Some advisors are questioning what they need to do to comply with SEC regulations if they have access to clients' web-based financial information by using encrypted log-ons. The key question is: When does the advisor move from holding discretion over a client's funds to having custody of the funds, which triggers a much higher reporting standard by the SEC?

ByAllAccounts, a financial consulting firm that can be found at, last week hosted a webinar to try to clarify the issue.

If an advisor has a client's encrypted log-ons to access web-based financial information, and can not only make transactions but can change the address of record and can direct that funds be sent to an address other than the client's, the advisor has custody of those funds, says Tim Simons, senior managing director of Ashland Partners Compliance Group.

Having custody requires the advisor to regularly audit the accounts and to submit to surprise audits by the SEC. The increased scrutiny costs firms money, but a survey conducted by ByAllAccounts prior to the webinar revealed 51% of advisors do not know how much compliance costs their firms.

"It can cost a firm $5,000 to $6,000 a year to audit for one or two accounts for which they hold custody," says Bill Winterberg, CFP and founder of, a blog for technology-based financial advice. "But the more custodians a firm has and the more complex the accounts, the more it will cost a firm to comply with SEC regulations."

On the flip side, if a firm only deducts its fees from the account, that does not constitute custody, says Simons.

But there are advantages to having custody, such as allowing an advisor to see more quickly if a client's information has been breached.

However, Winterberg warns advisors not to keep information on clients' encrypted log-ons on computer systems, or, if they do, to make sure the encrypted information is safeguarded so employees in the firm cannot access it or change it.