Ky. Rev. Stat. § 292.336

Current through 2024 Ky. Acts ch. 225
Section 292.336 - Recordkeeping and reporting requirements - Examination by commissioner - Administrative regulations - Central depository system for documents - Investment advisers - Required policies and procedures
(1)
(a) Every registered broker-dealer, firm employing issuer agents, and investment adviser shall make and keep all accounts, correspondence, memoranda, papers, books, and other records which the commissioner by rule or order prescribes.
(b) All records required shall be:
1. Preserved for three (3) years unless the commissioner, by administrative regulation or order, prescribes otherwise for particular types of records; and
2. Kept within this state or shall, at the request of the commissioner, be made available at any time for examination by him or her either in the principal office of the registrant or by production of exact copies thereof in this state.
(c) If a broker-dealer is registered with the United States Securities and Exchange Commission, then the books and records required by this section are limited to those that the Securities Exchange Act of 1934, 15 U.S.C. secs. 78a et seq., requires the broker-dealer to maintain.
(d) If an investment adviser has his or her principal place of business in another state, then the requirements of this subsection shall be limited to the books and records requirements of that state, if the adviser is registered in that state and in compliance with its recordkeeping requirements.
(2)
(a) Subject to paragraphs (b) and (c) of this subsection, every registered broker-dealer, investment adviser, and firm employing issuer agents shall file any reports required by the commissioner through administrative regulation or order promulgated under this chapter.
(b) If a broker-dealer is registered with the United States Securities and Exchange Commission, then the reports required by this subsection shall be limited to those required under the Securities Exchange Act of 1934, 15 U.S.C. secs. 78a et seq.
(c) If an investment adviser has his or her principal place of business in another state, then the requirements of this subsection shall be limited to the reporting requirements of that state, if the adviser is registered in that state and in compliance with its reporting requirements.
(3)
(a) Subject to paragraph (b) of this subsection, if the information contained in any document filed is or becomes inaccurate or incomplete in any material respect, then the broker-dealer, investment adviser, or firm employing issuer agents, as applicable, shall promptly file a correcting amendment.
(b) In the case of a covered adviser, the adviser shall file only copies of those documents required to be filed with the United States Securities and Exchange Commission.
(4)
(a) The commissioner may conduct examinations, within or outside this state, of each broker-dealer, issuer agent, or investment adviser at such times and in such scope as he or she determines.
(b)
1. Examinations of each broker-dealer, issuer agent, or investment adviser may be made without prior notice to the broker-dealer, issuer agent, or investment adviser.
2. The expense reasonably attributable to any examination shall be paid by the broker-dealer, issuer agent, or investment adviser whose business is examined, but the expense so payable shall not exceed an amount which the commissioner by administrative regulation prescribes.
(c) For the purpose of avoiding unnecessary duplication of examinations, the commissioner, insofar as he or she deems it practicable in administering this subsection, may cooperate with securities administrators of other states, the United States Securities and Exchange Commission, and any national securities exchange or national securities association registered under the Securities Exchange Act of 1934, 15 U.S.C. secs. 78a et seq.
(5)
(a) Every investment adviser that is registered or required to be registered shall establish written procedures relating to a business continuity and succession plan.
(b) The plan shall:
1. Be based upon the facts and circumstances of the investment adviser's business model, including the size of the firm, types of services provided, and number of locations;
2. At a minimum, provide for:
a. The protection, backup, and recovery of books and records;
b. Alternate means of communication with customers, key personnel, employees, vendors, service providers, including third-party custodians, and regulators, including but not limited to providing notice of:
i. A significant business interruption;
ii. The death or unavailability of key personnel; and
iii. Other disruptions or cessations of business activities;
c. Office relocation in the event of temporary or permanent loss of a principal place of business; and
d. Assignment of duties to qualified responsible persons in the event of the death or unavailability of key personnel; and
3. Otherwise minimize service disruptions and client harm that could result from a sudden significant business interruption.
(c) The investment adviser shall, at least annually, review the plan, and the review shall be documented and maintained for three (3) years.
(6)
(a) Every investment adviser that is registered or required to be registered shall establish and implement written physical security and cybersecurity policies and procedures designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information.
(b) The policies and procedures shall:
1. Be tailored to the investment adviser's business model, taking into account the size of the firm, types of services provided, and the number of locations;
2. At a minimum:
a. Protect against reasonably anticipated threats or hazards to the security or integrity of client records and information;
b. Ensure that the investment adviser safeguards confidential client records and information; and
c. Protect any records and information for which the release could result in harm or inconvenience to any client; and
3. Cover at least the following five (5) functions:
a. Identification - development of organizational understanding to manage information security risk to systems, assets, data, and capabilities;
b. Protection - development and implementation of appropriate safeguards to ensure delivery of critical infrastructure services;
c. Detection - development and implementation of appropriate activities to identify the occurrence of an information security event;
d. Response - development and implementation of appropriate activities to take action regarding a detected information security event; and
e. Recovery - development and implementation of appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to an information security event.
(c)
1. The investment adviser shall, at least annually, review the policies and procedures to ensure the adequacy of the security measures and effectiveness of their implementation.
2. The review shall be documented and previous versions of the policies and procedures shall be maintained for three (3) years from the date of development.
(7) The commissioner may by administrative regulation prohibit unreasonable charges, profits, commissions, or other compensation of broker-dealers and investment advisers.
(8) The commissioner may promulgate administrative regulations to prescribe rules for the conduct of business by broker-dealers and investment advisers which he or she finds appropriate in the public interest and for the protection of investors.
(9) The commissioner may enter into an arrangement, agreement, or other working relationship with federal, other state, and self-regulatory authorities whereby documents may be filed and maintained in a central depository system with the Financial Industry Regulatory Authority (FINRA) or other agencies or authorities.

KRS 292.336

Amended by 2022 Ky. Acts ch. 145,§ 1, eff. 1/1/2023.
Effective:7/15/2010
Created 2010, Ky. Acts ch. 82, sec. 8, effective7/15/2010.