On Friday, December 14, 2018, the Office of Compliance Inspections and Examinations ("OCIE") issued a Risk Alert, which encourages advisers to review their risks, practices, policies and procedures regarding electronic messaging. The alert also urges advisers to consider any improvements to their compliance programs that would help them comply with applicable regulatory requirements.
New communications and social channels empower advisers and their employees to send information and for investors to receive information, in real-time. The challenge for compliance officers that remains is developing the capability to adequately supervise these written communications exchanged via text or instant messaging or third party apps and to maintain them as the appropriate books and records of the firm.
The Risk Alert provided insights obtained from the SEC’s limited-scope examinations of registered investment advisers to help them improve their systems, policies, and procedures. The Staff observed and identified the following examples of practices, which may help in the design and implementation of policies and procedures and in meeting obligations under the books and records rule. The four categories identified included policies and procedures, training and attestations, supervisory review, and control over devices.
When considering electronic communication usage and content, we suggest that advisers treat all electronic communications which directly or indirectly markets the firm or its services as an “advertisement”, which then must comply with SEC Rule 206(4)-1. In addition to the SEC categories we would include the following concepts when drafting or enhancing your electronic communications policy and procedures:
> Authorization of users and permissions
> Approved media and acceptable usage guidelines
> Prohibited usage or media channels
> Content standards
> Compliance approval of content
> Disclaimers and disclosures
> Training, attestations and sanctions
> Oversight and compliance monitoring
> Information technology security
> Recordkeeping
We believe that when the above elements are addressed, an adviser’s electronic communications activities will better comport with regulatory requirements and the recent SEC Risk Alert.
In addition to the Risk Alert and industry practices, compliance officers may want to give attention to new forms of communications that are always popping up. For instance, gaming platforms provide audio and electronic messaging capabilities. Also, for the most part, each social media platform or application has an electronic messaging platform and there are several apps, dedicated to private communications and encryption. The good news is archiving service providers do have some solutions to assist compliance officers in this regard.
Finally, we commend the SEC in its support of these new communications pathways for use by investment advisers. As electronic communications technology evolves and its use increases, it is likely it will no longer be feasible for a business to have a general policy prohibition in place, as it may not satisfy investors as consumers of such information.