EX-99.(P)(VII) 16 ex99-pvii.htm CODE OF ETHICS FOR BLUEPATH CAPITAL MANAGEMENT, LLC
 

Tidal ETF Trust II 485BPOS

 

Exhibit 99.(p)(vii)

 

 

BLUEPATH CAPITAL, LLC

 

(DBA: NICHOLAS WEALTH MANAGEMENT)

 

CODE OF ETHICS

 

EFFECTIVE DATE: 12/20/2021

 

1 

 

 

Code of Ethics Statement

 

In accordance with SEC regulations, Bluepath Capital Management, LLC DBA Nicholas Wealth Management (“NWMNWM”) (“NWM”) has adopted a code of ethics to:

 

Background

 

 

Set forth standards of conduct expected of all supervised persons (including compliance with federal securities laws);
Safeguard material non-public information about client transactions; and
Require “access persons” to report their personal securities transactions. In addition, the activities of an investment adviser and its personnel must comply with the broad antifraud provisions of Section 206 of the Advisers Act.

 

Introduction

 

As an investment advisory firm, NWM has an overarching fiduciary duty to its clients. They deserve its undivided loyalty and effort, and their interests come first. NWM has an obligation to uphold that fiduciary duty and see that its personnel do not take inappropriate advantage of their positions and the access to information that comes with their positions.

 

NWM holds its supervised persons accountable for adhering to and advocating the following general standards to the best of their knowledge and ability:

 

Always place the interest of the clients first and never benefit at the expense of advisory clients;
Always act in an honest and ethical manner, including in connection with the handling and avoidance of actual or potential conflicts of interest between personal and professional relationships;
Always maintain the confidentiality of information concerning the identity of security holdings and financial circumstances of clients;
Fully comply with applicable laws, rules and regulations of federal, state and local governments and other applicable regulatory agencies; and
Proactively promote ethical and honest behavior with NWM including, without limitation, the prompt reporting of violations of, and being accountable for adherence to, this Code of Ethics.

 

Failure to comply with NWM’s Code of Ethics may result in disciplinary action, up to and including termination of employment.

 

Definitions

 

Access Person” includes any supervised person who has access to non-public information regarding an client’s purchase or sale of securities, or non-public information regarding the portfolio holdings of any client account or any fund the adviser or its control affiliates manage, or is involved in making securities recommendations to clients, or has access to such recommendations that are non-public. All of the firm’s directors, officers, and partners are presumed to be access persons.

 

2 

 

 

“Advisers Act” means Investment Advisers Act of 1940.

 

Adviser” means NWM.

 

Beneficial ownership” shall be interpreted in the same manner as it would be under Rule 16a- 1(a)(2) under the Securities Exchange Act of 1934: a direct or indirect “pecuniary interest” that is held or shared by a person directly or indirectly in a security, through any contract, arrangement, understanding, relationship or otherwise, which offers the opportunity to directly or indirectly profit or share in any profit from a transaction. An access person is presumed to have beneficial ownership of any family member’s account.

 

CCO” means Chief Compliance Officer per rule 206(4)-7 of the Investment Advisers Act of 1940.

 

For the purposes of this Code of Ethics, a “Conflict of Interest” will be deemed to be present when an individual’s private interest interferes in any way, or even appears to interfere, with the interests of the adviser as a whole.

 

Initial Public Offering” means an offering of securities registered under the Securities Act of 1933, the issuer of which, immediately before the registration, was not subject to the reporting requirements of Section 13 or Section 15(d) of the Securities Exchange Act of 1934.

 

Investment personnel” means any employee of the adviser or of any company in a control relationship to the Adviser who, in connection with his or her regular functions or duties, makes or participates in making recommendations regarding the purchase or sale of securities for clients.

 

Limited Offering” means an offering that is exempt from registration under the Securities Act of 1933 pursuant to Section 4(2) or Section 4(6) thereof or pursuant to Rule 504, Rule 505 or Rule 506 thereunder.

