The electronic communication mediums that investment advisers use to conduct business continue to evolve, posing a challenge to the compliance community’s ability to retain and adequately supervise the appropriate books and records.
The U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) has recently demonstrated an increased interest in understanding how investment advisers are managing this challenge. Below are some steps your firm can take now to prepare for a potential SEC examination:
- Implement a strong electronic communications policy. OCIE expects advisers to establish policies and procedures regarding associated persons’ use of electronic messaging platforms (instant messaging, text/SMS messaging, email, and personal or private messaging, among others), as well as controls around the devices used to transmit electronic messages.
- Determine ownership of your electronic communications policy. Having a well-structured electronic communications policy is only the starting point. OCIE expects advisers to develop adequate oversight responsibilities and an effective ongoing monitoring program.
- Document testing and understand archival vendor capabilities. Establishing a solid relationship with an archival vendor that can capture all of your company’s approved channels of communication is essential. Evidence of the review of electronic correspondence is important in detecting issues and potential violations of existing policies.
- Establish recordkeeping and maintenance processes for electronic messages. Rule 204-2 dictates the necessary books and records an adviser must maintain. OCIE is focused not only on the maintenance of the required electronic messages, but also on the ways in which the content is maintained and the security safeguards in place to protect sensitive information.
- Train and educate employees on the risks that electronic communications channels may present. Given the recent influx of new messaging methods, you may want to consider establishing acceptable use policies that govern appropriate topics and platforms for electronic communications (for example, you may choose to allow for the discussion of travel and meeting logistics via text messaging or other messaging platforms). Employees should be made aware that conversations which evolve to discuss business matters should be shifted to an approved, archived messaging platform.
Electronic communications platforms aren’t going away anytime soon, and regulators have taken notice. Your firm should make it a priority to develop and implement a strong electronic communications policy as part of your compliance program. Establishing appropriate electronic messaging controls is critical to mitigating your firm’s compliance risks as well as meeting the expectations of regulators.
About the Author
Jeff Morton is a partner and co-founder of ACA Compliance Group. In addition to his internal sales management activities, Jeff conducts mock SEC inspections and compliance program reviews of investment advisers, hedge fund managers, and private equity funds. Outside of his consulting work, he speaks at numerous industry-sponsored conferences on topics such as compliance benchmarking and testing and private equity and hedge fund compliance. Prior to forming ACA, Jeff served as a securities compliance examiner and staff accountant in the SEC’s Office of Compliance Inspections and Examinations in Washington, D.C.