Broker Check


Investment advisers are required by law to inform their clients of their policies regarding privacy of client information. We are bound by professional standards of confidentiality that are even more stringent than those required by law. Federal law gives the customer the right to limit some but not all sharing of personal information. It also requires us to tell you how we collect, share, and protect your personal information. When you are no longer our customer, we may continue to share your information only as described in this notice.


We collect nonpublic personal information about you that is either provided to us by you or obtained by us with your authorization. This can include but is not limited to your Social Security Number, Date of Birth, Banking Information, Financial Account Numbers and/or Balances, Sources of Income, and Held-Away Brokerage Statements.


All Investment Advisers may need to share personal information to run their everyday business. In the section below, we list the reasons that we may share your personal information:

  • For everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus;
  • For our marketing – to offer our products and services to you;

If you are a new customer, we may begin sharing your information on the day you sign our agreement. However, you can contact us at any time to limit our sharing.


  • Joint marketing with other financial companies;
  • Non-affiliates to market to you.


To protect your personal information from unauthorized access and use, we use security measures that comply with federal law, including computer safeguards and secured file storage.


Federal law allows you the right to limit the sharing of your NPI by “opting-out” of the following: sharing for non-affiliates’ everyday business purposes – information about your creditworthiness; sharing with affiliates who use your information to market to you; or sharing with non-affiliates to market to you. State laws and individual companies may give you additional rights to limit sharing. Please notify us immediately if you choose to opt out of these types of sharing.

DEFINITIONS: Affiliates – companies related by common ownership or control. They can be financial and non-financial companies; Non-affiliates – companies not related by common ownership or control. They can be financial and non-financial companies; Joint marketing – a formal agreement between non-affiliated financial companies that together market financial products or services to you.

Please call if you have any questions. Your privacy, our professional ethics, and the ability to provide you with quality financial services are very important to us.


Barnai Asset Management’s top priority is the security and privacy of clients’ personal information, and cybersecurity plays an essential role in protecting clients’ nonpublic information. BAM continually researches and reviews potential threats and recommended precautions to protect against those threats, from credible sources including Guidance Updates from the US Securities and Exchange Commission, and the Colorado Division of Securities. In accordance with our priority to protect client privacy and the security of their personal information, we have developed this Cybersecurity Policy.


BAM does not permanently store any client information on internal servers, computer hard drives or external hard drives. All client information and records are stored at Redtail Technology data centers and Carbonite data centers.

BAM utilizes Redtail Technology’s Customer Relations Manager service as well as their cloud-based file storage service, called Imaging. All client information and records are organized, stored and archived in these two platforms. BAM has reviewed and approved Redtail Technology’s security and privacy policies, as well as their back-up and recovery plan.

BAM performs monthly back-ups of all Imaging files to Carbonite, a secure online backup service. BAM has reviewed and approved Carbonite’s security and privacy policies, as well as their back-up and recovery plan.

BAM  will retain records for at least 5 years, or as otherwise required by applicable state or federal law. With respect to disposal of nonpublic personal information, BAM  will take reasonable measures to protect against unauthorized access to or use of such information in connection with its disposal.


BAM employees and access persons are required to use different alphanumeric passwords to access every system associated with the business and clients. In addition, each person is required to change the passwords of all systems either quarterly or annually based upon the individual system and the client information stored within. Passwords are changed quarterly, at a minimum, for all online services that contain sensitive client information. The passwords for all other online services subscribed to by BAM are changed annually or as needed. BAM also educates employees and access persons on the importance of enabling multi-authentication login for all subscribed services that offer it.

BAM subscribes to LastPass, a password manager, to create and change strong alphanumeric passwords regularly. All employees and access persons are required to use 2-step verification for LastPass through the LastPass Mobile Authenticator to access all online and cloud-based systems utilized by BAM.


BAM utilizes secure, private internet connections to operate business. All BAM employees and access persons have been educated about the risks of accessing the firm’s systems or conducting business via insecure internet connections while traveling or out of the office.


All BAM computers have up-to-date McAfee antivirus software and/or use a firewall to prevent unauthorized applications, programs, or services from accepting incoming connections. All employees and access persons conduct security screenings of their computers on a quarterly basis.


BAM Initiated Communication: BAM communicates with clients regularly by email, phone, video meetings and face-to-face meetings. The only employees of BAM that will contact clients are Adam Barnai and Caitlin Erwin. If an information request appears suspicious, BAM advises clients to contact Adam Barnai or Caitlin Erwin to verify that it is a legitimate BAM request before providing any information. BAM never requests or sends sensitive client information by email. BAM may gather sensitive client information through forms sent via DocuSign, secure electronic platforms, or by phone. Every e-mail sent contains a disclosure which addresses any persons who may receive the message in error and includes instructions to contact BAM and properly dispose of the data.

Clients Contacting BAM: BAM only responds to emails in which the email address and client are recognized. If an email is received that is not recognized as belonging to a client or if the email is suspicious in nature, BAM will call the client to verify the authenticity of the email. BAM will not email requested confidential information such as account numbers, social security numbers, and passwords. BAM initially verifies client phone calls by telephone numbers on record and/or voice recognition. If BAM is uncertain to the identity of the caller, BAM will verify identity by asking for the client’s date of birth, address, and/or the last four digits of their social security number. If the phone call is considered suspicious it will be documented in the “Red Flag” reviews in the AML section.

