that taking client confidentiality seriously can benefit your business and your clients.

Confidentiality BenefitHow It Helps
Build TrustClients who know they can trust their advisor to protect their personal and financial information may be more likely to remain with that advisor for the long term. They can also be a significant source of referrals, helping to fuel growth.
Protect ClientsConfidentiality covers clients with a layer of protection against a variety of potentially negative actions, which may include fraud, identity theft and exploitation. By ensuring that a client’s information remains confidential, you make it more difficult for bad actors to target them.
Avoid Compliance IssuesTaking client confidentiality seriously can help safeguard your firm against potential penalties for compliance violations, which may include fines or the revocation of your SEC registration if you operate as an RIA.
amp

Client Acquisition Simplified: For RIAs

  • Ideal for RIAs looking to scale.
  • Validated referrals to help build your pipeline efficiently.
  • Save time + optimize your close rate with high-touch, pre-built campaigns.
Joe Anderson image

CFP®, CEO

Joe Anderson

Pure Financial Advisors

We have seen a remarkable return on investment and comparatively low client acquisition costs even as we’ve multiplied our spend over the years.

Pure Financial Advisors reports $1B in new AUM from SmartAsset investor referrals.

Target New Clients This Year
Not sure? Learn more about AMP.

Pure Financial Advisors, LLC is an actual SmartAsset client since 2019. Statements are individual experiences reflecting the real-life experiences of those who have used our services. The testimonials are not 100% representative of all of those who use our products and/or services, and we make no admissions of such. Additionally, they have not been paid for their insights. By clicking 'Book Now', you agree that SmartAsset may contact you via email and phone/text about your inquiry, which may involve the use of automated means. You are not required to consent as a condition of purchasing any goods or services. Message/data rates may apply.

Laws and Regulations Governing Client Confidentiality for Financial Advisors

Clients meeting with their advisor, confident in their financial advisor's confidentiality.

To address these concerns and encourage investors to have confidence in advisors’ discretion, professional organizations such as the CFP Board and regulatory bodies such as the Securities and Exchange Commission (SEC) have created standards of ethical conduct that include requirements for client confidentiality. Additionally, there are several laws that govern confidentiality rules within the financial services sector.

The standards vary in detail, but all generally prohibit sharing any and all confidential information without the client’s express consent, with few exceptions. Here’s more on how various client confidentiality standards apply to financial advisors.

National Association of Personal Financial Advisors (NAPFA)

The National Association of Personal Financial Advisors (NAPFA), a professional organization for fee-only financial planners, takes an uncomplicated approach to client confidentiality in its code of ethics. It simply states: “NAPFA members shall keep all client data private, unless authorization is received from the client to share it. NAPFA members shall treat all documents with care and take care when disposing of them. Relations with clients shall be kept private.”

CFP Board

The CFP® code of ethics describes in detail how CFP® professionals can share client data for “ordinary business purposes” only with client consent and only with a limited set of people, including employers, partners, attorneys, accountants, auditors and designated client representatives. Exceptions include when law enforcement or regulators are investigating possible illegal acts and when needed to defend against civil lawsuits. CFP® practitioners must craft confidentiality policies describing their practices for handling and storing client information and notify clients in writing about them. 1

Securities and Exchange Commission (SEC)

The SEC confidentiality standard describes a comprehensive set of practices required by law for advisors registered with the regulatory authority. Among other things, it extends prohibitions against sharing client data to ex-employees and requires advisors and employees to notify the firm’s chief compliance officer if an exception is being sought or if there are known threats by a third party to expose client data. 2

The SEC also says advisors and employees should avoid discussing client information in public places including restaurants, hallways, elevators and airplanes. Advisors are warned against using cell phones, speakerphones and public phones if there is a chance someone might overhear. Physical records such as files are to be kept in locked cabinets and computer files must be password protected, while office computers are to be locked before workers leave for the day. Advisors and employees are also told not to remove client data from the office premises unless necessary.

