Webinar Replay

Click Here to Download the Summary Below

Selling Your Book of Business

Contracts, Privacy Laws, and the Movement of Client Data

Tom Dickson hosted a Financial Experts Network webinar featuring Isaac Mamaysky, partner at Potomac Law and co-founder/CCO of Quan Street Capital. Isaac addressed one of the most misunderstood aspects of practice transitions: who owns client data, when it can be moved, and how advisors can lawfully transition a book of business without violating privacy laws or contractual obligations.

The session emphasized that selling or transitioning a book of business is not primarily a valuation problem, but a regulatory and contractual problem, with data privacy at the center.

1. Why Client Data Is the Core Issue in Practice Sales

Isaac explained that while advisors often view clients as “their clients,” clients legally belong to the firm, not the individual advisor. As a result:

• Advisors cannot sell clients outright
• What is sold is goodwill and influence, not ownership of client relationships
• Sale prices and earn-outs are heavily dependent on client retention and AUM stickiness

Because buyers want to verify the book of business, advisors are often asked to share non-anonymized client data before closing, which immediately raises regulatory issues. 

2. The Two Overlapping Legal Frameworks: Regulatory vs. Contractual

Isaac identified two distinct—but often conflicting—legal regimes:

Regulatory concerns

• Federal privacy law (Regulation S-P)
• State data privacy laws (some stricter than federal law)

Contractual concerns

• Employment agreements
• IAR agreements
• Confidentiality clauses
• Non-solicit and non-compete provisions
• Common-law fiduciary duty of loyalty

The conflict arises because privacy laws require client consent, while contracts often prohibit advisors from seeking that consent before departure, creating a legal catch-22. 

3. Regulation S-P: What Advisors Often Get Wrong

Regulation S-P governs how financial institutions share non-public personal information (NPI).

Key points clarified in the transcript:

• A client list itself is confidential information
• Names, addresses, phone numbers, emails, account titles, and even the existence of the client relationship are protected
• When an advisor leaves a firm, the advisor becomes an unaffiliated third party
• Sharing client data with oneself after departure still counts as third-party disclosure

The Sale-of-Business Exception

Isaac clarified a common misconception:

• The Regulation S-P “sale of business” exception applies to firms selling themselves or a division
• It does not apply to individual advisors departing on their own
• Individual advisors cannot rely on this exception to take client data when moving firms

This interpretation is supported by regulatory guidance and case law. 

4. Privacy Policies and Opt-Outs Matter More Than Advisors Realize

Advisors must review their firm’s privacy policy carefully:

1. Does the privacy policy explicitly allow a departing advisor to take client data?
2. Have any clients opted out of information sharing?
3. Do any clients live in states requiring affirmative opt-in consent?

Even if the privacy policy allows data movement:

• A single opt-out requires affirmative consent
• State law may override federal opt-out rules

Isaac emphasized that negative consent is fragile, especially in multi-state practices. 

5. State Privacy Laws: The Higher Standard Applies

Some states require affirmative opt-in before client data can be shared. Under long-standing legal principles:

• When federal and state law conflict, the stricter standard applies
• Advisors must analyze where clients reside, not just where the firm is based

This makes reliance on privacy policies alone risky for advisors with geographically diverse client bases. 

6. The “Simple but Hard” Solution: Universal Written Consent

Isaac repeatedly emphasized the safest approach:

Obtain written consent from every client.

Advantages:

• Resolves federal and state privacy issues
• Eliminates reliance on privacy policy nuances
• Reduces regulatory enforcement risk

Disadvantage:

• Often violates employment agreements if done without firm cooperation

This leads directly to the catch-22: regulatory safety vs. contractual breach. 

7. The Broker Protocol: Helpful but Not a Shield

The Broker Protocol allows limited client contact information (name, address, phone, email, account title) to be taken only when both firms are protocol members.

Critical clarifications from the transcript:

• The Broker Protocol addresses contractual non-solicit issues
• It does not override Regulation S-P
• Courts and regulators have stated that protocol compliance does not equal privacy-law compliance

In other words, following the Broker Protocol does not guarantee regulatory protection. 

8. Memorized Client Lists and “Public” Information Are Not Safe Harbors

Isaac addressed a common workaround attempt:

• Advisors claim they “memorized” their client list
• Or use Google, LinkedIn, or public records to re-create contact lists

Problems:

• Client lists are protected even if memorized
• Many contracts define memorized information as confidential
• The knowledge that someone is a client may itself violate privacy law

This approach exposes advisors to both regulatory and contractual liability. 

9. Lift-Out Analysis: How Advisors Actually Navigate Transitions

Because no perfect solution exists, attorneys often perform a lift-out analysis, which evaluates:

• Exact wording of restrictive covenants
• Permissible client communications (informing vs. soliciting)
• Timing of resignation and outreach
• Risk tolerance of advisor and buyer
• Likelihood of enforcement

Case law generally supports that informing clients of a departure is not solicitation, but requesting consent to move data is far riskier and must be carefully structured. 

10. Retirement, Succession, and Contingency Planning

During Q&A, Isaac highlighted that:

• Most sales involve earn-outs requiring the advisor to remain for several years
• Advisors should plan years in advance, not months
• Solo advisors should strongly consider:
  • Merging with a larger firm
  • Selling equity gradually
  • Creating succession arrangements that activate upon incapacity or death

A true merger or equity sale can function as both a succession plan and a contingency plan, protecting families and clients alike. 

11. Key Takeaway

Selling or moving a book of business is not about “taking clients” — it is about carefully navigating overlapping privacy laws, contracts, and fiduciary duties. These transactions happen constantly, but success depends on early planning and experienced legal guidance, not improvisation.

External Fact-Check and Reference Sources (Written-Out URLs)

SEC Regulation S-P (Privacy of Consumer Financial Information)
https://www.law.cornell.edu/cfr/text/17/248

SEC Guidance on Privacy Policies and Client Information
https://www.sec.gov/rules/final/34-42974.htm

FTC Safeguards Rule (Data Protection Framework)
https://www.ftc.gov/legal-library/browse/rules/safeguards-rule

Broker Protocol Overview
https://brokerprotocol.com

State Privacy Law Overview (Opt-In vs. Opt-Out)
https://iapp.org/resources/article/us-state-privacy-legislation-tracker/

Fiduciary Duty and Advisor Conduct (SEC)
https://www.sec.gov/investment/standards-conduct-investment-advisers

Books and Records Rule (RIA compliance)
https://www.sec.gov/rules/final/ia-2204.htm