Shareholders Service Group: SSG is the brokerage firm BAM uses for all client accounts. From time to time, SSG may require additional client information or may need to verify client information; SSG will contact clients directly for such information. If a client is uncertain as to the validity of the request, BAM encourages the client to refrain from providing information until contacting BAM. SSG regularly emails clients notifications of quarterly statements, trade confirmations, and other account information.

Phishing: “Phishing” is an illegal attempt to acquire personal, sensitive information such as passwords and financial information, and/or money by masquerading as a trustworthy entity. In defense against phishing, BAM will not disclose clients’ personal, sensitive information via email; nor will BAM ever request client’s personal information via email. If BAM employee has reasonable doubt concerning a client identity over the phone, the client may be requested to verbally confirm identity by answering security questions regarding information they have shared with BAM previously. If the email or phone call is considered suspicious it will be documented in the “Red Flag” reviews in the AML section.


BAM has implemented the following firm-wide information security polices to help prevent unauthorized funds transfers:

  • 3rd party wire requests by clients are generally not accepted by BAM due to the heightened security risks of fraudulent requests or scams.
  • All wire requests should be reviewed for suspicious behavior (e.g., time of request, atypical amount of request, etc.)
  • Outgoing client account transfers through Shareholders Service Group are monitored daily. If the transfer is unknown to the advisor or seems fraudulent the client will be notified. If the transfer is confirmed fraudulent by the client, BAM will notify SSG and the proper authorities.

BAM is particularly aware of the risk caused by fraudulent emails, purportedly from clients, seeking to direct transfers of customer funds or securities and will train all staff members to properly identify such fraudulent emails.


BAM takes client privacy and security seriously and initiates all necessary cybersecurity precautions, including educating clients. BAM encourages clients to: change their passwords regularly; not use the same password for multiple accounts; not share their passwords with anyone; and keep social media profiles private BAM includes a Client Cybersecurity Information section in the annual Client Reviews for educating clients on the importance of cybersecurity and the dangers of Phishing, and outlines how BAM and SSG will communicate with the client.


BAM, as a business entity, does not have or utilize any social media accounts currently. All BAM employees and access persons have been educated on the importance of keeping personal social media profiles private in order to protect their personal information and keep it out of reach of attackers that may try phishing for information to answer security questions and breach a secure system used by BAM.


BAM subscribes to services of third parties to provide more secure and efficient service to clients. Some of these third parties either have direct access to client information or store it securely on their servers. Therefore, BAM obtains and reads all security and privacy policies before subscribing to individual services of third-party providers to ensure that they take necessary and recommended precautions to protect clients’ security and privacy. In addition to initial reviews of these third-party policies, BAM reviews third party privacy policies and technology services security annually


BAM business data and client information is backed up by the individual systems subscribed to, at a minimum, daily. In addition, BAM manually backs-up Redtail Imaging file storage contents monthly to Carbonite, a secure cloud storage service. Recovery of backed-up information is provided per request by the individual systems subscribed to and BAM employees are able to access back-ups from Carbonite at any time via secure log-in. BAM’s business continuity plan addresses Data Back-up and Recovery.


BAM conducts annual information technology security risk assessments to prevent cyber-attacks or security breaches, and to identify any deficiencies or develop any improvements. This includes interviewing employees and access persons to confirm they are following all BAM security policies regularly. It also includes reviewing the security and privacy statements for all applicable third parties to ensure they are taking necessary precautions to ensure cybersecurity.


On an annual basis, BAM will test its current information security policy and capabilities. The test conducted will include the following activities:

  • Attempt to access a random sample of firm devices to ensure that proper passwords are in place to prevent access.
  • Attempt to access a random sample of users accounts with the proper passwords to ensure that two-factor authentication prevents system access.
  • Attempt to restore a sample of files and records from Carbonite to ensure that the restoration process is sufficient and properly configured.

The results from the annual test and review will be documented and utilized to update and improve the Cybersecurity Policy.


Cyber-attack (breach of client info) Security Plan

  1. Upon discovering a cyber-attack or breach of sensitive client information, BAM and all its employees and access persons will immediately change passwords to all systems, including password to subscribed password manager.
  2. Upon discovering a cyber security attack or breach of sensitive client information, BAM will notify clients in a professional manner and instruct them to change all their passwords, especially that of the custodian client portal. In addition, BAM will continually update clients with important information regarding the attack and the aftermath.
  3. Contact proper law enforcement and/or regulatory agencies as required by state and Federal law.
  4. Determine if any 3rd party vendors were involved in the incident.
  5. After a cyber-attack has occurred, BAM will, in a timely manner, review their Cyber Security Policies and Procedure and update and improve it to prevent future cyber-attacks or security breaches.

Please call if you have any questions. Your personal information security, our professional ethics, and the ability to provide you with quality financial services are very important to us.

Your goals are our goals.  Let us show you how we approach partnership and how we take your investments personally.

Objective + Values

We create a customized, dynamic fiscal approach that caters to your specific wealth management goals via portfolio management, retirement planning and frequent communication.


We are an active alliance with decades of experience, research and plain love of the markets and their history.  The past helps us guide your future.

Team + Tech

We understand that selecting and starting with the right wealth manager is an important decision, that’s why we’ve formed a seamless point of entry so you can start on the path to success straight away.

Quick Start

Have a question? Ask away.

Thank you!