Standard III(E) Preservation of Confidentiality
Updated April 2024
CFA Institute
The Standard
Members and candidates must keep information about current, former, and prospective clients confidential unless:
- The information concerns illegal activities on the part of the client,
- Disclosure is required by law, or
- The client or prospective client permits disclosure of the information.
Guidance
Standard III(E) requires that members and candidates preserve the confidentiality of information communicated to them by their clients, prospective clients, and former clients. This standard is applicable when (1) the member or candidate receives information because of his or her special ability to conduct a portion of the client’s business or personal affairs and (2) the member or candidate receives information that arises from or is relevant to that portion of the client’s business that is the subject of the special or confidential relationship. If disclosure of the information is required by law or the information concerns illegal activities by the client, however, the member or candidate may have an obligation to report the activities to the appropriate authorities.
Status of Client
This standard protects the confidentiality of client information even if the person or entity is no longer a client of the member or candidate. Therefore, members and candidates must continue to maintain the confidentiality of client records even after the client relationship has ended. If a client or former client expressly authorizes the member or candidate to disclose information, however, the member or candidate may follow the terms of the authorization and provide the information.
Compliance with Laws
Standard I(A) Knowledge of the Law requires members and candidates to comply with applicable law. If applicable law requires disclosure of client information in certain circumstances, members and candidates must comply with the law. Similarly, if applicable law requires members and candidates to maintain confidentiality, even if the information concerns illegal activities on the part of the client, members and candidates must comply with the law and not disclose such information. When in doubt, members and candidates should consult with their employer’s compliance personnel or legal counsel before disclosing confidential information about clients.
Vulnerable Investors
Standard III(A) Loyalty, Prudence, and Care requires members and candidates to diligently work to safeguard the interests of all clients, including potentially vulnerable investors, and faithfully exercise their professional responsibilities. Actions involving dishonesty and fraud damage security markets beyond the financial losses of some investors by undermining the faith and confidence of every participant in the investment industry. Understanding the obligations and how to recognize the red flags of diminished capacity and financial exploitation by others is critical to protecting the interests of potentially vulnerable investors.
Standard III(E) establishes a duty for members and candidates to keep client information confidential from third parties. Doing so can be problematic if the member or candidate suspects that the client’s mental acuity is declining and thus believes it is necessary to consult with outside parties. Best practice for members and candidates is to establish a secondary contact at the beginning of the client relationship. This contact could be a trusted family member, a legal adviser, or some other third-party intermediary whom clients permit contacting should concerns arise about their ability to make informed decisions about their finances. The nominated secondary contact provides members and candidates an avenue to prevent and/or address potential financial abuse of the client.
Without such an agreement, requirements of members and candidates in regard to maintaining the confidentiality of client relationships and accounts may prevent discussing concerns with anyone other than the direct account holders. Local law and regulations may not provide clarity about the circumstances under which the investment professional can consult with others about the client’s account. Previously agreed-on parameters with the client and appropriate compliance policies, procedures, and training by employers are important to determine the best course of action.
As long as it is legally permissible, a member’s or candidate’s duty of loyalty to clients may allow limited disclosures pertaining to the existence of a client account and concerns about the vulnerability of the client as directed by applicable law. Often, regulatory or governmental agencies provide resources for intervening when such concerns arise. These agencies have the authority to properly investigate the situation of the investor. Members and candidates seeking to protect client interests and following applicable law on permitted disclosures do not violate Standard III(E).
All conversations with the client and any outside parties regarding the reasons for disclosing any sensitive or confidential information should be fully documented and retained in the client files.
Electronic Information and Security
Because of the ever-increasing use of electronically stored information, members and candidates need to be particularly aware of potential accidental disclosures. Many employers have strict policies about how to electronically communicate sensitive client information and store client information on personal laptops, mobile devices, or external storage devices or systems. Standard III(E) does not require members or candidates to become experts in information security technology, but they should have a thorough understanding of the policies of their employer for ensuring the security of confidential information maintained by the firm.
