The Senior Safe Act of 2018: a practical guide for advisors

What the Senior Safe Act actually is

The Senior Safe Act (Public Law 115-174, Section 303) was enacted as part of the Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018. Its core purpose is narrow but powerful: to provide federal immunity to financial professionals and their firms when they report suspected exploitation of older clients to authorities, provided certain conditions are met.

Before the Act, advisors who reported suspected elder financial abuse faced potential liability under federal privacy laws and contractual obligations to clients. This created a chilling effect — many advisors who saw warning signs hesitated to act, fearing lawsuits from the client (or their family) if the suspicion turned out to be wrong.

The Act removes that liability — but only if the disclosure is made in good faith and with reasonable care, and only if specific training requirements have been met.

Who is covered

The Act covers a defined set of 'covered financial institutions' and 'eligible employees' working at them. Covered institutions include broker-dealers, investment advisers, transfer agents, insurance companies, insurance agencies, investment companies, and credit unions and depository institutions regulated by federal banking agencies.

An 'eligible employee' is a person who serves as a supervisor, compliance officer (including a Bank Secrecy Act officer), or registered representative — and who has received the training required by the Act.

If you're an independent RIA, dually registered, or working at a wirehouse, you are almost certainly covered. The Act does NOT cover unregulated financial professionals, tax preparers who don't handle assets, or pure financial coaches.

What protections it provides

Two distinct immunities apply when the conditions are met:

1. Immunity for the employee. A covered employee who discloses suspected exploitation of a senior to a covered agency cannot be held liable in any civil or administrative proceeding for making the disclosure.

2. Immunity for the institution. The covered firm itself cannot be held liable for the disclosure made by its eligible employee.

Who you can disclose to. Protected disclosures can be made to: state securities or insurance regulators, state financial regulatory agencies (state attorneys general included), state adult protective services agencies, federal law enforcement, state law enforcement, the SEC, FINRA, and self-regulatory organizations.

The immunity is broad but conditional on three pillars: good faith, reasonable care, and proper training (next section).

The training requirement (often missed)

This is the part firms most often get wrong: the immunity ONLY applies if the employee receives training on identification and reporting of suspected exploitation BEFORE the disclosure.

The training must address: how to identify and report suspected exploitation of seniors; the need to protect the privacy and respect the integrity of each individual customer; and the legal protections under the Act itself.

There is no specific format required — the law allows considerable flexibility. Training can be online, in-person, or a combination. It can be developed in-house, purchased from third parties, or provided by industry associations like SIFMA, FSI, NASAA, or your custodian.

Documentation matters: maintain records of who completed training, when, and what content was covered. If you ever need to invoke the Act's protection, you will need to demonstrate compliance with the training requirement.

What 'senior' means under the Act

The Act defines a 'senior citizen' as any individual age 65 or older. This is a hard threshold — the Act does not extend its specific protections to younger clients with diminished capacity (though state laws often do).

Practical implication: your training and procedures should specifically address the 65+ population. For younger clients with diminished capacity, look to state mandatory reporting statutes and FINRA Rule 2165 (which uses a broader 'specified adult' definition).

How it works alongside state law and FINRA rules

The Senior Safe Act creates a federal floor of immunity. It does not preempt state laws — and state laws vary widely on elder financial abuse reporting. Many states have mandatory reporting requirements for financial institutions that go beyond what the Act addresses.

FINRA Rule 2165, separately, gives broker-dealers the ability to temporarily hold disbursements when financial exploitation is suspected. The Senior Safe Act and FINRA Rule 2165 work together: 2165 lets you stop the bleeding (delay the disbursement), and the Senior Safe Act gives you immunity for reporting it.

For RIAs without broker-dealer affiliations, FINRA Rule 2165 doesn't directly apply — but the Senior Safe Act immunity does, and state laws still control disbursement actions.

Operationalizing it in your firm

A workable compliance program has six elements:

1. Written policies and procedures. Specifically address senior client protection, with the Senior Safe Act referenced.

2. Annual training for all eligible employees. Document attendance and content.

3. Designated escalation path. When an advisor sees red flags, who do they tell? In most firms this is the compliance officer or a designated senior protection lead.

4. Reporting templates and contact lists. Pre-built lists of state APS, regulators, and law enforcement contacts.

5. Trusted Contact Person collection at onboarding. See our TCP implementation guide.

6. Technology that surfaces red flags. Most firms can't manually monitor every client communication. Tools that automatically alert designated family members or the advisor when a client interacts with a likely scam are increasingly considered standard care.

Related for advisors