Study guide
This final chapter covers the ethics, fiduciary duty, prohibited practices, administrator authority, and client communication rules found in the latter portions of Domain IV, which together with the registration content in Chapter 5 makes up roughly 37% of the exam. It includes NASAA's model rules on dishonest and unethical business practices, insider trading liability, cybersecurity/privacy obligations under Regulation S-P, and the powers available to a state Administrator to investigate and sanction misconduct. These questions often hinge on fine distinctions between administrative and judicial remedies, and between permissible and prohibited representations to clients.
The Administrator's Investigative and Enforcement Powers
A state securities Administrator holds broad administrative authority under the Uniform Securities Act to protect investors, but certain remedies require going to court rather than acting unilaterally. Administratively, the Administrator may conduct investigations, administer oaths, and subpoena witnesses, documents, and records under Section 407 without needing prior court approval (court involvement is needed only to enforce a subpoena against a party who refuses to comply). The Administrator may also issue cease-and-desist orders directly, in some circumstances even without a prior hearing, directing a person to stop a practice believed to violate the Act, and may summarily postpone or suspend a registration pending a final determination under Section 204, provided prompt notice and an opportunity for a hearing follow. However, obtaining an injunction — a court order enjoining a person from continuing a practice, potentially coupled with the appointment of a receiver over assets — is a judicial remedy under Section 408 that requires the Administrator to bring an action in a court of competent jurisdiction; the Administrator cannot issue an injunction directly. Candidates should organize this topic around the administrative/judicial divide: cease-and-desist orders, subpoenas, and summary suspensions are administrative tools available directly to the Administrator, while injunctions (and the appointment of a receiver) require judicial action. This distinction is one of the most reliably tested single concepts in the ethics and administration portion of the exam.
Dishonest and Unethical Business Practices
NASAA's model rules on dishonest and unethical business practices of broker-dealers, agents, investment advisers, and investment adviser representatives enumerate specific prohibited conduct that state Administrators and exam-writers rely on heavily. Core violations include: unauthorized trading (executing any transaction in a nondiscretionary account without the customer's prior authorization, which is prohibited regardless of profitability or after-the-fact customer acceptance); trading in a discretionary account without proper prior written authorization and firm approval; excessive trading or churning (trading a customer's account with a frequency or volume inconsistent with the customer's objectives, primarily to generate commissions); making unsuitable recommendations without reasonable grounds based on adequate client information; guaranteeing a customer against loss; borrowing money or securities from a customer (absent narrow exceptions, such as the customer being a financial institution); and sharing in the profits or losses of a customer's account without proper written authorization and a proportionate financial contribution. A narrow exception permits time-and-price discretion — judgment over only the timing or price of an already-authorized trade in a specified security and amount — without triggering the full discretionary-account authorization requirements. Candidates should recognize that these prohibited practices apply regardless of outcome: a suitable-seeming or profitable unauthorized trade is still a violation, and the rules focus on the process and authority behind a transaction, not merely its result.
Insider Trading and the Insider Trading and Securities Fraud Enforcement Act of 1988
Trading securities on the basis of material, nonpublic information in breach of a duty of trust or confidence — or tipping such information to another who trades on it — constitutes illegal insider trading under the federal securities laws. Section 21A of the Securities Exchange Act of 1934, added by the Insider Trading and Securities Fraud Enforcement Act of 1988 (ITSFEA), authorizes civil penalties of up to three times the profit gained or loss avoided against both the tippee (the person who trades on the tip) and the tipper (the person who disclosed the information), even if the tipper never personally traded or profited directly from the trade. Liability for a tipper requires that the tip be given in breach of a fiduciary or similar duty of trust and for a personal benefit — a concept established in Dirks v. SEC — and that personal benefit need not be monetary; a reputational benefit, a quid pro quo, or simply making a gift of confidential information to a friend or relative can satisfy the personal-benefit test. There is no exception for information shared casually or in a social setting: the manner or setting in which nonpublic information is disclosed does not affect liability if it is subsequently traded upon. Candidates should watch for fact patterns involving an insider disclosing information to a friend or family member with no direct payment involved, since the exam frequently tests whether the personal-benefit and tipper-liability concepts still apply in the absence of cash changing hands.