Professional Conduct Investigations by CFA Institute
Standard III(E) does not prevent members and candidates from cooperating with an investigation by Professional Conduct (PC) at CFA Institute. Instead, members and candidates must cooperate with investigations into their conduct unless prevented from doing so by law. Under the CFA Institute Rules of Procedure for Conduct Related to the Profession (as amended and restated 1 January 2022), members and candidates are also required to cooperate with investigations into the conduct of others. PC will exercise reasonable care to ensure that all documents and information it receives during an investigation remain confidential.
Compliance Practices
Members and candidates should avoid disclosing any information received from a client except to authorized fellow employees who are also working for the client.
Members and candidates must understand and follow their firm’s electronic information communication and storage procedures. If the firm does not have procedures in place, members and candidates should encourage the development of procedures that appropriately reflect the firm’s size and business operations. Members and candidates should encourage their firm to conduct regular periodic training on confidentiality procedures for all firm personnel, including noninvestment staff who have routine direct contact with clients and their records.
Members and candidates should be diligent in discussing with clients the appropriate methods for providing confidential information. Members and candidates must make reasonable efforts to ensure that methods for communicating with clients are designed to prevent accidental distribution of confidential information.
Members and candidates should take steps to protect the interests of vulnerable investors by
- complying with any firm policies and procedures specifically dealing with vulnerable clients,
- asking for a secondary contact during the establishment of every account,
- undertaking training and education to understand issues related to vulnerable investors,
- undergoing training on how to interact and address issues with clients who may exhibit diminished mental capacity,
- following internal firm reporting procedures when concerns are raised, and
- implementing additional compliance review for the accounts of vulnerable investors.
Application of the Standard
Connor, a financial analyst employed by Johnson Investment Counselors, Inc., provides investment advice to the trustees of City Medical Center. The trustees have given her a number of internal reports concerning City Medical’s needs for physical plant renovation and expansion. They have asked Connor to recommend investments that would generate capital appreciation in endowment funds to meet projected capital expenditures. Connor is approached by a local businessman, Kasey, who is considering a substantial contribution either to City Medical Center or to another local hospital. Kasey wants to find out the building plans of both institutions before making a decision, but he does not want to speak to the trustees.
Outcome: The trustees gave Connor the internal reports so she could advise them on how to manage their endowment funds. Because the information in the reports is clearly both confidential and within the scope of the confidential relationship, Standard III(E) prohibits Connor from divulging the information to Kasey.
Moody is an investment officer at the Lester Trust Company. She has an advisory client who has talked to her about giving approximately US$50,000 to charity to reduce her income taxes. Moody is also treasurer of the Home for Indigent Widows (HIW), which is planning its annual giving campaign. HIW hopes to expand its list of donors, particularly those capable of substantial gifts. Moody recommends that HIW’s vice president for corporate gifts call on her client and ask for a donation in the US$50,000 range.
Outcome: Even though the attempt to help the Home for Indigent Widows was well intended, Moody violated Standard III(E) by revealing confidential information about her client.
Samuel, the portfolio manager for Garcia Company’s pension plan, has learned from one of Garcia’s corporate officers that potentially excessive and improper charges were being made to the pension plan by the CEO of Garcia. They tell her that Garcia’s corporate tax returns are being audited and the pension fund is being reviewed. Samuel consults her employer’s general counsel and is advised that Garcia likely violated tax and fiduciary regulations and laws. Two days later, government officials contact Samuel with a request to examine pension fund records.
Outcome: Samuel and her employer should seek the advice of legal counsel to determine the appropriate steps to take to protect the interests of the participants and beneficiaries of the pension plan and comply with applicable law for responding to government regulators. Samuel may well have a duty to provide the pension fund records her firm possesses to the government.
Bradford manages money for a family-owned real estate development corporation. He also manages the individual portfolios of several of the family members and officers of the corporation, including the chief financial officer (CFO). Based on the financial records of the corporation and some questionable practices of the CFO that Bradford has observed, Bradford believes that the CFO is embezzling money from the corporation and putting it into his personal investment account.
Outcome: Bradford should check with his firm’s compliance department or appropriate legal counsel to determine whether applicable securities regulations require reporting the CFO’s financial records to authorities.
