OCIE Issues Risk Alert Outlining New Recommendations for Electronic Communications

December 17, 2018

On December 14, 2018, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert outlining observations and recommendations gleaned by the staff from a limited examination sweep focused on firm and employee use of electronic communications.

As new messaging platforms continuously emerge and the number and variety of ways in which individuals conduct business communication continues to evolve, the goal of OCIE’s initiative was to serve as a reminder to advisers regarding their obligations tied to record keeping (Rule 204-2(a)(7) & 204-2(a)(11)) and their responsibility for adopting and implementing reasonably designed policies and procedures to prevent and detect against violations of the Advisers Act.

The staff focused the examinations on employees’ written communications exchanged through text messaging, instant messaging, personal email, private messaging and third-party apps.

The examination observations fell into several categories: policies and procedures, training and attestations, supervisory review, and control over devices. The examinations allowed the SEC staff to better understand the risks associated with evolving forms of electronic communications, as well as weighing in with regard to best practices or controls to be considered in the use of electronic communications platforms. The Risk Alert also highlights the agency’s continued desire to support innovation and technology use by advisers, but with the expectation that the use meets the established regulatory requirements.  

A selection of recommendations contained in the Alert is provided below. Click here to read the alert and obtain the complete list. 

  • Permit only business, communication channels that can be used in compliance with the books and records requirements. 
  • Require employees to move messaging to approved channels in the event of receipt on a platform that presents books and record compliance challenges.
  • Retain, monitor, and review social media, personal email accounts, or personal websites if the adviser has permitted such channels for business purposes.
  • Add disciplinary actions tied to violations of established communication policies.
  • Require training for employees regarding approved and unapproved use of electronic communication mediums and the associated consequences of violations to policies.

How ACA Can Help 

ACA specializes in conducting thorough reviews of electronic communications to help firms meet their regulatory obligations in this area. Our surveillance specialists and regulatory consultants tailor a review program that targets the activities and regulatory risks of greatest concern to your firm, your peers, and regulators. 

Additional Resources 

For More Information

If you have any questions about this alert or would like to discuss how ACA can help in mitigating these risks, please contact your ACA Consultant or Sean McKeveny.