Philadendron / iStockphoto

This article appears in the February 2020 issue of Advisor’s Edge magazine. Subscribe to the print edition or read the articles online.

The quandary

Your client is a well-known business figure. One day in the office elevator, you share details about the client’s financial situation with a colleague. Afterward, you realize you may have acted in error but figure nothing can come of the conversation. What should you do?

The experts

Markus Muhs
Markus Muhs, CFP
Investment advisor and portfolio manager, Canaccord Genuity Wealth Management, Edmonton, Alta.

The advisor should speak with his colleague, acknowledge the mistake of disclosing private information and seek coaching on privacy issues. This helps resolve the situation and prevents it from reoccurring.

If I were the colleague who heard the client information, I’d tell the advisor that their behaviour isn’t professional and could have consequences — potentially a licensing suspension. If the advisor is a CFP, such misconduct can be reported to FP Canada and the advisor could lose their designation.

Susan Allemang
Susan Allemang
Director of policy and regulatory affairs, Independent Financial Brokers of Canada, Mississauga, Ont.

The situation calls into question the advisor’s knowledge of client confidentiality and privacy rules, and demonstrates a lack of judgment. Advisors should know not to divulge a client’s personal or financial information outside a secure environment or in other circumstances without the client’s permission.

This advisor needs training on privacy, the firm’s associated policies and procedures, and ethics so a mistake like this never happens again.

If others were in the elevator besides the colleague and identifying information was revealed, the lack of judgment extends to a privacy breach.

The Personal Information Protection and Electronic Documents Act (PIPEDA) is federal legislation that requires notification to the privacy commissioner and client if there is a “real risk of significant harm.” (Some provinces, including Quebec, have their own private-
sector privacy laws similar to PIPEDA.) The advisor should report the incident to the firm, which would need to investigate whether such harm exists.

Life insurance advisors are subject to the Financial Services Regulatory Authority of Ontario’s (FSRA) guidelines on treating consumers fairly, which include protecting private information and informing clients of a privacy breach. The Mutual Fund Dealers Association of Canada (MFDA) also has rules on protecting client information and notifying clients of a breach.

A breach could result in a firm terminating the advisor, and would likely lead to a client complaint to FSRA or the MFDA. It could also result in a potential claim to the advisor’s error and omissions provider. Membership in a professional association, like the Independent Financial Brokers, could also be revoked.

Regulatory and professional rules on client privacy

Rules from the Mutual Fund Dealers Association of Canada and the Investment Industry Regulatory Organization of Canada (IIROC) say all client information must be kept confidential and can only be disclosed with client consent. IIROC rules further say clients can’t be required to disclose confidential information as a condition of supplying a product or service unless the information is “reasonably necessary.”

FP Canada’s standards of professional responsibility include a duty of confidentiality whereby certified financial planners can’t disclose personal or confidential client information without “written and informed consent.” The duty persists after the client-advisor relationship ends.

The same standards also warn about discussing or disclosing personal client information in public spaces like coffee shops, reception areas and elevators, or on social media. Confidential or personal information also shouldn’t be disclosed in a meeting to which the client brings a family member or third party, the standards say.

The Independent Financial Brokers’ ethics code includes the protection and confidentiality of client information. “Express, written consent” is required before disclosing such information.

To contribute your own ethical dilemmas or conduct quandaries, please email Michelle Schriver by March 15.