Thirty-four percent of investment management companies share customer data with non-affiliated parties, indicating that investment companies may have to hold these partners up to strict confidentiality standards, according to a survey by KPMG LLP of New York.
KPMG surveyed 60 investment management firms about their privacy policies during the Investment Company Institute's annual meeting in Washington, D.C., earlier this month.
Many investment companies that share customer data do so because they have out-sourced routine administrative or back-office services, said Steven Roberts, principal partner with KPMG's financial services practice.
Provisions under the Gramm-Leach-Bliley Act allow for such sharing of information and do not require investment companies to give customers the ability to opt out of such lists since such partnerships are vital to conducting business, Roberts said.
But investment companies that share customer data as part of an outsourcing or servicing agreement must hold business partners up to strict confidentiality agreements, Roberts said. KPMG's survey indicated that nearly one-quarter of companies that outsource functions to outside parties do not hold them up to confidentiality agreements to limit use of customer data.
"Investment firms have a lot of work they need to do in the area of privacy," Roberts said. "[They] should not wait for regulators to enforce policy [because] privacy is already an important issue for a growing proportion of investors."
The SEC is expected to release privacy rules soon.