Compliance

Trusted Contact Person (TCP) implementation: a guide for advisors

The Trusted Contact Person designation has quietly become one of the most important client protection tools available to advisors. FINRA Rule 4512 requires reasonable efforts to obtain TCP information for all retail accounts. This guide covers what TCPs do, when you can contact them, how to talk to clients about the designation, and how to make it stick.

What a Trusted Contact Person actually does

A TCP is a person (not a firm) age 18 or older that the account holder authorizes the firm to contact in specific circumstances. The TCP has no authority to transact, no fiduciary duty, and no access to account information beyond what the firm chooses to share.

The TCP exists as a third-party verification mechanism — someone the firm can call when something seems off, before taking action that might be premature or unauthorized.

Note: A TCP is NOT a Power of Attorney. A TCP cannot direct trades, withdraw funds, change addresses, or access account information. The roles are entirely separate.

When you can contact the TCP

Under FINRA Rule 4512 and Rule 2165, the firm can disclose information to the TCP in limited circumstances:

(1) when the firm has a reasonable belief that the customer may be a victim of financial exploitation;

(2) to confirm the customer's current contact information;

(3) to address the health status of the customer;

(4) to confirm the identity of any legal guardian, executor, trustee, or holder of a power of attorney;

(5) as otherwise permitted by FINRA rules.

The firm cannot freely disclose all account information to a TCP. Even when contact is authorized, share only what's necessary for the specific concern.

Who should not be a TCP

The TCP should NOT be:

— Anyone authorized to transact on the account (defeats the purpose).

— Anyone who has a conflict of interest (e.g., a new romantic partner, a 'helpful neighbor' the family doesn't know).

— Anyone the client cannot reliably reach (e.g., a busy adult child overseas).

— Anyone the firm reasonably believes is involved in the suspected exploitation.

Ideal candidates: an adult child, sibling, long-time family friend, or in some cases the family attorney or accountant. Encourage clients to pick someone they speak with at least monthly.

How to talk to clients about it

The biggest obstacle to TCP adoption is conversational, not regulatory. Clients can hear 'name a person we'll call if you have problems' and feel infantilized. Frame it well:

Recommended framing: 'As part of our standard process for protecting accounts, we ask every client to designate someone we can call if we ever can't reach you or see unusual activity. It's not a power of attorney — they can't do anything to your account. It's just a backup contact, like the in-case-of-emergency phone you give a doctor. Most of my clients designate an adult child or close family member. Who would make sense for you?'

Avoid:

— Linking it explicitly to age ('because you're getting older')

— Calling it a 'fraud protection' designation (which sounds accusatory of family)

— Treating it as optional or routine paperwork (which signals it's not important)

Best practice: make it part of every new account opening. Don't single out older clients.

How often to update TCP information

Annual confirmation of TCP designation is best practice — not strictly required but increasingly expected by regulators. Build it into your annual review cadence.

Update triggers:

— TCP has died, become incapacitated, or lost contact with client.

— Client divorces or marries (TCP was the ex-spouse).

— Significant family conflict involving the TCP.

— Client requests change.

Document each confirmation or update in the CRM with date and method.

What happens when you call the TCP

The first call to a TCP should be professional, brief, and limited in scope:

Identify yourself and the firm. Confirm the TCP's identity. State that you're calling under the authorization the client previously provided. Describe the concern in general terms only. Ask specific questions to help assess the situation. Document the call.

Example: 'I'm Jane Smith with [Firm]. Your father designated you as his Trusted Contact when he opened his accounts with us. We've noticed some recent activity that's unusual for him, and I want to make sure he's okay. Have you spoken with him in the past week? Is there anyone new in his life that you're concerned about?'

Do NOT:

— Disclose specific transactions, balances, or beneficiaries unless directly relevant.

— Make accusations or share suspicions of specific people without strong basis.

— Promise actions you're not authorized to take.

Sample TCP form

A workable TCP form includes:

— Client name, account number(s).

— TCP name, relationship, contact information (phone, email, address).

— Specific authorization language referencing FINRA Rule 4512 and 2165.

— Acknowledgment that TCP has no authority to transact.

— Client signature and date.

Many firms now integrate TCP into the digital onboarding flow rather than separate paper forms — increases completion rates from ~40% to ~85% in our experience.

Built for advisors. Trusted by advisors.

Double Check is the client protection tool advisors deploy when prevention matters. Catch scams before the wire goes out. Family alerts built in. Per-advisor pricing scales with your book.

Advisor Login See the advisor platform Cost of one scam →