Electronic Messaging Exams: Looking Beyond Emails

The SEC is conducting “electronic messaging” examinations, which include all forms of written communications related to an Adviser’s business which are conveyed electronically by methods other than email messages sent or received using the Adviser’s email system.

The types of electronic messaging in the examination include those of the Adviser and the Adviser’s personnel (including independent contractors) used for the Adviser’s business and subject to the Books and Records rule (Rule 204-2(a)(7) or (11)).

The types of electronic messaging include:

  • Instant messaging
  • Text/SMS messaging
  • Email and personal or private messaging, whether on the Adviser’s systems or third party apps or platforms
  • The Adviser’s mobile devices
  • Personally owned computers or mobile devices used by Adviser personnel, including independent contractors

The exam document request asks the Adviser to provide copies of written policies and procedures relating to electronic messaging, including informal or unwritten policies or procedures, and those addressing transmittal of sensitive information and related security and privacy concerns.  The exam requests identification of all persons overseeing the policies and procedures and their roles and responsibilities, monitoring and review processes, exception reports, whether any violations have been detected, a summary of any internal audits or compliance reviews associated with electronic messaging, and copies of any risk assessments or risks, and how the Adviser mitigates or addresses these risks.  Information regarding recordkeeping is requested, including if maintained by a third party vendor.

Takeaways: 

  • Review your policies and procedures related to electronic messaging. Ascendant’s Cybersecurity Practice can partner with you to craft more robust policies related to Electronic Communications, Acceptable Use and Information Security that are tailored to your business and cover policies and controls for email, text messaging, apps and cloud-based services. You can also use our proprietary technology tool, Ascendant Compliance Manager, to manage and distribute those policies, capture employee attestations, document your control activities and log any material findings. Contact us to learn more.
  • We’ve also previously weighed in on some of your options relating to policies regarding personal e-mails at work in a previous blog we did on cybersecurity, linked here.
  • We believe this is a sweep exam in the NY region, which may be designed for information gathering and result in a soon-to-be SEC Guidance Alert. We will continue to keep you posted if/when we learn anything new.

Related Content

Latest Content

Advertising Issues: SEC and GIPS Performance in the Private Fund Space

Over a year ago, OCIE released the Risk Alert, “The Most Frequent Advertising Rule Compliance Issues Identified in OCIE Examinations of Investment Advisers.” While the alert highlighted several areas where performance advertising is involved, our recent CSS/Ascendant conference panelists in a session entitled “Best Practices for SEC and GIPS Performance in the Private Fund Space” … Continued

Placing Ethics and Compliance in the Foreground of Business Decision-Making

Thinking about how to make ethics and compliance part of a business’s decision-making can prove to be challenging. By nature, compliance professionals are often results-oriented, focusing on a binary end-result; either you are in compliance, or you are not. That focus is important, but emphasizing process is also vital, John Walsh, Partner at Eversheds Sutherland … Continued

What Am I Looking At? Making Sense of Your Cyber Testing Reports

It’s no surprise that Compliance and IT do not speak the same language. Compliance staff often speak in terms of regulations and policies, whereas bits and bytes are the language of IT staff. This distinction is clear when it comes to cybersecurity risk management, as the compliance and IT audiences are looking for different takeaways … Continued

It Takes a Village – Preparing for a Regulatory Exam

Advanced planning for a regulatory exam remains a vital step in ensuring the compliance team is prepared when the exam teams comes knocking. At the recent Ascendant/CSS fall conference in San Diego, Allison Fraser moderated the conference’s capstone session on the topic, joined by Bryan Bennett, the Associate Regional Director in the examination program in … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.