February 23, 2016

Rules Covering Investors Over Age 65 May Change. But Will They Help?

Martin B. Cowan

Late last year, the Financial Industry Regulatory Authority (FINRA) proposed changes to rules affecting the accounts of investors over age 65. FINRA is a "self-regulating organization" (SRO) that governs brokers and other firms that sell securities to the public. FINRA is not a government agency but its rules are subject to approval by the SEC. FINRA claimed that these changes would improve the security of the accounts of older investors. Upon close examination, it appears to provide various types of protection to the brokers and other financial institutions, but little benefit to the investors. In fact, the overall effect might actually make the investor's position worse.


The changes would authorize firms to temporarily suspend distributions of funds to a customer if it has a "reasonable belief" that "financial exploitation" of the customer is occurring, or has been or will be attempted. They provide for the identification of a qualified person at the firm who would have the initial responsibility and authority for making this determination subject to a subsequent internal review. They would require the firm to make reasonable efforts to get the customer to identify a trusted contact person (TCP) who would be advised of such a hold. It would offer some protection from liability for disclosing private information to that TCP or, if no TCP is available and with some limitations, to an immediate family member. They also attempt to offer protection from liability if the firm declines to suspend distributions. They apply immediately to new accounts, but older accounts will not be covered until sometime later on.

In general, it applies to accounts of investors over age 65. It also includes individuals between 18 and 65, but only if the institution "reasonably believes [that person to have] a mental or physical impairment that renders the individual unable to protect his own interests."  


Individual Retirement Accounts (IRAs, including ROTH IRAs) constitute the largest single category of financial retirement assets of the elderly (close to $8 trillion) and present unique problems for protecting against exploitation. Because of the effect of the tax law, IRAs tend to reach their maximum values after the investor reaches age 80. But by age 85, statistics indicate that close to half of those investors will be suffering from Alzheimer's disease or other forms of dementia. Moreover, recent studies indicate that the mental deterioration associated with that ailment actually starts taking effect up to 10 years earlier, i.e., by age 75 for up to half of all investors.  Because some believe that only half of all cases are reported to authorities, the rate of incidence is in fact much higher than these numbers. In addition, as we grow older, and especially as we approach the 90s, we become more fragile emotionally. Studies also indicate that our judgment that helps us distinguish between bona fide and phony solicitations is compromised by age, making us more susceptible to scammers and cheats.

In any event, it is evident that a major part of all retirement assets are in the hands of people who no longer have the full capacity to understand what they are doing and are increasingly vulnerable emotionally, all of which makes them prime and easy targets of scammers and fraudsters.

In most cases, the fraud or other financial exploitation is perpetuated by someone known to the victim. The largest category is the caretaker. Some estimates are that this accounts for 90 percent of the cases. Although other estimates of 60 percent may be closer to the truth, either number is alarming. One problem with these numbers is that most cases of theft by caretakers are never discovered or reported. The caretaker helps himself or herself to the funds and no one is the wiser. Moreover, if caught, the caretaker claims that the funds were a gift, which is often hard to disprove. Prosecution is difficult and rarely attempted; recovery of funds is always extremely unlikely.

The next major category is a child or other relative. It may be someone who has a drug addiction, or a gambling habit, and is desperate for money. A recent case that received a lot of publicity involved the Brooke Astor estate, where an 80-year-old son was convicted of stealing from his 104-year-old mother. Again, these thefts are grossly underreported because the victim usually does not want to have the relative or friend arrested or go to jail.

It's very easy for a predator. They spot an ATM card lying around and manage to learn the PIN. Or they convince the victim that they need money for groceries or rent, or for property or income taxes, and he writes out a check. Another way is to persuade the victim to withdraw money from an account, including the IRA, and hand it over to the fraudster. Or the victim requests the caretaker or relative to help him sign into his online account, and provides him with the password. The number of different methods that can be utilized by the bad guys is mind-boggling.

 Another common source is the smooth talking gentleman who pays a lot of attention to the widow, wins her confidence and then, after the relationship grows closer, offers to assist her with her "complicated" finances. The victim is flattered and distracted by the attention of the often younger male. Being unfamiliar with financial matters, she is grateful when he offers to help her with them and readily accepts his offer. Of course, this is matched by the women who prey on older men. In one recently reported case, a younger woman of age 67 married the older, 80-year-old man and then diverted all of his assets to her own children. His children were not only deprived of their probable inheritance; they were also saddled with the obligation to support their now impoverished parent.

If the older investor is still able to understand his situation, he can establish procedures and legal arrangements that will protect himself and his family when the day comes when he may no longer comprehend what is happening and may become the victim of such scams and frauds. But this has to be done before being afflicted by dementia or other disabilities.

Most assets can be protected from fraud in advance by conveying them to trusts of various types. It is also possible to make gifts to adult children. The family homestead can be conveyed to them with reservations of life estates. However, because of how the tax law works, and specific restrictions on the transferability of retirement accounts under both federal and state laws, none of these methods are available for IRAs. While the creation of trusts and life estates can entail substantial legal and administrative costs, they are at least possibilities for those who can afford them. In the case of IRAs, they are not even options.

