Electronic Messaging Exams: Looking Beyond Emails

The SEC is conducting “electronic messaging” examinations, which include all forms of written communications related to an Adviser’s business which are conveyed electronically by methods other than email messages sent or received using the Adviser’s email system.

The types of electronic messaging in the examination include those of the Adviser and the Adviser’s personnel (including independent contractors) used for the Adviser’s business and subject to the Books and Records rule (Rule 204-2(a)(7) or (11)).

The types of electronic messaging include:

  • Instant messaging
  • Text/SMS messaging
  • Email and personal or private messaging, whether on the Adviser’s systems or third party apps or platforms
  • The Adviser’s mobile devices
  • Personally owned computers or mobile devices used by Adviser personnel, including independent contractors

The exam document request asks the Adviser to provide copies of written policies and procedures relating to electronic messaging, including informal or unwritten policies or procedures, and those addressing transmittal of sensitive information and related security and privacy concerns.  The exam requests identification of all persons overseeing the policies and procedures and their roles and responsibilities, monitoring and review processes, exception reports, whether any violations have been detected, a summary of any internal audits or compliance reviews associated with electronic messaging, and copies of any risk assessments or risks, and how the Adviser mitigates or addresses these risks.  Information regarding recordkeeping is requested, including if maintained by a third party vendor.

Takeaways: 

  • Review your policies and procedures related to electronic messaging. Ascendant’s Cybersecurity Practice can partner with you to craft more robust policies related to Electronic Communications, Acceptable Use and Information Security that are tailored to your business and cover policies and controls for email, text messaging, apps and cloud-based services. You can also use our proprietary technology tool, Ascendant Compliance Manager, to manage and distribute those policies, capture employee attestations, document your control activities and log any material findings. Contact us to learn more.
  • We’ve also previously weighed in on some of your options relating to policies regarding personal e-mails at work in a previous blog we did on cybersecurity, linked here.
  • We believe this is a sweep exam in the NY region, which may be designed for information gathering and result in a soon-to-be SEC Guidance Alert. We will continue to keep you posted if/when we learn anything new.

Related Content

Latest Content

Past Conference Speaker Inspiration for The Rock’s Next Blockbuster

If you attended Ascendant’s 2016 San Diego conference,  you will no doubt remember our outstanding keynote speaker, Jeff Glasbrenner. Jeff is a below-the-knee amputee who was fresh off becoming the first American amputee ever to scale Mount Everest. In San Diego, he spoke about turning challenges into triumphs, and about succeeding in the face of … Continued

Relief at Last – New Guidance on Inadvertent Custody

The SEC quietly provided additional guidance to the industry about inadvertent custody in supplemental responses to the Custody Rule FAQs. In Question II.11 and II.12, the SEC stated that it would not recommend enforcement against an adviser that does not have a copy of a client’s custodial agreement, and does not know or have reason … Continued

Cayman Islands Update AML Regulations for Private Equity

The Cayman Islands has further bolstered its anti-money laundering (“AML”) and countering of terrorist financing (“CTF”) rules. The new AML/CTF rules become effective on May 31, 2018 and will affect, among others, unregulated investment entities—such as private equity firms—domiciled in the Cayman Islands. The deadline to appoint AML officers, however, is September 30, 2018 for … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.