Mr. Jonathan G. Katz Securitiesand Exchange Commission March 12,2004
circumstances may not be the most desirableapproach.'' Instead of establishinga single standard for all advisers and all contexts, NSCP believes that advisers should adopt safeguards that adequately prevent inappropriatedissemination of confidentialclient information. This approach would allow advisers to take into account their specificbusiness context without undergoing the difficult and, perhaps, hollow process of determining whether a specific employee "needs" to know specific information.
This approachwould have several advantages over the approach of the Proposed Rule. First, it would allow advisers to adopt processes that are tailored to their particular situations.12 Second, by focusing on the efficacy of controls, it would avoid confusionand unproductive disputes over the meaning of "need to know." Third, and important from a review and monitoring perspective, it would provide a focused and objective basis for evaluating an adviser's practices.
This approach seemsto have been partially anticipatedin the Proposed Rule's discussion of the definition of "access person":
Organizationswhere employees have broad responsibilities, and where information barriers are few, may see a larger percentage of their staff subject to the reporting requirements. In contrast, organizationsthat keep strict controls on sensitive information may have fewer access persons.'3
For these reasons, NSCP also does not support specificrequirementsconcerning either the handling of material nonpublic informationor the specificplacement of a firm's insider trading procedures within overall firm procedures, including a requirement that computer and other files containingnonpublic information be specifically identified and segregated. Such a practice may be appropriate in some advisory businesses, but would prove to be unworkable in other businesses. Rather than prescribing specific one-size fits all practices, the Commission and advisers should focus on the broad fiduciary duty of advisersto protect all confidential client information. As there is a multitude of advisory contexts, so advisers must be free to adopt and adapt procedures that fit their risks and business. As with the adoption of codes of ethics, NSCP
11 For example, "need to know" could be construed narrowly to mean that an individualemployee could not be given access to informationunless the information is required for that employeeto direct (portfolio managers), effect (trading) or monitor (legal and compliance)a transaction for a client portfolio. If an employee were not responsible for directing, evaluating or monitoringa portfolio decision, she would not have, therefore, a "need to know" informationrelated to a securities recommendation or client holding. However, such an interpretationwould be difficultto implementfor firms that have separatedthe portfolio management fimction from the securities research function. It would also be difficultto reconcile this interpretation with the legitimatebusiness interest of advisers in developingand enhancing the skills and responsibilitiesof employees, and for supervisingemployees. On the other hand, it is easy to see how a broad interpretationof "need to know" would undermine the standard and render it meaningless. Differencesbetween an adviser and the staff of the Commissionover the correct scope of this standardwould, predictably, lead to protracted and unproductive use of both the adviser's and the staffs time and r e s o u r c e s . S e e n i n p r a c t i c e , a " n e e d t o k n o w " r u l e i s e i t h e r o v e r l y b r o a d o r o v e r l y n a r r o w . 1 2 CompliancePrograms of InvestmentCompanies and InvestmentAdvisers, SEC, Investment Company Act Release No. 26299, Feb. 5,2003; and CompliancePrograms of Investment Companiesand Investment Advisers, S E C , I n v e s t m e n t C o m p a n y A c t R e l e a s e N o . 2 5 9 2 5 , F e b . 5 , 2 0 0 3 . 1 3 Release 2209 at text accompanyingNote 30.