Bank Secrecy Act

Updates to the Bank Secrecy Act now require registered investment advisors to adhere to compliance standards that were previously applied to banks and similar financial institutions. 3 Specifically, RIAs must:

  • Implement an Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) program
  • Submit Suspicious Activity Reports (SARs) with FinCEN
  • Meet recordkeeping requirements
  • Take reasonable steps to verify the identity of new clients

Client confidentiality comes into play with the filing of SARs. Specifically, advisors are prohibited from making unauthorized disclosures of these reports. An advisor who is subpoenaed or requested to disclose this information must decline the request and report it to FinCEN. However, advisors may disclose “underlying facts, transactions and documents upon which a SAR is based,” as long as they do not reveal whether or not a SAR has been filed. 4

The compliance deadline for adhering to these new rules has been extended to 2028.

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act requires financial institutions to take steps to protect consumer privacy. 5 That includes:

  • Adopting a privacy policy that’s consistent with GLBA standards
  • Providing all clients and certain non-clients with a privacy notice
  • Granting all clients and non-clients the opportunity to opt out of information sharing with third parties

The privacy rule extends to non-public information, which is any personally identifiable information you collect about a client in connection with providing a financial product or service. Before you can share any client’s non-public information with a third party, you must give them a privacy notice and a chance to opt out of sharing. The Act allows some exceptions when this is not necessary. For example, certain joint marketing relationships do not require the standard notice.

SEC Cybersecurity Rule

RIAs are required to report data breaches under the SEC’s cybersecurity rule. This rule does not speak to client confidentiality per se, but it does impose disclosure requirements on advisors when client information is compromised. Should a data breach or similar cybersecurity incident occur, it must be reported in a timely manner; failure to do so can result in penalties. Additionally, advisors must also disclose how they identify and manage cybersecurity risks that could threaten client confidentiality.

How Advisors Can Protect Client Confidentiality

There are several things advisors can do to keep clients’ sensitive information confidential and secure. Auditing your current confidentiality policies and procedures can help you determine whether an update is necessary.

Here are some of the ways you can protect your clients’ information.

StrategyPurpose
File-sharingUsing end-to-end encryption services can help secure client data when sending information. Only parties you authorize should have the ability to decrypt and view any information you transmit.
Client PortalClient portals or dashboards can be secured with encryption, unique passwords and multi-factor authentication. You can also use the portal for secure communication in place of standard email.
Vendor VettingMany advisors rely on third-party software or service providers to operate their businesses. Reviewing a software or vendor’s security protocols can help you protect client confidentiality and adhere to compliance rules.
Employee TrainingDeveloping a client confidentiality policy is important, but it’s only as good as your employee training. Your staff should be well-versed in the specifics of your policy and what is and is not allowed. You may consider running a data breach simulation to see how well your staff responds.

Bottom Line

An advisor maintaining financial advisor confidentiality with clients.

Financial advisors are required to treat client data with care and avoid sharing it with anyone without the client’s authorization. This general requirement is laid out in standards of ethical conduct set by professional associations as well as legal requirements from federal regulatory agencies. Only limited exceptions are allowed, including when sharing is necessary to work with attorneys, accountants, auditors and other professionals, or to comply with legal or regulatory investigations. Understanding why these confidentiality requirements exist and how to adhere to them can help you build a stronger practice and better client relationships.

Tips for Financial Advisors

Photo credit: ©iStock.com/fizkes, ©iStock.com/Ridofranz, ©iStock.com/FG Trade Latin

Article Sources

All articles are reviewed and updated by SmartAsset’s fact-checkers for accuracy. Visit our Editorial Policy for more details on our overall journalistic standards.

  1. “Code of Ethics and Standards of Conduct.” CFP Board, https://www.cfp.net/ethics/code-of-ethics-and-standards-of-conduct.
  2. “Code of Ethics.” SEC, https://www.cfp.net/ethics/code-of-ethics-and-standards-of-conduct.
  3. Fact Sheet: FinCEN Issues Final Rule to Combat Illicit Finance and National Security Threats in the Investment Adviser Sector. FinCEN, 28 Aug. 2024, https://www.fincen.gov/system/files/shared/IAFinalRuleFactSheet-FINAL-508.pdf.
  4. “Confidentiality Requirements for Suspicious Activity Reports.” FINRA, 11 Mar. 2024, https://www.finra.org/arbitration-mediation/rules-case-resources/sar-confidentiality-requirements.
  5. “How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act.” Federal Trade Commission, https://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act.
Back to top