Many financial institutions claim that they have guarantees that will reimburse their investors for losses due to fraud, but the fine print in every one of them disclaims liability for fraud committed by people known to the victim, which covers every one of the situations we've described (caretakers, relatives, confidence men, etc.)  In effect, those guarantees only come into play if some hacker in a foreign country breaks into the broker's database and steals millions of passwords and account information and the investor suffers a financial loss as a result. But that is not a significant source of theft of retirement funds.

A Solution: Monitors

In the area of trust and estate planning, a solution to problems of this sort is to use a "protectors' committee." This is a practice that became common in Europe a long time ago and has become almost standard practice today in the United States.

One or more trusted individuals are appointed to monitor the actions of the trustee to make sure that the trustee is not abusing his or her position and authority. When circumstances call for it, they can step in and require a trustee to post a bond or file a judicial accounting. In appropriate cases, the monitors may also have the right to veto or disapprove actions of the trustee, or require the trustee to make or not make certain elections. If nothing else works, they can even replace the trustee or terminate the trust.

A similar, but much simpler, approach can easily work to provide necessary protections of the accounts of the elderly during periods of incapacity or declining competency during their lifetime.

To implement this idea, the owner of the account, while still able to make financial decisions, designates one or more trusted individuals to act as monitors. More than one may be desirable to make sure that one of the monitors does not himself become the problem. The monitors would be those in whom the investor has utmost confidence, including children, an attorney, accountant or financial advisor (including a registered investment advisor). Unless a child has a problem like those discussed above (e.g., drug addiction), adult children would be an excellent choice since they, as the likely heirs, probably have a strong financial interest in protecting the parent's assets. The spouse might also work if his or her advancing age does not create its own difficulties. Neither a single child (when there is more than one child) nor the spouse should be a sole monitor.

The monitors would have access to account information and receive periodic statements and notices of significant actions, especially of red flag events like changes in the names and interests of beneficiaries or bank accounts.

What is necessary in the current context is that the monitors be alerted as soon as possible to those red flag events. Notices should be sent out electronically, making them virtually instantaneous. Most important is that notice needs to be given to each monitor if someone attempts to change who the monitors are without prior notice to them.

Upon receipt of information that suggests problems, the monitors can take whatever actions they believe necessary. After inquiring into the situation, they might decide to request the assistance of law enforcement or social services. They may attempt to arrange medical examinations. They may try to eliminate a caretaker's access to the account owner by removing him (or, with the help of the police, the caretaker) to another location. If nothing else works, they can commence a guardianship or conservatorship proceeding to take control of the victim's finances although, because of its costs, these kinds of procedures should be invoked only as the last resort. Or the monitors might be able to conclude that there is nothing amiss, and take no action at all.

Some financial institutions will provide some of the desired notices, but none of them appears to do it in an adequate manner, if at all.  The SLD contacted one of the leading financial institutions to suggest an improvement to its notice procedures, but the suggestion was rejected. No plausible reason was given, except that there was an intimation that giving some of these notices would create invasion of privacy issues.

Mr. Rick Fleming, Investor Advocate at the SEC, in a recent talk, discussed this privacy concern. He explained that if a financial institution suspected something was amiss, it was difficult to determine whom to warn about that or whether such action would be safe from the investor's viewpoint. The financial institution could be giving information to someone who should not be getting it, e.g., the son or daughter with the gambling addiction or a sibling with a criminal record. The investor may have deliberately withheld from that relative information about the existence, size and location of the IRA. The notice would alert the bad guy to the existence of and other data about an account that he or she was not previously aware of, thus creating more problems for the investor than it solved.  

But the situation here is different. The account owner has specified individuals that he believes are trustworthy and has consented to the disclosures. The monitors already know about the account, and all the details. The investor does not want the information about suspicious actions to be withheld from them. Moreover, the right to privacy of information is owned by the investor, not the financial institution, and if the investor wants that information disclosed to someone he trusts, the institution should not be able to claim that it is forced to withhold that disclosure because it is trying to protect the privacy rights of the investor. Of course, there could be some concern that the monitor might become the financial predator, and the investor no longer has the ability to realize that. But that risk is almost entirely eliminated by having two or three monitors; each would be in a position to observe the actions of the other monitors and take appropriate steps if needed.

What is sorely needed, then, is a rule that makes it mandatory that all financial institutions permit account owners—and not necessarily just those over 65—to specify up to three monitors who would receive copies of all monthly statements, as well as alerts of red flag events as quickly as technically feasible (usually electronically).

To make this work effectively, it is important to make sure that the monitors are themselves alerted to the most important red flag of all:  any attempt to remove one or more of them as a monitor. That would be the first step any financial predator planning to raid the account would take: make sure that people who otherwise might be able spot a fraud will not be able to see or get information about what is happening inside the account. But if the monitors are alerted to the termination of their ability to oversee what is going on in the account, they will be able to determine whether that termination is itself a preliminary step to a pending financial exploitation.

FINRA's Proposal

FINRA's proposal appears to address these concerns but close examination reveals that it does very little to do so and might even be counterproductive.

