Tip for Updating Your Compliance Program: Electronic Communications
As we reflect back on Form ADV season, we are reminded that compliance officers face the thankless task each year of reviewing their policies and procedures to determine their adequacy and effectiveness, as required by Advisers Act Rule 206(4)-7. This review entails updating the firm's compliance program to reflect changes to relevant regulations and new regulatory guidance, and confirming the program is appropriately followed by the firm.
We’ve compiled a series of tips to help you focus on the U.S. Securities and Exchange Commission (SEC) focus areas for 2023. You can read our previous tips here:
- Get ready for SEC focus on hedge clauses in advisory agreements
- Keep tabs on Continuing Education requirements
- Update your compliance program to address the SEC Risk Alert about MNPI compliance issues
- Prepare for an SEC examination focused on Marketing Rule compliance
- Update Your Compliance Program to Prevent Identity Theft Under Regulation S-ID
- Environmental, Social, and Governance (ESG)
Tip #7 – Electronic Communications
Advisers should prepare for further SEC scrutiny of their employees' use of electronic communication platforms. The headline grabber was the SEC’s announcement of $1.1 billion in fines against 16 financial institutions for record-keeping violations. The problem was that employees routinely used messaging applications on their personal devices to communicate about business matters. The SEC alleged these messages were not retained or monitored, as required under Advisers Act Rule 204-2.
Investment advisers have become the latest target, evidenced by a recent settlement with an advisory firm for failing to retain business communications on personal electronic devices through iMessage and WhatsApp. SEC Chairman Gary Gensler confirmed that the SEC would continue to investigate record-keeping violations resulting from employees' use of private communications channels for business, focusing on investment advisers and mutual funds.
- Poll employees to find out what messaging apps they use to communicate with clients. Investment advisers should understand what apps employees are using and why. Once they have this information, they can then decide what they can reasonably expect to monitor and retain with the resources they have.
- Perform a gap analysis. Firms should address all electronic communication channels employees use for official business. For example, firms that use Slack or other instant messaging apps should be able to monitor and retain communication on those platforms.
- Review current communication policies and procedures to determine whether updates are required. Electronic messaging apps have exploded in the past few years. Consider whether your policies and procedures are sufficient to keep up with evolving technology.
- Train employees about firm policies regarding “off channel” communications. Given the size of recent SEC penalties, non-compliance is costly. Educating employees about the rules and potential sanctions for violations is cheap insurance.
- Executives should lead by example. Firm leadership should lead by example, allowing compliance teams access to their personal cell phones or providing business cell phones and discouraging using personal devices.
- Investigate. The SEC settlements indicate that relying on an annual certification from employees that they are using approved communication channels is no longer enough. Instead, firms should consider more frequent attestation, periodic training, and personal device monitoring. In addition, firms should actively monitor existing captured communications for evidence of change of channel to "off channel” communications.
How we help
Employees' increasing use of electronic platforms like Teams, Zoom, SMS, WhatsApp, and WeChat can lead to increased conduct risks for your firm. At the same time, regulators are scrutinizing how risk and compliance management teams are mitigating these risks.
ComplianceAlpha®’s eComms Surveillance Software can help you manage your employees’ use of electronic platforms to communicate with colleagues and clients and test for the use of off channel communications. Our solution integrates mobile and voice data for a holistic view of potential behavior risks across your firm.
Listen to our 2023 Regulatory Outlook webcast on demand
We recently hosted a webcast to review the regulatory changes that will likely have implications on compliance programs in 2023, and provide recommendations to prepare for these changes. Our experts discussed rule proposals and adoption, examination and enforcement trends, and regulatory guidance. Watch our webcast for more insights to help you prepare your compliance program for this year’s focus areas.