NEW YORK - Mutual fund companies that provide products and information online need to be careful they are in full compliance with SEC and NASD regulations because both organizations are starting to interpret their own regulations more narrowly than they have in the past, industry lawyers said.
The SEC, which operates like a pendulum that swings between protecting investors and facilitating capital growth, is currently swinging towards investor protection with regard to online issues, said Barry P. Barbash, a partner with the law firm of Shearman & Sterling of Washington D.C. Barbash spoke at a conference here on online distribution strategies last week sponsored by the Institute for International Research.
"You will have to be a lot more careful," said Barbash, formerly the director of the SEC's division of investment management. "Many companies have an idea of the rules but they are not watching compliance closely. In the next year or two, you will need to be on guard because they will bring enforcement proceedings against companies that are lax on [their Internet practices.]"
The SEC is stepping up its vigilance of online compliance as a result of recent scams involving the Internet, he said. Barbash cited a recent suit the SEC filed against a company that ran a website providing investment advice. Yun Soo Oh Park, also know as "Tokyo Joe" and his company, Tokyo Joe's Societe Anonyme charged clients $200 a month for investment advice and stock picks, the SEC alleges. The SEC alleges Park would frequently mislead clients by not disclosing that he owned stock in many of the companies he was recommending on his website. Park would often purchase the stock shortly before issuing a recommendation and would then sell it when his clients began purchasing it, a tactic called scalping, the SEC alleges.
Scams like this are getting the SEC's attention and it is especially sensitive to online issues, Barbash said. Companies need to be extremely careful about various online tools they provide investors as well as how they protect their clients' privacy, Barbash said.
Online tools such as hyperlinks that allow website visitors to instantly connect with other websites is one gray area fund companies need to watch closely, he said. The SEC has not determined whether fund companies should be responsible for the material provided on a hyperlinked site, Barbash said. Although the SEC has not considered the question formally, it has said it will address the issue in the future. In the meantime, fund companies should include a disclaimer regarding any hyperlinks included on their sites, he said.
Fund companies also need to be careful regarding online transactions because the SEC has indicated it would not look favorably on those companies that did not implement sufficient safeguards, Barbash said.
One step some fund companies are taking to protect themselves is providing online information, including prospectuses that can be downloaded, for example, as "read only" text to prevent tampering with the content. Companies are also confirming user identification, restricting the information to which a user has access, and conducting audits to detect security breaches.
While all of these measures provide a level of protection, nothing that is placed online can be fully protected, Barbash said.
User passwords as a single source of protection are especially suspect, according to Geoffrey R.T. Kenyon, a partner with Goodwin, Procter & Hoar of Boston.
"I think the SEC doesn't believe those password-protected sites are all that protected," he said.