 

Reportable security” means any note, stock, treasury stock, security future, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security (including a certificate of deposit) or on any group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or, in general, any interest or instrument commonly known as a “security”, or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guaranty of, or warrant or right to subscribe to or purchase any of the foregoing, except:

 

Direct obligations of the Government of the United States;
Bankers’ acceptances, bank certificates of deposit, commercial paper and high quality short term debt instruments, including repurchase agreements;
Shares issued by money market funds;
Shares issued by open-end funds other than reportable funds;
Shares issued by unit investment trusts that are invested exclusively in one or more open-end funds, none of which are reportable funds.

 

3 

 

 

Supervised Persons” means directors, officers, and partners of the adviser (or other persons occupying a similar status or performing similar functions); employees of the adviser; and any other person who provides advice on behalf of the adviser and is subject to the adviser’s supervision and control.

 

Compliance Procedures

 

Compliance with Laws and Regulations

 

Supervised persons of NWM must comply with applicable state and federal securities laws. Specifically, supervised persons are not permitted, in connection with the purchase or sale, directly or indirectly, of a security held or to be acquired by a client:

 

To defraud such client in any manner;
To mislead such client, including making any statement that omits material facts;
To engage in any act, practice or course of conduct that operates or would operate as a fraud or deceit upon such client;
To engage in any manipulative practice with respect to such client;
To engage in any manipulative practice with respect to securities, including price manipulation.

 

Prohibited Purchases and Sales

 

Insider Trading

 

Illegal insider trading refers generally to buying or selling a security, in breach of a fiduciary duty or other relationship of trust and confidence, while in possession of material, non-public information about the security. The SEC defines information as material if “there is a substantial likelihood that a reasonable shareholder would consider it important in making an investment decision.” Information is non-public if it has not been disseminated in a manner making it available to investors generally.

 

NWM strictly prohibits trading personally or on the behalf of others, directly or indirectly, based on the use of material, non-public or confidential information. NWM additionally prohibits the communicating of material non-public information to others in violation of the law. Employees who are aware of the misuse of material non-public information should report such to the Chief Compliance Officer (CCO). This policy applies to all of NWM’s employees and associated persons without exception.

 

Please note that it is the SEC’s position that the term “material non-public information” relates not only to issuers but also to the adviser’s securities recommendations and client securities holdings and transactions.

 

4 

 

 

Initial Public Offerings (IPOs)

 

No access person or other employee may acquire, directly or indirectly, beneficial ownership in any securities in an Initial Public Offering without first obtaining the prior approval of the CCO.

 

Limited or Private Offerings

 

No access person or other employee may acquire, directly or indirectly, beneficial ownership in any securities in a Limited or Private Offering without first obtaining the prior approval of the CCO. Investment personnel are required to disclose such investment to any client considering an investment in the issuer of such Limited or Private Offering.

 

Miscellaneous Restrictions

 

Blackout Periods

 

From time to time, representatives of NWM may buy or sell securities for themselves at or around the same time as clients. This may provide an opportunity for representatives of NWM to buy or sell securities before or after recommending securities to clients resulting in representatives profiting off the recommendations they provide to clients. Such transactions may create a conflict of interest. When similar securities are being bought or sold, NWM employees will either transact clients’ transactions before their own or will transact alongside clients’ transactions in block or bunch trades.

 

Margin Accounts

 

Investment personnel are prohibited from purchasing securities on margin, unless pre-cleared by the CCO.

 

Option Transactions

 

Investment personnel are prohibited from purchasing options, unless pre-cleared by the CCO.

 

Short Sales

 

Investment personnel are prohibited from selling any security short, in their own accounts, that is owned by any client of the firm, except for short sales “against the box”, unless pre-cleared by the CCO.

 

Short-Term Trading

 

Securities held in client accounts may not be purchased and sold, or sold and repurchased, within 30 calendar days by investment personnel. The CCO may, for good cause shown, permit a short- term trade, but shall record the reasons and grant of permission with the records of the Code.

