Electronic Messaging Exams: Looking Beyond Emails

The SEC is conducting “electronic messaging” examinations, which include all forms of written communications related to an Adviser’s business which are conveyed electronically by methods other than email messages sent or received using the Adviser’s email system.

The types of electronic messaging in the examination include those of the Adviser and the Adviser’s personnel (including independent contractors) used for the Adviser’s business and subject to the Books and Records rule (Rule 204-2(a)(7) or (11)).

The types of electronic messaging include:

  • Instant messaging
  • Text/SMS messaging
  • Email and personal or private messaging, whether on the Adviser’s systems or third party apps or platforms
  • The Adviser’s mobile devices
  • Personally owned computers or mobile devices used by Adviser personnel, including independent contractors

The exam document request asks the Adviser to provide copies of written policies and procedures relating to electronic messaging, including informal or unwritten policies or procedures, and those addressing transmittal of sensitive information and related security and privacy concerns.  The exam requests identification of all persons overseeing the policies and procedures and their roles and responsibilities, monitoring and review processes, exception reports, whether any violations have been detected, a summary of any internal audits or compliance reviews associated with electronic messaging, and copies of any risk assessments or risks, and how the Adviser mitigates or addresses these risks.  Information regarding recordkeeping is requested, including if maintained by a third party vendor.

Takeaways: 

  • Review your policies and procedures related to electronic messaging. Ascendant’s Cybersecurity Practice can partner with you to craft more robust policies related to Electronic Communications, Acceptable Use and Information Security that are tailored to your business and cover policies and controls for email, text messaging, apps and cloud-based services. You can also use our proprietary technology tool, Ascendant Compliance Manager, to manage and distribute those policies, capture employee attestations, document your control activities and log any material findings. Contact us to learn more.
  • We’ve also previously weighed in on some of your options relating to policies regarding personal e-mails at work in a previous blog we did on cybersecurity, linked here.
  • We believe this is a sweep exam in the NY region, which may be designed for information gathering and result in a soon-to-be SEC Guidance Alert. We will continue to keep you posted if/when we learn anything new.

Related Content

Latest Content

OCIE Examined 15% of RIAs in 2017

In 2017, the SEC examined 2,114 investment advisers, approximately 15 percent of the 14,000+ registered investment advisers, the SEC confirmed in its Fiscal Year 2019 Congressional Budget Justification Annual Performance Plan. In the same report, the SEC said the staff will continue to improve its efforts of RIAs, noting that nearly 35 percent of all … Continued

Ascendant’s Adam DiPaolo Discusses Hypothetical & Model Performance Marketing Pitfalls

A Jan. 12 article in HFMCompliance titled “Best practice for hedge funds using hypothetical and model performance” outlines best practices for hedge fund managers when using hypothetical performance or model data in marketing efforts, and how managers relying on such data can avoid enforcement actions. Adam DiPaolo, Senior Consultant in Ascendant’s Private Funds group, is quoted in the … Continued

SEC’s Exam Priorities Offer Insight Into National Exam Program

On February 7, 2018, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued their 2018 Examination Priorities (see Ascendant’s summary here). In addition to defining their examination priorities for the year, the OCIE staff offered some insight into the National Exam Program.  Specifically, they defined the following five principles in executing their exam priorities: … Continued

SEC Updates: ICO Gatekeeper Standards, SEC/CFTC Swap Rules

SEC Chairman Jay Clayton had some stern advice for market professionals, especially gatekeepers, who he said need to act responsibly and hold themselves to high standards. Speaking via videoconference during Securities Regulation Institute’s recent annual conference, he said, “To be blunt, from what I have seen recently, particularly in the initial coin offering (“ICO”) space, they … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.