IA Marketing Rule Counsel | Legal Risk Management Tips
M. Jacko
Managing Partner and CEO
Michelle's Bio

Michelle L. Jacko, Esq.

Managing Partner and CEO

Michelle L. Jacko, Esq. is the Managing Partner and CEO of Jacko Law Group, PC (“JLG”), which offers securities, corporate, real estate, and employment law counsel to broker-dealers, investment advisers, investment companies, hedge/private funds and financial industry professionals. In addition, Ms. Jacko is the Founder and CEO of Core Compliance & Legal Services, Inc., a compliance consultation firm.

Ms. Jacko specializes in investment adviser, broker-dealer, investment company and private fund regulatory compliance matters, internal control development, regulatory examinations, transition services, and operational risk management. Her consultation practice is focused on the areas of regulatory exams and formal inquiries, investment and merger and acquisition transactions, exit and succession planning, annual reviews, policies and procedures development, testing of compliance programs (including evaluation of internal controls and supervision), mock exams, senior client issues, cybersecurity, Regulation S-P, and much more.

Over the years and through a transformative market, Ms. Jacko has also developed service solutions throughout her practice, focusing on regulatory, compliance, commercial and corporate strategic solutions for the financial industry. Her practice focuses on formations and registration of broker-dealers, investment advisers and funds and platforms associated with each of these business models.  She focuses on transition and succession planning for companies, spearheading Jacko Law Group’s mergers and acquisitions practice area. She aligns her legal team to directly apply experienced legal acumen and business-savvy foresight to assist clients navigate and traverse the breakaway, formation, and growth plan for their corporation’s continued achievement, expansion, and upward trajectory.

Throughout this process, Ms. Jacko uses her 27 years of regulatory compliance experience to provide risk mitigation strategies to businesses.  She provides her clients with risk assessments, annual reviews and gap analysis, and serves as lead attorney for SEC and FINRA enforcement matters, regulatory formal inquiries, and regulatory examinations.  She has developed a practice that successfully helps our clients to be prepared for examinations through meticulous preparations, including mock interviews, compliance program document reviews, and counsel to members of senior management and interfacing with regulators throughout the process.   She frequently provides counsel on Chief Compliance Officer liability issues, assists advisors with regulatory reporting of disciplinary events and customer complaints, provides counsel on various representative onboarding and exit considerations and drafts complex agreements and client disclosure documents.

Utilizing an unparalleled service with a visionary strategy, Ms. Jacko’s counsel contributes to client success. She fosters trust amongst her team and has forged a path for JLG’s growing and multifaceted merger and acquisition practice, general corporate counsel services and regulatory compliance practice areas.

As a frequent presenter at national financial industry conferences, Ms. Jacko delivers insightful and thought-provoking workshops regarding industry hot topics and rising compliance issues. She is a frequent contributor to various industry journals and publications, including Barron’s Advisor, Charles Schwab, Investment Adviser Association’s IAA Today, National Society of Compliance Professionals’ CurrentsLawyer Monthly MagazineThomson Reuters, and more.  She also is a featured author in Modern Compliance, Vol. 1 and 2.

Ms. Jacko served as the former Vice-Chair of Education of the Corporations Committee for the State Bar of California Business Law Section and is a two-time Board member alumn of the National Society of Compliance Professionals. She is the Co-Founder and a member of the Southern California Compliance Group and also is a FINRA Arbitrator. Ms. Jacko is a member of Vistage International and actively participates in her community.

JLG and Ms. Jacko are proud to be members of the National Women Business Owners (NABWO) Corporation.

Throughout her career, Ms. Jacko has established herself as an influential leader, both locally and industry-wide. She has received numerous accolades and recognitions for her contributions, impact, and thought leadership. Since 2019, she has been selected as a finalist for San Diego Business Journal’s (SDBJ) CEO of the Year Award (2019-2022). She has also been selected for inclusion for the SDBJ’s 2022 Women of Influence 50 over 50, 2021 -2022 Women of Influence in Law SDBJ’s 2018-2022 Business Woman of the Year, 2020-2022 San Diego 500 Influential Business Leaders Award, 2020-2022 SD500, and prestigious 2020 Most Admired CEO Awards. Alongside the many awards from the SDBJ, Ms. Jacko  also was selected as a finalist for San Diego Magazine’s 2020–2021 Influential Women: Woman of the Year Award and was honored as a finalist for the 2019 NAWBO Bravo Awards - San Diego. International magazine CEO Today also selected Ms. Jacko as one of the 2019 and 2020 Business Women of the Year Awards. She also received Acquisition International magazine's Global Excellence Awards: Most Influential Woman in Securities Law 2019–2020 - San Diego, and locally was selected by San Diego Metro as one of the 12 Women of Influence in San Diego, CA.