 

5 

 

 

Prohibited Activities

 

Conflicts of Interest

 

NWM has an affirmative duty of care, loyalty, honesty, and good faith to act in the best interest of its clients. A conflict of interest may arise if a person’s personal interest interferes, or appears to interfere, with the interests of NWM or its clients. A conflict of interest can arise whenever a person takes action or has an interest that makes it difficult for him or her to perform his or her duties and responsibilities for NWM honestly, objectively and effectively.

 

While it is impossible to describe all of the possible circumstances under which a conflict of interest may arise, listed below are situations that most likely could result in a conflict of interest and that are prohibited under this Code of Ethics:

 

Access persons may not favor the interest of one client over another client (e.g., larger accounts over smaller accounts, accounts compensated by performance fees over accounts not so compensated, accounts in which employees have made material personal investments, accounts of close friends or relatives of supervised persons). This kind of favoritism would constitute a breach of fiduciary duty;
Access persons are prohibited from using knowledge about pending or currently considered securities transactions for clients to profit personally, directly or indirectly, as a result of such transactions, including by purchasing or selling such securities.

 

Access persons are prohibited from recommending, implementing or considering any securities transaction for a client without having disclosed any material beneficial ownership, business or personal relationship, or other material interest in the issuer or its affiliates, to the CCO. If the CCO deems the disclosed interest to present a material conflict, the investment personnel may not participate in any decision-making process regarding the securities of that issuer. 

 

Gifts and Entertainment

 

Supervised persons shall not accept inappropriate gifts, favors, entertainment, special accommodations, or other things of material value that could influence their decision-making or make them feel beholden to a person or firm. Similarly, supervised persons shall not offer gifts, favors, entertainment or other things of value that could be viewed as overly generous or aimed at influencing decision-making or making a client feel beholden to the firm or the supervised person.

 

No supervised person may receive any gift, service, or other thing of more than de minimis value from any person or entity that does business with or on behalf of the adviser without written pre- approval by the CCO. No supervised person may give or offer any gift of more than de minimis value to existing clients, prospective clients, or any entity that does business with or on behalf of the adviser without written pre-approval by the CCO. The annual receipt of gifts from the same source valued at $100 or less shall be considered de minimis. Additionally, the receipt of an occasional dinner, a ticket to a sporting event or the theater, or comparable entertainment also shall be considered to be of de minimis value if the person or entity providing the entertainment is present.

 

6 

 

 

All gifts, given and received, will be recorded in a log (see Sample 7).

 

No supervised person may give or accept cash gifts or cash equivalents to or from a client, prospective client, or any entity that does business with or on behalf of the adviser.

 

Bribes and kickbacks are criminal acts, strictly prohibited by law. Supervised persons must not offer, give, solicit or receive any form of bribe or kickback.

 

Service on Board of Directors

 

Supervised persons shall not serve on the board of directors of publicly traded companies absent prior authorization by the CCO. Any such approval may only be made if it is determined that such board service will be consistent with the interests of the clients and of NWM, and that such person serving as a director will be isolated from those making investment decisions with respect to such company by appropriate procedures. A director of a private company may be required to resign, either immediately or at the end of the current term, if the company goes public during his or her term as director.

 

Confidentiality

 

Supervised persons shall respect the confidentiality of information acquired in the course of their work and shall not disclose such information, except when they are authorized or legally obliged to disclose the information. They may not use confidential information acquired in the course of their work for their personal advantage. Supervised persons must keep information about clients (including former clients) in strict confidence, including the client’s identity (unless the client consents), the client’s financial circumstances, the client’s security holdings, and advice furnished to the client by the firm.

 

Pre-Clearance

 

For any activity where it is indicated in the Code of Ethics that pre-clearance is required, the following procedure must be followed:

 

Pre-clearance requests must be submitted by the requesting supervised person to the CCO in writing. The request must describe in detail what is being requested and any relevant information about the proposed activity;
The CCO will respond in writing to the request as quickly as is practical, either giving an approval or declination of the request, or requesting additional information for clarification;
Pre-clearance authorizations expire 48 hours after the approval, unless otherwise noted by the CCO on the written authorization response;

Records of pre-clearance requests and responses will be maintained by the CCO for monitoring purposes and ensuring the Code of Ethics is followed.

