Home > Our Resources > The Whitnell Way > How Compliance Protects You
How Compliance Protects You
The Many Steps We Take To Secure Your Information
By Debbie Grudzien
Learn more about Debbie Grudzien by visiting her bio page.
It seems nearly every day that some news story breaks about how people’s private information has been stolen after a company’s information systems have been compromised. Fraud and identity theft are all too common in our society and the fall-out to victims can be anywhere from troublesome to absolutely devastating. Trusted organizations such as Adobe Systems, Target and even the federal government have been hacked and lost private information to identity thieves.
At Whitnell, we take your privacy and security very seriously. You’ve probably only seen a few steps we take to protect your privacy. But behind the scenes, there is a lot going on. Just to add to your comfort level, I’d like to tell you about some of the steps we’re taking to shield you and your wealth.
When you think of controlling risk, the first person who probably comes to mind is your financial advisor. They are certainly the face of Whitnell to our clients. But what you may not see is the team of individuals standing behind the advisor to help control that risk. The compliance function is an important part of that team. How so?
The compliance function at a financial services practice is charged with protecting client NPI or non-public personal information. We do this at Whitnell by focusing in three major areas:
- The development of policies.
- Ongoing training of staff to stay on top of security trends and SEC compliance requirements.
- The implementation of standard operating procedures and oversight of those procedures.
Steps we’re taking to protect our client’s information
We are very careful about the people we hire. All of our staff, from the secretary to the president, have to pass several screens including a credit check, drug test and a thorough background check. We perform these tests in addition to checking references. This helps ensure that only people of good character can potentially access your information.
- First, Whitnell does not share any NPI with any nonaffiliated third parties except as needed to provide you services, as required by regulatory authorities or law enforcement officials and to the extent necessary to prevent fraud and unauthorized transactions.
- Second, employees are prohibited from disclosing NPI to any person or entity outside Whitnell, including family members. This applies to our people both during their employment and even if they should choose to move on.
- Third, our people are permitted to disclose your private information only to other staff members who need to have access to such information to deliver services to you. In other words, when you share something with us, it is only shared internally on a need-to-know basis.
Additional steps we take to secure your privacy
There are many steps we take to secure your privacy that you may not know about. Here are a few policies we have adopted and actively monitor:
- No client information is left out after business hours. All client information is transferred to a secure location on a daily basis at the end of each business day.
- All electronic or computer files containing NPI are password secured – this includes any personal computers or mobile devices that we may use for business purposes.
- While in transit, electronic customer information is password protected.
- Conversations concerning NPI are conducted by staff in private offices. Even brainstorming sessions that include multiple professionals are held in the most private meeting rooms possible.
- We actively dispose of private information in the safest manner possible, including shredding documents and ensuring old hard drives are wiped clean before being recycled.
Training steps we’ve taken
All the policies in the world would have little effect if people were not trained in their usage. At Whitnell, we take training for privacy and security very seriously. Once a policy is adopted, it is the role of the compliance function to train our staff in the policy. In addition, we also train staff in best-practices for making the policies effective.
Training is ongoing, not a one-time event, to stay current with changes in how privacy issues are being addressed and to keep client confidentiality front of mind with our staff.
Identity Theft Protection Red Flags Rule
A key example of this training is the implementation in 2013 of an Identity Theft Protection Red Flags Rule program. This program is designed to detect, prevent and mitigate identity theft in connection with client accounts. This program has been reviewed and approved by the Whitnell Board of Directors. We hope the red flags program increases the comfort you feel with the steps we’re taking to protect your wealth and information.
Here is how the red flags program works. Over the years, we’ve learned how our clients prefer to communicate with us. We’ve learned the technologies they use and their tone of voice and communication style, both verbal and written. These preferences form the baseline of how we anticipate you will communicate with us. When communication takes place not in keeping with these preferences, we take action. Here are some examples:
- When a message comes in that is an unusual or suspicious request or that is not typical to a client’s patterns, we red flag that message.
- When a message comes in that uses a tone of voice or a style of communicating that is not in keeping with the way you usually communicate with us, we red flag that message.
- If we receive a document that looks like it may have been altered, we red flag it.
- If we receive an unexpected request or a request to move funds that was not previously discussed with you by your financial advisor, we red flag it.
After the item has been red-flagged, we go back to you through the established means of communication and confirm that you actually initiated the communication. Through alert staff members acting on these policies, we have intercepted fraudulent requests and protected our clients.
Email is a common communication system that many of our clients use. However, email systems are also one of the most vulnerable to rogue activity. To ensure our clients remain safe in email communications, we have adopted these policies based on best practices and SEC recommendations:
- We discourage our staff from using Whitnell’s email and any other electronic systems for personal reasons.
- We require that all firm and client related electronic communications be on Whitnell systems.
- We do not allow the use of personal email addresses, non-Whitnell email accounts, personal social networks, instant messaging and other personal electronic communications for firm or client communications.
- As the Chief Compliance Officer, I periodically spot-check emails sent to and from various staff email accounts.
- We set expectations with our staff that their electronic communications are not private or subject to rights of privacy.
These email policies help ensure that your communications are only sent through our highly secured technology infrastructure.
Why we do this
As this article shows, there is a lot that we do behind the scenes to protect your privacy and information. We know that our clients are very private people and that maintaining their personal privacy is a top priority.
All of our efforts are designed to increase the comfort level you feel when entrusting us with your information and assets. If you feel that any of these policies present an undue burden to your preferred communication style, please reach out to me and let’s have a conversation.
Whitnell is not a law firm and does not give legal advice. The information contained herein should not be construed as legal advice or a legal opinion on any specific facts or circumstances. The contents of this article are intended for general information purposes only, and you are urged to consult a lawyer concerning your own situation and any specific legal questions you may have.