Before starting both companies, Ms. Jacko previously served as Of Counsel at Shustak & Partners, PC. Prior to that, she was Vice President of Compliance and Branch Manager of the Home Office Supervision team at LPL Financial Services, Corporation (Linsco/Private Ledger). She also served as Legal Counsel of Investments and Chief Compliance Officer at First American Trust, FSB and held the position of Compliance Manager at Nicholas-Applegate Capital Management. In addition, Ms. Jacko was with PIM Financial Services, Inc., and Speiser, Krause, Madole & Mendelsohn, Jackson.

Ms. Jacko received her J.D. from St. Mary’s University School of Law and B.A., International Relations, from the University of San Diego. She is admitted to the State Bar of California and United States District Court, Southern District of California. Michelle holds NSCP’s Certified Securities Compliance Professional (CSCP) designation and is a member of the National Association of Women Lawyers (NAWL).

In addition to her many accomplishments, Ms. Jacko is also dedicated to giving back to her community and charitable organizations. Throughout the years she has dedicated her time and efforts to numerous organizations, including the Autism Tree Project, Wounded Warriors Project, the ASCPA, the San Diego Food Bank, School of the Madeleine and more. She also supports whenever she can the military community.  It is her dedication to her team, her practice and her community that has laid the foundation for JLG’s impact and continued growth and success.

Read less
Practices :
Mergers & AcquisttionsPrivate Equity & Private Fund ServicesSEC/State: Regulatory Compliance Services
The California Consumer Privacy Act (CCPA): What You Should Do Now to Prepare
IA Marketing Rule Counsel Legal Risk Management Tips
June 1, 2019

Privacy safeguards – and how financial institutions are implementing consumer protections – are at the forefront of regulatory focus. For SEC registrants, on April 16, 2019, the Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert, “Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies” (the “Risk Alert”). This Risk Alert highlighted a number of compliance issues involving Regulation S-P and emphasized the importance of providing compliant privacy and opt-out notices, adopting and implementing effective policies and procedures for safeguarding customer records and information and training on and monitoring of privacy safeguards.1

On June 28, 2018, California Governor Jerry Brown approved AB-375,2 which previously had been passed by the California State Legislature. Referred to as the California Consumer Privacy Act (“CCPA”), its intent is to provide greater privacy protections to California residents. Specifically, the CCPA is designed to notify consumers that they can learn about what personal data is collected about them and whether such personal data is sold or disclosed to others (and to whom). The consumer also has the ability to “opt-out” of the sale of his or her personal data, gain access to the consumer’s personal data and receive the same services for the same price regardless if the resident exercises such privacy rights. The effective date for the CCPA is January 1, 2020 and enforcement shall commence on July 1, 2020.

This month’s Legal Risk Management Tip will walk you through highlights of the CCPA and who is impacted and what is exempted. We will then provide you with guidance on what you must do to comply with the CCPA and tips on what you should do right now to prepare and mitigate risks.

Highlights of the CCPA

The primary purpose of the CCPA is to protect consumer rights of those “natural persons” who are residents of California. The CCPA applies to any legal, for-profit business entity (regardless if based in California or not) that does business in California, collects consumers’ personal data and meets one of the following thresholds:

  1. Possesses the personal information of 50,000 or more consumers, households, or devices;
  2. Has annual gross revenues in excess of $25 million; or
  3. Earns more than half of its annual revenue from selling a consumer’s personal information.

A consumer’s “personal information” is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”3 This would include such things as name, address, email address, employer, investment preferences and internet activities.

A. What is Not Subject to the CCPA?

There are several areas not subject to the CCPA. These include consumers who are not residents of California, information and data that is publicly available, aggregated data that is not considered personal information, information that is used to comply with law enforcement and/or federal, state or local laws (such as the Gramm-Leach-Bliley Act as further described below) and information obtained through a mergers and acquisitions transaction (as the data is not being sold).