 

7 

 

 

Personal Securities Reporting and Monitoring

 

Holdings Reports (see Sample 8)

 

Every access person shall, no later than ten (10) days after the person becomes an access person and annually thereafter, file a holdings report containing the following information:

 

The title, exchange ticker symbol or CUSIP number (when available), type of security, number of shares and principal amount of each Reportable Security in which the access person has any direct or indirect beneficial ownership when the person becomes an access person;
The name of any broker, dealer or bank with whom the access person maintains an account in which any securities are held for the direct or indirect benefit of the access person;
The date that the report was submitted by the access person.
Options, advanced trading strategy language

 

Transaction Reports (see Sample 9)

 

Every access person shall, no later than thirty (30) days after the end of calendar quarter, file transaction reports containing the following information:

 

For each transaction involving a Reportable Security in which the access person had, or as a result of the transaction acquired, any direct or indirect beneficial interest, the access person must provide the date of the transaction, the title, exchange ticker symbol or CUSIP number (when available), type of security, the interest rate and maturity date (if applicable), number of shares and principal amount of each involved in the transaction;
The nature of the transaction (e.g., purchase, sale);
The price of the security at which the transaction was effected;
The name of any broker, dealer or bank with or through the transaction was effected;
The date that the report was submitted by the access person.
Options, advanced trading strategy language

 

Access persons may use duplicate brokerage confirmations and account statements in lieu of submitting quarterly transaction reports, provided that the required information is contained in those confirmations and statements.

 

Report Confidentiality

 

Holdings and transaction reports will be held strictly confidential, except to the extent necessary to implement and enforce the provisions of the code or to comply with requests for information from government agencies.

 

8 

 

 

Exceptions to Reporting Requirements

 

Access persons do not need to submit:

 

Any report with respect to securities held in accounts over which the access person had no direct or indirect influence or control;
A transaction report with respect to transactions effected pursuant to an automatic investment plan;
A transaction report if the report would duplicate information contained in broker trade confirmations or account statements that the firm holds in its records so long as it receives the confirmations or statements no later than 30 days after the end of the applicable calendar quarter.

 

Review of Personal Securities

 

NWM is required by the Advisers Act and applicable state law to review access persons’ initial Holdings report and to do so annually thereafter. Transactions reports are reviewed at least quarterly. The CCO is responsible for reviewing these transactions and holdings reports. The CCO’s personal securities transactions and reports shall be reviewed by designated firm personnel (see Exhibit 1).

 

Access persons are subject to the reporting requirements detailed above for personal accounts and all accounts in which they have any beneficial ownership in any reportable securities. For clarification, these terms are defined in this Code.

 

Certification of Compliance

 

Initial Certification

 

The firm is required to provide supervised persons with a copy of this Code. Supervised persons are to certify in writing via a NWM attestation statement (see Sample 1) that they have:

 

(a)received a copy of this Code; (b) read and understand all provisions of this Code; and (c) agreed to comply with the terms of this Code.

 

Acknowledgement of Amendments

 

The firm must provide supervised persons with any amendments to this Code and supervised persons must submit a written acknowledgement that they have received, read, and understood the amendments to this Code.

 

Annual Certification

Supervised persons must annually certify via a NWM attestation statement that they have read, understood, and complied with this Code of Ethics and that the supervised person has made the reports required by this code and has not engaged in any prohibited conduct.

 

The CCO shall maintain records of these certifications of compliance. A template for a NWM supervised person’s attestation statement is included as Sample 1.

 

9 

 

 

Reporting Violations and Whistleblower Provisions

 

Supervised persons must report violations of the firm’s Code of Ethics promptly to the CCO. If the CCO is involved in the violation or is unreachable, supervised persons may report directly to the CCO’s Supervisor or other firm principal. Reports of violations will be treated confidentially to the extent permitted by law and investigated promptly and appropriately.