Moody is an investment officer at the Lester Trust Company (LTC). She has stewardship of a significant number of individually managed taxable accounts. In addition to receiving quarterly written reports, about a dozen high-net-worth individuals have indicated to Moody a willingness to receive communications about overall economic and financial market outlooks directly from her through social media. Under the direction of her firm’s technology and compliance departments, she establishes a new group page on an existing LTC social media platform specifically for her clients. In the instructions provided to clients, Moody asks them to “join” the group so they may be granted access to the posted content. The instructions also advise clients that the platform is not an appropriate method for communicating personal or confidential information.
Six months later, in early January, Moody posts LTC’s year-end “Market Outlook.” The report outlines a new asset allocation strategy that the firm is adding to its recommendations in the new year. In the report, Moody indicates that she will be discussing the changes with clients individually in their upcoming meetings.
One of Moody’s clients responds directly on the group page that his family recently experienced a major change in their financial profile. The client describes highly personal and confidential details of the event. Unfortunately, all clients that were part of the group are also able to read the detailed posting until Moody has the comment removed.
Outcome: Moody has taken reasonable steps to protect the confidentiality of client information while using the social media platform. She provided instructions clarifying that all information posted on the site would be publicly viewable to all group members and warned against using this method for communicating confidential information. The accidental disclosure of confidential information by a client is not under Moody’s control. Her actions to remove the information promptly once she became aware further align with Standard III(E).
Gonzales, a financial adviser, provides investment advice to a number of private wealth clients. At the beginning of all client arrangements, as a part of the onboarding process, Gonzales requires the client to designate a secondary contact who Gonzales can communicate with should she become concerned about the client’s ability to make judicious financial decisions. Gonzales meets with a longtime client, Brennan, a widow, on a regular basis to discuss her portfolio. Brennan has named her son as the person to contact in the event of her mental decline. Gonzales has growing concerns about Brennan’s mental capacity over the past several months because Brennan has forgotten the last three meetings and has had to reschedule follow-up meetings. At those meetings, Brennan not only seems confused by routine matters that Gonzales knows she easily grasped in the past but also seems unclear about her long-established investment objectives. When Gonzales tries to make light of these lapses, Brennan grows uncharacteristically irritable with her. Gonzales details these meetings and interactions in her files. At the next meeting, Brennan directs Gonzales to liquidate 50% of her portfolio. Brennan informs Gonzales that she wishes to invest that money in a highly speculative private health club venture being opened by her physical therapist. Gonzales has been working with Brennan over many years, and she has always favored a widely diversified portfolio. Prior to acting on Brennan’s directive, Gonzales contacts her client’s son to discuss this situation with him. She documents in Brennan’s file the conversation with both Brennan and her son and her reasons for disclosing confidential information.
Outcome: Gonzales has taken the appropriate steps to protect Brennan’s interests by disclosing her concerns about the vulnerability of her client. Brennan previously indicated that in the event of concerns about her mental capacity, Gonzales should contact her son. Gonzales’s observation of Brennan’s mental decline and concern over the dependent relationship with her physical therapist are valid reasons to question the sudden instruction to liquidate a large portion of her investments. Gonzales is thus not in violation of the Standard III(E) Preservation of Confidentiality.
Smith-Pelley, a financial planner, receives a call from longtime client, Carlson, who shares the news that, after a recent divorce from her husband of 37 years, she met and married a man 25 years her junior while on a holiday in another country. The man is a citizen of that country but will be moving home with Carlson. Carlson asks Smith-Pelley to liquidate half of her investment account so she can move out of her flat and into an expensive country estate with her new husband. Carlson also directs Smith-Pelley to add her new husband’s name to all her investment account documents. Carlson does as directed. Over the next six months, more funds are withdrawn from the account, mostly by Carlson’s new husband. Carlson’s children from her first marriage, also clients of Smith-Pelley, contact him to demand that their mother’s accounts be frozen, claiming she has diminished mental capacity and is being taken advantage of by the new man in her life. Smith-Pelley does nothing and refuses to discuss Carlson’s accounts with her children.
Outcome: Smith-Pelley is not in violation of his ethical duties by failing to act on Carlson’s children’s directions or discussing her account with them. Although Carlson’s recent decisions may raise red flags because the changes were sudden and unexpected, they do not indicate a loss of Carlson’s decision-making ability. As such, he is right to act for the benefit of his client, follow her direction, and keep her investment information confidential.