B. What is the Impact of the CCPA?

For financial institutions already subject to California’s Financial Information Privacy Act known as SB-1, there are things that differ in the CCPA. While it is anticipated that the CCPA will likely be amended prior to enactment, under the current version of the CCPA, firms will be required to:

  1. Provide consumers with additional notice requirements (including consumer rights);
  2. Obtain opt-in consent before selling personal information of those under age 16;
  3. Upon request, provide consumers information on what the firm has collected about them, how, why it was collected and whether it has been sold or shared – and to who; and
  4. Provide for deletion measures and allow consumers the ability to “opt-out” of the sale of personal information to third-parties.

Moreover, firms can be held liable for data breaches, including the loss of electronic and hard copy information. Consumers will have the right to a private cause of action and firms can be fined $100 to $750 (statutory damages) for each consumer data breach. Consequently, the scope of due diligence performed on third-party vendors providing services to or on behalf of financial institutions must increase to ensure that the vendors have privacy safeguards in place to prevent such data breaches.

C. What is Exempted from the CCPA?

The CCPA exempts information that is collected, processed, sold, or disclosed pursuant to the requirements set forth in the Gramm-Leach-Bliley Act and the California Financial Information Privacy Act.4 This would include information such as driver’s license information, social security numbers and other information obtained to provide investment services. What might not be exempt is information collected on non-consumers5 (such as prospects or lead lists and business contacts) and other information not required for the delivery of investment services (such as internet use, CRM/marketing data, “cookies” data, employee data and deal sourcing data). Based on this, financial firms will need to review the types of data collected to determine whether they meet the specific criteria of the CCPA exemption as it is written today.

Tips on How to Prepare and Mitigate Risks

With the effective date now just six (6) months away, there are several things that financial firms should do to prepare for the compliance date:

  1. Map the data currently collected to analyze what personal information is in the firm’s possession;
  2. Review the firm activities (such as obtaining marketing data) to see how these activities could be subject to the CCPA;
  3. Determine how the firm will respond to consumer requests for personal information and deletion requests;
  4. Establish a firm procedure to authenticate verifiable consumer requests;
  5. Provide training to those persons who will be handling consumer requests and establish policies and procedures accordingly;
  6. Conduct due diligence on vendors to see how they will be complying with the CCPA and consider adding contractual provisions regarding privacy safeguard protections as needed; and
  7. Review the firm’s data security protections and incident response plans.

Be proactive. Consider these tips and considerations to help strengthen your internal controls now so that you are ready for the CCPA when it does go into effect.

JLG can assist you in assessing your privacy safeguards. For more information on these and other considerations relating to preparing for the CCPA, please contact us at info@jackolg.com, or (619) 298-2880.

Author: Michelle L. Jacko, Esq., Managing Partner, Jacko Law Group, PC. JLG works extensively with investment advisers, broker-dealers, investment companies, hedge funds, banks and corporate clients on securities and corporate counsel matters.

This communication is not intended for transmission to, or receipt by, any unauthorized persons. Inadvertent disclosure of the contents of this article to unintended recipients is not intended. The Risk Management Tip is published solely based off the interests and relationship between the clients and friends of the Jacko Law Group P.C. (“JLG”) and in no way be construed as legal advice. The opinions shared in the publication reflect those of the authors, and not necessarily the views of JLG. For more specific information or recent industry developments or particular situations, you should seek legal opinion or counsel.

You hereby are notified that any review, dissemination or copying of this message and its attachments, if any, is strictly prohibited. These materials may be considered ATTORNEY ADVERTISING in some jurisdictions.

For more information, see https://www.sec.gov/files/OCIE%20Risk%20Alert%20-%20Regulation%20S-P.pdf.

See https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375.

Id. at Sec. 1798.140(0)(1).

Note that through the passage of SB 1121 on September 23, 2018, the California State Legislature added the California Financial Information Privacy Act to the exemption.

Under the Gramm-Leach-Bliley Act, a consumer is defined as an individual who obtains or has obtained a financial product or service from a financial institution.

Leave a Reply

Your email address will not be published. Required fields are marked *