 

Persons may report violations of the Code of Ethics on an anonymous basis. Examples of violations that must be reported include (but are not limited to):

 

Noncompliance with applicable laws, rules, and regulations;
Fraud or illegal acts involving any aspect of the firm’s business;
Material misstatements in regulatory filings, internal books and records, clients records or reports;
Activity that is harmful to clients, including fund shareholders;
Deviations from required controls and procedures that safeguard clients and the firm; and
Violations of the firm’s Code of Ethics.

 

No retribution will be taken against a person for reporting, in good faith, a violation or suspected violation of this Code of Ethics.

 

Retaliation against an individual who reports a violation is prohibited and constitutes a further violation of the Code.

 

Compliance Officer Duties

 

Training and Education

 

CCO shall be responsible for training and educating supervised persons regarding this Code. Training will occur periodically as needed and supervised persons are required to attend any training sessions or read any applicable materials.

 

Recordkeeping

 

CCO shall ensure that NWM maintains the following records in a readily accessible place:

 

A copy of each Code of Ethics that has been in effect at any time during the past five years;
A record of any violation of the Code and any action taken as a result of such violation for five years from the end of the fiscal year in which the violation occurred;
A record of written acknowledgements and/or attestation statements of receipt of the Code and amendments for each person who is currently, or within the past five years was, a supervised person. These records must be kept for five years after the individual ceases to be a supervised person of the firm;
Holdings and transactions reports made pursuant to the code, including any brokerage confirmation and account statements made in lieu of these reports;
A list of the names of persons who are currently, or within the past five years were, access and/or supervised persons;

 

10 

 

 

A record of any decision and supporting reasons for approving the acquisition of securities by access or supervised persons in initial public offerings and limited offerings for at least five years after the end of the fiscal year in which approval was granted;
A record of any decisions that grant employees or access or supervised persons a waiver from or exception to the Code.

 

Annual Review

 

CCO shall review at least annually the adequacy of this Code of Ethics and the effectiveness of its implementation and make any changes needed.

 

Sanctions

 

Any violations discovered by or reported to the CCO shall be reviewed and investigated promptly, and reported through the CCO to the Supervisor or other firm principal. Such report shall include the corrective action taken and any recommendation for disciplinary action deemed appropriate by the CCO. Such recommendation shall be based on, among other things, the severity of the infraction, whether it is a first or repeat offense, and whether it is part of a pattern of disregard for the letter and intent of this Code of Ethics. Upon recommendation of the CCO, the Supervisor may impose such sanctions for violation of this Code of Ethics as it deems appropriate, including, but not limited to:

 

Letter of censure;
Suspension or termination of employment;
Reversal of a securities trade at the violator’s expense and risk, including disgorgement of any profit;
In serious cases, referral to law enforcement or regulatory authorities.

 

Information Security Policy

 

Inventory of Technology Infrastructure

 

On an annual basis, the CCO of NWM will make an inventory of the following:

 

Physical devices and systems (computers, servers, etc.);
Software platforms and applications (email applications, file management, etc.);
Systems that house client data; and
Third-party contractors that have access to systems, platforms, etc.

 

NWM’s primary software platforms that may contain client data are summarized below.

 

Type of System Name of System
Customer Relationship Management (CRM) Redtail
Email Provider / Hosting Office 365

 

11 

 

 

Type of System Name of System
Financial Planning

Money, Retirement Analyzer,

HolistiPlan

Email / Social Media Archiving Mimecast ; Message Watcher
Document Management / Storage Sharefile
Portfolio Risk Management Riskalyze
Reporting / Portfolio Management Orion

 

NWM utilizes cloud-based technology systems, which it believes provide increased information security capabilities including:

 

Ability to leverage the established infrastructure of trusted technology industry leaders; and
Improved system alert capabilities including better user activity logging and alerts related to unusual user activity.

 

NWM also recognizes that cloud-based technology systems create a greater reliance on passwords and user login security. As such, NWM has designed and will continue to further develop information security policies with this increased risk as a focus.

 

Detection of Unauthorized Activity

 

The CCO is responsible for monitoring on-site and cloud-based systems for suspicious activity. Such activity may include:

 

Logins to company systems after traditional business hours for the local region;
Logins to company systems from non-local regions; and/or
Large transfers of files or data.

