SEC’s Latest Risk Alert Focuses on Electronic Communications

The SEC’s most recent risk alert, “Observations from Investment Adviser Examinations Relating to Electronic Messaging,” issued on December 14, 2019, focuses on the use and maintenance of electronic communications for business purposes. The purpose of the alert is to remind advisers of their obligations related to personal use of electronic messaging and the requirements for business-related electronic messages. Below are some best practices that can be used to help ensure your firm has reasonable controls in place for the use of electronic communications. We encourage all firms to review the full alert.

Policies and Procedures
  • Only permit electronic communications for business purposes if the messages can be supervised and retained in compliance with the books and records requirements of the Advisers Act.
  • Specifically prohibit the use of apps or other technology that gives employees the ability to communicate anonymously, automatically destroys messages or prohibits third-party backup and reviews.
  • If an employee receives an electronic message in a form that is prohibited by the firm for business purposes, require that the employee move the message to another electronic system where the firm can supervise and retain the communication in compliance with the Books and Records Rule. Include specific instructions on how employees can move such messages.
  • If a firm permits the use of personally owned mobile devices for business purposes, adopt and implement policies and procedures that address the use of electronic communications by employees, including social media, instant messaging, texting, personal email, personal websites and information security.
  • If a firm permits personnel to use social media, personal email accounts or personal websites for business purposes, address how the firm monitors, reviews and retains such communications.
  • Inform employees that violations to the firm’s electronic communications policy may result in discipline or dismissal.
Employee Training
  • Include training on electronic communications policies and procedures in the firm’s initial and annual employee compliance training. Make sure to address specific restrictions and limitations placed on messaging and apps, along with consequences for violating the firm’s procedures.
  • Upon commencement of employment and annually thereafter, have all employees attest to:

– Completion of all required training on electronic messaging

– Compliance with the firm’s policies and procedures

– Continued commitment to comply with the firm’s policies

  • Periodically remind employees of the dos and don’ts of electronic messaging.
  • Include electronic messaging in the firm’s annual risk assessment. Consider new forms of communications requested by clients or service providers when assessing the firm’s risk.
Supervisory Reviews
  • If social media, personal email or personal websites are permitted to be used for business purposes, make sure communications and changes to communications are monitored and archived. Messages should be monitored for key words and phrases.
  • Regularly review whether employees are utilizing social media in accordance with the firm’s policies.
  • Set up automated internet alerts when the firm’s name or an employee’s name appears on a website to help detect unauthorized use of electronic media (e.g., Google alerts).
  • Make sure employees know how they can confidentially report violations to the firm’s electronic communications policy.
Control over Devices
  • Require that staff get approval from IT or Compliance for email access on personal devices.
  • If a device will be used for business communications, load security software on the device to better protect it from hacking or malware. Software should automatically push out security patches, monitor for prohibited apps and be able to wipe the device if it is lost or stolen.
  • Limit access to the firm’s email server or other business applications through virtual private networks or other security apps to segregate remote activity.

As technology continues to evolve and provide more ways to communicate with clients, the regulators will continue to scrutinize how firms are using and maintaining electronic messages. Stay ahead of the game by continuing to evaluate your firm’s risks, practices and controls regarding electronic communications and make improvements to your compliance program as needed.


Post written by Ariana Monchick

Related Content

Latest Content

SEC OCIE Issues 2019 Examination Priorities

Well ahead of the New Year, the SEC Office of Compliance Inspections and Examinations (OCIE) announced its 2019 examination priorities. In keeping with OCIE’s four “pillars” of promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy, the Dec. 20 release provides a preview of key areas where OCIE intends to focus its limited … Continued

Highlights of 2018: Predictions for 2019

Our annual year-end review covers investment adviser compliance highlights from 2018, and makes 2019 predictions. We will highlight enforcement actions and SEC risk alerts for retail advisers, private fund managers, and institutional wealth managers. Using these as road markers, our predictions are designed to lead reasonable and effective compliance program development. Evaluate 2018 Compliance and … Continued

A New View of How Technology Will Change the Emerging Crytpo-Economy

From the top of the world, it’s amazing what you can see.  I recently had the opportunity to travel to the United Arab Emirates to speak in Dubai at the 7th Edition of the Alternative Investment Management Summit. While I was there, I took a few moments to ride to the top of the Burj … Continued

SEC Retail Investor Focus Turns Towards Registered Investment Companies

Earlier this year when the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced its 2018 examination priorities, OCIE stated that a core priority was to protect retail investors, including seniors and individuals saving for retirement. OCIE is now continuing this effort by focusing on mutual funds and exchanged-traded funds (together, the “Funds”) as the … Continued

SEC Alerts Investment Advisers to Review Solicitor Arrangements

On October 31, OCIE issued a new Risk Alert for investment advisers with solicitor arrangements. The SEC periodically releases risk alerts to notify the industry of deficiencies they are finding during examinations, and this latest alert puts investment advisers with solicitor arrangements on notice to check their solicitor agreements, policies and procedures, and disclosure documents. … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.