SEC Open to Modern Communications by Advisers
The Risk Alert addresses, for example, text/SMS messaging, instant messaging, and personal or private messaging used by advisory personnel for business purposes. In general, the Risk Alert covers such “Electronic Messaging” regardless of whether systems or applications (“apps”) of the firm or a third party are being used and regardless of who owns the computers or mobile devices being used. However, the Risk Alert does not cover emails using an advisory firm’s systems, as OCIE believes that firms already have considerable experience in administering compliance arrangements for those transactions.
Although the Risk Alert by its terms applies only to investment advisers, many of the ideas expressed apply equally to Electronic Messaging by registered representatives of broker-dealer firms, including those who offer insurance products. See “FINRA Issues New Guidance on Social Media and Digital Communications,” Expect Focus Life Insurance, Vol. II (June 2017).
The Risk Alert suggests a number of steps that firms may consider to promote regulatory compliance, including:
- requiring advisory personnel who receive communications in a form prohibited by the firm to move those communications to an electronic system that the firm permits and providing “specific instructions” to such personnel on “how to do so”;
- conducting regular internet searches and “regularly reviewing popular social media sites to identify if employees are using the media in a way not permitted” by the firm; and
- establishing confidential means by which advisory personnel “can report concerns about a colleague’s electronic messaging, website, or use of social media for business communications.”
Although the Risk Alert does not mandate these particular procedures, OCIE probably will be expecting firms to observe compliance procedures that are reasonably designed, in light of the firms’ own circumstances, to ensure that advisory personnel are complying with any prohibitions the firm imposes on particular types of communications.
Just Say No?
To the extent that advisers, therefore, may be faced with administering increasingly cumbersome procedures in connection with prohibitions, just saying “no” can become a more costly and unattractive option.
The Risk Alert does, however, suggest that firms consider prohibiting:
- any forms of Electronic Messaging that the firm has not determined can be used in compliance with the books and records requirements under the Investment Advisers Act; or
- any “apps or other technologies that can be readily misused by allowing an employee to send messages or otherwise communicate anonymously, allowing for automatic destruction of messages, or prohibiting third-party viewing or back-up.”
How to Say “Yes”
The Risk Alert also may encourage broader use of Electronic Messaging by suggesting a number of procedures that can help firms comply with regulatory requirements. In this connection, OCIE notes:
- “[Some] advisers that permit use of social media, personal email, or personal websites for business purposes [contract] with software vendors to (1) monitor the social media posts, emails, or websites, (2) archive such business communications to ensure compliance with record retention rules, and (3) ensure that they have the capability to identify any changes to content and compare postings to a lexicon of key words and phrases.”
Although adequate vendor-supplied services currently may not be available or practical in many circumstances, the number and capabilities of such vendors are expanding.
The Risk Alert also suggests other possible procedures for training and supervision of advisory personnel in their use of Electronic Messaging, including requiring advisory personnel to obtain prior approval and load certain security apps, software, or virtual private networks before accessing firm email servers or other business applications from personal devices.
Reading Between the Lines
Of course, investment advisory firms — and also broker-dealers — should consider the extent to which the procedures cited in the Risk Alert may be appropriate to the firms’ current practices. But perhaps more importantly, the Risk Alert implicitly affirms the industry trend toward expanded uses of Electronic Messaging and signals a non-dogmatic and (hopefully) helpful attitude by the SEC staff in policing compliance in this area.
The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.