Most significantly, there is no requirement that, apart from identifying a TCP, the financial institution must do anything at all. It is not required to suspend distributions or notify the TCP of its suspicions. Everything is left to the discretion of the broker and there is no liability for either exercising or not exercising it in any particular fashion. In effect, this may give a patina of legitimacy to a refusal to act to protect the investor. Without it, the broker might be more motivated to step up and notify a TCP. Moreover, the "qualified person" can only create problems for himself if he makes a decision that the investor is being defrauded and commences a hold on distributions. That decision will be reviewed by others in the firm, and they may disagree with and criticize him for his actions. He may also cause the investor or his family to bring a judicial challenge to those actions. The procedures that he sets in motion will create expenses for the firm, including possible legal bills. It may be much safer for the career of that qualified person to just close his eyes and do nothing at all.

The new rule purports to provide some protection against a claim that the institution violated the investor's right of privacy should it decide to act, but it is not clear that FINRA has the ability to provide such immunity—privacy rights are usually creations of state law that would not be affected by FINRA.  Moreover, the investor's designation of a TCP to receive that information would constitute a waiver of any right of privacy when used in this manner, which means that the FINRA attempt to protect the broker from an invasion of privacy claim is largely superfluous window dressing. Again, the added promise of immunity for doing nothing may tip the balance in the decision whether to take action to protect the investor. It is safer to do nothing.

There is also a serious problem with the "reasonable belief" standard. Presumably, this means that there must be an actual belief, not merely a suspicion, no matter how strong that suspicion may be, and the actual belief must be reasonable. An actual belief should not be necessary if there is a reasonable suspicion of something amiss.

To some extent, and depending on the local state laws, there are legal requirements now to notify various government agencies of suspected fraud, but it is far from clear that such notices ever produce timely and effective results. It is hard, if not impossible, to find an instance where such a notice resulted in an arrest or otherwise prevented a fraud from occurring or continuing. In other words, even where such a requirement exists, it is nowhere near as effective as notices to monitors with personal interests in protecting the investor.

With respect to those under age 65, the rules apply only if the broker, through the "qualified person" concludes that the account owner is suffering from some impairment. it is difficult to understand how a mere corporate employee, with perhaps a few thousand accounts crossing his desk every day, would be in a position to know the medical or physical condition of every customer, or be able to stay current about changes in such a condition, in a timely manner. Even a personal physician would have trouble determining a patient's mental condition without prolonged and sophisticated testing.

But the basic rule that people under 65 would be protected only if the broker determines that the investor is impaired, is puzzling. If a "qualified person" has a strong suspicion that, say, a 50 year old is being victimized, the broker is not authorized to act unless the qualified person first determines that that 50 year old is mentally or physically impaired. Why is that necessary?  If there is a reasonable belief that a 50 year old is being victimized, why fail to act to protect him merely because he is not overtly impaired in some way?  Of course, extending the protection to younger investors would require the institutions to permit those younger investors to designate TCPs, but that does not seem to be a significant burden on the institutions. That is only more "paperwork" to be done exclusively by computers, at minimal personal effort or expense. Given the benefits in comparison to the burdens, it seems to be a no-brainer.

The application of the new rules initially to only new accounts is also puzzling. It is the older accounts that are most likely to have large sums of money in them, and be owned by older investors who are more likely to need protection.

Another deficiency is the limitation of permitting the investor to name only one TCP. As noted above, it is highly preferred to permit at least three to be able to monitor the account. In this day and age of electronic communications, adding additional cc's to an e-mail has no cost in time or money.

There are a number of other technical deficiencies in the FINRA proposal, but this is not the place to discuss them all.

NASAA Proposal

Recently, the North American Securities Administration Association (NASAA) proposed a model statue for adoption by the 50 states. The proposal is essentially a clone of the FINRA proposal, except that it would become law in those states that adopt it. As a practical matter, it would merely assure that the institutions would not risk liability for invasion of privacy for disclosing anything to a TCP.


The FINRA and NASAA proposals do not do much more than give lip service to the protection of investors. They do try to create some protection from liability for the brokers of this world. However, by giving that patina of legitimacy to the broker’s discretion to do nothing at all, and by creating too high a bar for the suspension of distributions, the proposed rule changes may make the protection of the investors riskier than they were beforehand. On the other hand, a suspension of distributions when there are no financial shenanigans may well create serious problems for investors. For example, if an investor is relying on receiving a distribution to pay his monthly rent, or a quarterly income tax installment, the suspension could have irremediable consequences. The requirement proposed in this article for notice to monitors helps solve the problem without these additional risks.

Readers are invited to submit comments on this problem to abasrlawyers@americanbar.org

Martin B. Cowan

Martin B. Cowan, a resident of New Rochelle, NY, practiced law at Milbank Tweed Hadley & McCloy in New York City, and from time to time taught tax courses in the law schools of NYU, Florida State, Miami, and Quinnipiac. He is a past chair of the Real Estate Tax Committee of the ABA Tax Section, and is currently chair of the Senior Lawyer Division’s Task Force on Protecting the IRA Accounts of the Elderly.