 

When suspicious activity is discovered, the CCO will restrict access to the systems and begin to assess what information may have been accessed and what actions need to be taken to remediate the event.

 

If the unauthorized activity is deemed by the CCO to have led to unauthorized release or use of sensitive client information, the CCO will contact the proper law enforcement and/or regulatory agencies as required by state and Federal law.

 

Regardless of the severity, the CCO will keep a log of suspected unauthorized activity and note the action taken. This log will include the following information about each incident:

 

Date and time of the incident;
How the incident was detected;
The nature and severity of the incident;
The response taken to address the incident; and
Any changes made to the Information Security Policy as a result of the incident.

 

In addition, all staff should immediately alert the CCO of any suspicious behavior or concern.

 

12 

 

 

Prevention of Unauthorized Funds Transfers

 

NWM has implemented the following firm-wide information security polices to help prevent unauthorized funds transfers:

 

Clients must confirm wire requests verbally. Wire requests may not be authorized solely via email; and
Wire requests should be reviewed for suspicious behavior (e.g. time of request, atypical amount of request, etc.).

 

NWM is particularly aware of the risk caused by fraudulent emails, purportedly from clients, seeking to direct transfers of customer funds or securities and will train staff members to properly identify such fraudulent emails.

 

User Login Security

 

NWM has implemented the following firm-wide user login security polices to help prevent unauthorized access to sensitive client data:

 

Computers used to access client data will have antivirus software installed. In addition, the antivirus software must have an active subscription and updates must be scheduled to automatically install;
Staff will utilize devices with up to date operating system software with all security patch and other software updates set to automatically install;
Staff members are prohibited from accessing NWM systems from unsecured internet connections;
All staff passwords are required to meet or exceed the following guidelines:
oContain both upper and lower case letters;
oContain at least one number;
oContain at least one special character;
oBe at least 10 characters in length;
oMay not contain words that can be found in a dictionary; and
oMay not contain personal information such as pet names, birthdates, or phone numbers.
All staff are required to have unique passwords to access each technology system (e.g. desktop computer, CRM system, etc.);
All staff are required to update passwords on a quarterly basis; When available, staff is required to utilize two-factor authentication.

 

User Access Privileges

 

NWM has implemented the following firm-wide user access privilege polices to help prevent unauthorized access to sensitive client data:

 

All new staff members login credentials will be created by the Director of Operations;
Staff members will only have access to systems deemed necessary by the CCO/Director of Operations;

 

13 

 

 

Staff members, besides the CCO or other designated personnel, will not have access to administrative privileges on systems unless deemed necessary by the CCO; and
Upon a staff member’s departure or termination, the CCO will immediately remove the former staff member’s access to all firm systems.

 

Staff members may request additional access to systems by contacting the CCO/Director of Operations

 

Email Use Security and Guidelines

 

NWM has implemented the following firm-wide email use security polices and guidelines to help prevent unauthorized access to sensitive client data:

 

All staff should only provide sensitive information electronically to clients via a secure email or client portal;
All staff should never open or download any email attachments from unknown senders;
All staff should never open or download any email attachments from known senders that look suspicious or out of the ordinary;
All staff should never directly click on or open any links sent in emails; and
All staff should be acutely aware of any attempted “phishing” emails seeking to obtain the staff member’s user login credentials. Some warning signs to look for include:
oBad spelling or poor grammar in the email subject or body text;
oAn unfamiliar company or website that the staff member is not familiar with; and
oA suspicious sender email domain.

 

When a staff member receives a suspicious email, the CCO should be immediately alerted. The CCO will then determine next steps and communicate to other staff members if deemed appropriate.

 

3rd Party Vendor Security and Diligence

 

NWM has implemented the following firm-wide 3rd party vendor security and diligence polices and guidelines to help prevent unauthorized access to sensitive client data:

 

All 3rd party vendors that have physical access to the office and/or the firm’s systems are required to enter into a non-disclosure agreement (NDA) in order to protect sensitive client information before establishing a business relationship; and
Proper due diligence will be performed on all relevant technology vendors prior to establishing a business relationship and then again on at least an annual basis and will include:
oReview of the firm’s information security policies;
oReview of the firm’s disaster recovery policies; and
oReview of the firm’s general capabilities to ensure it meets NWM’s needs.

