Those of you of a certain age might recall the 1980s bestseller, “All I Really Need to Know I Learned in Kindergarten,” by Robert Fulgham. If you’re not of that age, then I should explain that the book was a series of short essays on how the world would be a whole lot happier if adults behaved more like schoolchildren. Some of the lessons Fulghum stressed were the importance of being kind, of sharing with one another, of cleaning up one’s messes.
One of the lessons Fulghum should have covered is the importance of not being a blabbermouth. If you ever shared the identity of a crush to a best friend only to have it spread all over school, you know how important that rule can be. But as we’ve discussed in two prior articles (here and here), financial advisors today can be remarkably lax about how much they share publically about their clients.
As a result, we proposed a three-pronged approach to locking down client secrets:
- regulatory compliance,
- ethical values and procedural practices, and
- data security.
We tackled the first topic in a prior article, and here we’ll consider the second.
Let’s start by reviewing the key difference between compliance and ethics, a comparison we’ve made before. Advisors should view compliance to be the minimal baseline of legally acceptable conduct, but consider ethics to be the value add that delivers a tremendous ROI. This distinction applies powersfully to client confidentiality. Complying with the privacy disclosures mandated by the Gramm-Leach-Bliley Act, along with Section 30(a) of the SEC’s Regulation S-P (the so-called “Safeguard Rule”) only gets you part-way home. You need to also strengthen your ethical values around confidentially and then impart them to your staff (if any). The result of this exercise should be a list of behavioral and procedural commitments that prevents the disclosure of client information that might spark an E&O insurance dispute at some future point.
In terms of ethics, we recommend you start by seeing what industry Codes of Ethics say about confidentiality. For example, the Society of Financial Services Professionals frames the issue this way: “A member shall respect and safeguard the confidentiality of sensitive client information obtained in the course of professional activities. A member shall not divulge such information without specific consent of the client, unless disclosure of such information is required by law or necessary in order to discharge legitimate professional duties.” The Code goes on to define the types of information to be safeguarded: medical data, information about financial status, Social Security or credit card numbers, information about personal relationships, among other items.
Not a member of SFSP? Then check out the ethics codes of the assocations you do belong to. If your beliefs and behaviors violate industry codes of ethics, then it’s time to reconsider whether you’re walking the talk on this key issue.
But don’t stop there. Consider reining in the natural tendency financial advisors have to use language to promote sales. What do we mean? Simply that many times advisors divulge client secrets because they want to impress people about the work they do. So, when they play a significant role in a client’s financial success, they like to share that information with others. Similarly, if they have affluent or famous people as clients, they like to “drop” those names into conversation as implicit testimonials, even though doing so without client permission is a confidentiality breach. Both of these practices can be a slippery slope when it comes to safeguarding client information.
Another approach is to put yourself in your clients’ shoes. How would you feel if you shared sensitive information with your financial advisor only to learn that he spread it all over town? Would that make you more or less inclined to speak candidly with the person in the future? More or less likely to do repeat business in the future? More or less likely to refer the advisor to your friends and family? Treating people how YOU want to be treated regarding confidentiality will go a long way toward creating a satisfied and loyal client base.
You know where we’re headed: View client confidentialty as a core ethical value upon which to establish an iron-clad commitment. Once you are dead serious about upholding client secrets, begin to formulate a list of behavioral and procedural guidelines to translate this commitment into reality.
Some pointers to consider as you begin this process:
- There are no exceptions when it comes to locking down sensitive client data. Just because you trust a family member or close friend doesn’t entitle that person to receive client secrets. No means no!
- Avoid talking about client financial problems with office colleagues unless you omit the person’s identifying information. All it takes is for one associate to mention something to a spouse who mentions it to a friend, etc. to create a potentially damaging confidentiality breach.
- Train yourself (and your staff) to apply a mental filter when discussing work with friends and family. If the subject relates to a client, just lock down the information . . . and keep it locked!
- Your confidentiality guidelines apply to everyone in your firm, but you, as leader, must set the tone for everyone else. If you treat client data with respect, so will your team. If you babble client secrets wherever you go, so will they.
- The starting point for establishing a workplace culture that respects client privacy is hiring people with the discipline to not jeopardize client secrets. So be sure to touch on this point during your interviews, and always perform rigorous background and reference checks to make sure candidates haven’t misused customer data in the past.
- Establish procedures for general office security. For example, limit access to areas where private documents are stored. Not only should access be blocked to members of the public, vendors, and the like, but it should also be limited only to staff members with a need to know.
- Consider formulating policies regarding the printing and handling of client documents. Make sure not to allow these materials to lie unsupervised in public areas or on employees desks in sight of visitors.
- If you don’t have a document shredding policy, consider adopting one in order to keep obsolete files out of the hands of strangers.
- Formulate policies surrounding the physical handling of files. In other words, determine who has the rights to see documents and how documents should be stored, preferably under lock and key.
- Direct all employees to properly safeguard their computer passwords. In other words, don’t write them on sticky notes and paste them onto their computer monitors where anyone can grab them. This is an invitation to a data breach.
In short, never view the safeguarding of client confidentiality as merely a compliance exercise. Consider it as an opportunity to build client trust long term. If you’re only giving lip service to confidentiality, but not following best practices, it’s time to walk the talk . . . quietly!
For information on affordable E&O insurance for low-risk insurance agents, investment advisors, and real estate broker/owners, please visit EOforLess.com. For information on ethical sales practices, please visit the National Ethics Association’s Ethics Center.