TL;DR – Every text message, email, or letter you send to a financial advisor or broker in the United States– and definitely in Washington State– will be collected by a securities regulator once every 1-3 years for no particular reason, and some percentage of what you’ve sent will be read by them.
Routine violations of client privacy by Big Brother
It came to my attention recently that it is the routine practice for the DFI— Washington State’s financial regulatory authority– to request all ‘written’ client communications to or from a financial advisor (like me) or a broker. The DFI will then comb through them, reading them as they see fit, under any circumstances they choose and at any time, without any good reason whatsoever.
The ‘reason’ in this case is a mandatory, routine audit that in Washington state happens anywhere from annually to once every 3 years or so. No cause for anything suspicious is required, and all client communications are seized from advisors each time the audit is conducted. Advisors that refuse would be terminated and disallowed from working.
If you weren’t prone to protecting privacy as a general principle, you might think “why would communications between a financial advisor be worth keeping private?” Let me tell you: consider how many sensitive issues come up during financial advising: divorce, aging parents, special needs children, fights with families over money, job losses, or even just the simple hopes and dreams that I would bet your average person wouldn’t want made public to strangers.
This is a client privacy issue, not so much an advisor/broker privacy issue
I have (almost) no problem with my own ‘half’ of communications to clients that are strictly about ‘boring’ financial matters being shared with regulators. I have a HUGE problem with my clients’ end of those conversations being shared. In case you’re wondering, yes, the language of the regulators is broad enough that anything simply ‘related’ to the business of advising must be handed over to regulators en masse for any reason and at any time.
Failure to comply would presumably result in the suspense of the advisor and the killing of their livelihood. Even if some communications of a strictly personal nature could be theoretically excluded, it would be infeasible for someone like me to separate those out ahead of time before handing over 3 years’-worth of client emails & texts to regulators upon their request.
Of course, I too resent my often informal communications with clients over email and text being exposed to regulators, but frankly, I’m not the one typically sharing intimate personal information with clients. It’s clients sharing these intimate details with me because they are absolutely vital to the financial planning process. I.e.: I often need to know–and clients routinely tell me unprompted– and record when clients are facing divorce, foreclosure, layoffs, estrangement from family, special needs considerations for a child, receiving mental health therapy, admitting to substance dependence, or any other myriad issues that entangle private life with money.
Do you trust the guv’ment to be responsible with your private conversations?
The only ‘good news’ for clients and honest businesspeople is that these communications aren’t subject to public record. I.e.: ‘only’ an unidentified bunch of government bureaucrats will snoop through all your emails & texts with your advisor or broker. These messages won’t be made available for everyone in the world to read.
Unless of course there’s a data breach, which fortunately never happens to government agencies. Ok, that was sarcasm: according to a study done by Verizon, there were “there were 3,236 public sector data breaches between 2020 and 2021“. Emphasis mine.
Supposedly the state will delete unused communications later, and only retain ones relating to an investigation or evidence of wrong-doing (which could be anything from something completely benign or actual malfeasance on the advisor or broker’s part.) However, I was given no details from the (very nice) man from the DFI whom I asked about how rigorous the DFI was about deleting unneeded client conversations or what standards, timelines, storage methods, and other cybersecurity details they adhere to.
Ironically, these same agencies have stringent cybersecurity guidelines for the firms they audit. Which of course they should, but, ya know, so should the agencies since they have access to all communications from all clients of all firms!
The problem goes all the way to the top
FINRA, the SEC, and Washington State’s DFI are apparently united on invading your privacy, and when I pushed back on this requirement with a letter to Washington state’s Governor’s office, our elected officials simply handed me back to the DFI which brushed off my concerns in an email reply saying “examinations conducted by the Securities Division are consistent with those conducted by the Securities & Exchange Commission, FINRA and other state securities regulators, which include the review of [client] communications, including electronic communications, as part of their examinations.”
I.e.: since the Feds see fit to violate your privacy without any suspected malfeasance on the part of you or your advisor/broker, so do we.
What can you do as a client of a financial firm to protect your privacy?
Unfortunately, your only option is to communicate anything you don’t want exposed to any regulatory snooper in-person or over the phone (whether digital/VOIP/video chat or telephone.) Audio communications are NOT subject to seizure per today’s guidelines as I understand them. You should assume that literally everything written in email, text, or physical letter will 100% be obtained every 1-3 years by a regulator, and than some percentage of those communications will be read by them.
As I read the rules, writing over an encrypted channel doesn’t help you because the government will require the advisor not to use any method of communication that can’t be turned over to them (in cleartext.) Your only option to safeguarding anything you want to keep private is to communicate orally with your advisor.
Regulations become too strict as electronic written communications became the norm
It seems obvious to me that the rise of electronic written communications becoming the new casual method of conversation–replacing the telephone– is the reason the rules worked at one time, but are so obviously flawed today. When writing a letter was the only thing an advisor or broker would’ve turned over, and letters were infrequent and probably of a professional nature with few client personal details, handing over all ‘written communications’ was both reasonable and not a big deal. Everything personal, and much that wasn’t like placing trades or discussing investment strategy, would’ve been handled over the phone or in-person even as recently as the 1990s, and really before the smart phone was commonplace in the 2010s.
Today, the world is different, and text messages and to a lesser extent, email, have replaced the phone. And all that conversation is being grabbed by regulators.
Contact your elected officials and complain
I would encourage you to do as I’ve done and complain about this practice to the DFI (email@example.com) and–more importantly– your elected official(s). Start with the Governor’s office (Washington State here), since– at least in Washington state– they control the securities regulators.
Feel free to also complain to the SEC/FINRA, since they control the rules for the big advisors (like the bad guys) and set the standard for the state regulators that control the little guys (like me.)
I’d love to know if you are as taken aback by this as I was, or if you think it’s reasonable and not-undesirable for client’s to have all of their written communications shared with government regulators, so please leave a comment with your thoughts.