 

All of this information will be stored and maintained in NWM’s vendor diligence file.

 

14 

 

 

Significant Technology System Disruption Plan

 

In the event of a significant business disruption that results in a significant interruption in access to the firm’s technology systems, NWM will implement its business continuity plan as detailed in this policies and procedures manual.

 

Testing

 

On an annual basis, NWM will test its current information security policy and capabilities. The test conducted by the CCO will include the following activities:

 

Attempt to access a random sample of firm devices to ensure that proper passwords are in place to prevent access;
Attempt to access users’ accounts with the proper password to ensure that two-factor authentication prevents system access;
Attempt to restore a sample of files and records from the systems listed above to ensure that the restoration process is sufficient and properly configured; and
Make a physical inspection of the office to ensure that all workstations have the proper security measures.

 

The results from the annual test will be documented and utilized as an opportunity to update the Information Security Policy.

 

Privacy Policy

 

The privacy policy statement is given to clients at the initial signing of the client contract and mailed or emailed with client consent once annually, if the policy is updated. The CCO will document the date the privacy policy was delivered to each client for each year if an annual delivery is required. NWM collects non-public personal information about clients from the following sources:

 

Information it receives from them on applications or other forms;
Information about their transactions with NWM or others; and
Information it receives from a consumer reporting agency.

 

Below are the reasons for which NWM may share a client’s personal information.

 

For everyday business purposes – such as to process client transactions, maintain client account(s), respond to court orders and legal investigations, or report to credit bureaus;
For marketing by NWM – to offer NWM’s products and services to clients;
For joint marketing with other financial companies;
For affiliates’ everyday business purposes – information about client transactions and experience; or
For non-affiliates to market to clients (only where allowed).

 

If a client decides to close his or her account(s) or becomes an inactive customer, NWM will adhere to the privacy policies and practices as described in this Policies and Procedures manual, as updated.

 

15 

 

 

NWM restricts access to clients’ personal and account information to those employees who need to know that information to provide products or services to its clients. NWM maintains physical, electronic, and procedural safeguards to guard clients’ non-public personal information.

 

The names of NWM’s current and former access persons can be found in Exhibit 2.

 

In addition to NWM’s listed access persons, any IT persons or other technical consultants employed at the firm may also have access to non-public client information at any time. An on- site or off-site server that stores client information, third-party software that generates statements or performance reports, or third-party client portals designed to store client files all hold the potential for a breach of non-public client information.

 

To mitigate a possible breach of the private information, NWM uses encryption software on all computers and carefully evaluates any third-party providers, employees, and consultants with regard to their security protocols, privacy policies, and/or security and privacy training.

 

The system is tested and monitored at least annually.

 

The test conducted by the CCO will include the following activities:

 

Attempt to access a random sample of firm devices to ensure that proper passwords are in place to prevent access;
Attempt to access users’ accounts with the proper password to ensure that two-factor authentication prevents system access; and
Attempt to restore a sample of files and records to ensure that the restoration process is sufficient and properly configured.

 

The results from the annual test will be documented and utilized as an opportunity to update the Information Security Policy.

 

Staff Training

 

On an annual basis, NWM will conduct a firm-wide training session to ensure that staff members are properly trained and equipped to implement the above policies. New staff members will receive training, led by the CCO, within 1 month of their initial hire date.

 

NWM uses various methods to store and archive client files and other information. Third party services or contractors used have been made aware of the importance NWM places on both firm and client information security. In addition to electronic and personnel measures NWM has implemented reasonable physical security measures at its home office location.

 

NWM will retain records for at least 5 years after the year in which the record was produced, or as otherwise required by law. With respect to disposal of non-public personal information, NWM will take reasonable measures to protect against unauthorized access to or use of such information in connection with its disposal.

 

16