Unlawful Representations and Client Communications
Section 405 of the Uniform Securities Act makes it unlawful for any registered person to represent, imply, or suggest that registration itself constitutes an approval, endorsement, or certification of that person's abilities, qualifications, or the merit of any recommendation by the state Administrator or by the SEC. A registered agent or IAR may truthfully state the fact of her registration, but may not go further to suggest that the government has vetted or vouches for her competence or advice — language implying recommendations are 'backed by the state' or 'approved' by a regulator crosses this line regardless of the medium used, including social media posts, advertisements, or verbal statements to clients. Internal supervisory review or approval by a firm principal does not cure a communication that is substantively unlawful; the violation lies in the content of the message itself, not in whether it was properly routed through a firm's compliance process. Candidates should also be aware that the Uniform Securities Act does not impose a general pre-filing requirement for social media content with the Administrator — the analysis instead turns on whether the substance of what was communicated is false, misleading, or an unlawful representation about registration, not on procedural filing gaps. Broader anti-fraud provisions of the Act (modeled on Section 101, closely paralleling SEC Rule 10b-5) separately prohibit fraudulent or deceptive practices in connection with the offer, sale, or purchase of securities, or in connection with rendering investment advice, regardless of registration status.
Cybersecurity, Privacy, and Data Breach Notification
SEC Regulation S-P (17 CFR 248.30), as amended in 2024, requires covered broker-dealers and investment advisers to adopt written policies and procedures for an incident response program addressing unauthorized access to or use of customer information, and — where misuse of sensitive customer information has occurred or is reasonably likely to have occurred — to notify affected individuals as soon as practicable, but no later than 30 days after becoming aware of the incident. This federal notification duty to individuals is separate from, and does not eliminate, any additional notification obligations firms may have under applicable state breach-notification statutes; both regimes can apply simultaneously. Candidates should not confuse Regulation S-P's individual-notification clock with other regulatory frameworks that use different notice triggers or recipients (for example, some other regimes require notice to a regulator within a short window measured in hours, and some data-privacy frameworks impose record-count thresholds before notice duties apply) — Regulation S-P as amended imposes no minimum record-count threshold, meaning even a single affected individual's information can trigger the notification duty once the standard for 'reasonably likely' misuse is met. More broadly, the ethics domain expects candidates to understand that firms owe clients a duty to safeguard nonpublic personal information, consistent with the broader privacy framework established by the Gramm-Leach-Bliley Act, of which Regulation S-P is a component.
Key terms
- Cease-and-desist order
- — An administrative order the Administrator may issue directly (sometimes without a prior hearing) directing a person to stop a practice believed to violate the Act.
- Injunction
- — A judicial remedy under Section 408 requiring the Administrator to petition a court; cannot be issued directly by the Administrator.
- Churning
- — Excessive trading in a customer's account, inconsistent with the customer's objectives, primarily to generate commissions for the agent.
- Time-and-price discretion
- — Limited discretion over only the execution timing or price of an already client-authorized trade, exempt from full discretionary-account authorization rules.
- Tipper/tippee liability
- — Under ITSFEA Section 21A, both the discloser (tipper) and recipient/trader (tippee) of material nonpublic information may face civil penalties of up to three times profit gained or loss avoided.
- Personal benefit test (Dirks v. SEC)
- — The standard establishing that a tipper is liable when disclosing confidential information in breach of duty for a personal benefit, which need not be monetary (e.g., a gift to a friend).
- Unlawful representation (Section 405)
- — The prohibition against implying that registration constitutes regulatory approval or endorsement of a person's qualifications or recommendations.
- Regulation S-P
- — SEC rule requiring broker-dealers and investment advisers to safeguard customer information and, as amended in 2024, to notify affected individuals of certain breaches within 30 days.
- Anti-fraud provision (Section 101, USA)
- — The Uniform Securities Act's broad prohibition on fraudulent or deceptive conduct in the offer, sale, or purchase of securities, or in rendering investment advice.
- Fiduciary duty
- — The heightened legal obligation of an investment adviser to act in the client's best interest, encompassing duties of loyalty and care beyond mere suitability.
Exam tips
- Sort Administrator powers into two buckets: direct/administrative (cease-and-desist, subpoenas, summary suspension) versus court-only/judicial (injunctions, appointment of a receiver) — injunction questions are a near-guaranteed exam appearance.
- Unauthorized trading is a violation regardless of profitability, customer acceptance of the confirmation, or lack of complaint — don't let a 'the trade worked out fine' fact pattern lead you to the wrong answer.
- For insider trading questions, remember the tipper can be liable even without trading or receiving cash — a non-monetary personal benefit (including a gift to a friend or relative) is enough under Dirks v. SEC.
- Any statement implying an Administrator or the SEC has 'approved,' 'endorsed,' or is 'backing' a registrant's qualifications or advice violates Section 405, regardless of the communication channel (including social media) or whether a principal reviewed it first.
- For Regulation S-P breach questions, anchor on the 30-day 'as soon as practicable' individual-notification standard, and remember there is no minimum record-count threshold under the amended rule.
- Watch for EXCEPT-style questions listing several prohibited practices — know the enumerated list (churning, unauthorized trading, guaranteeing against loss, borrowing from customers, unsuitable recommendations) cold so the one non-violation stands out quickly.