Information technology continues to provide amazing benefits to our industry, but it also brings with it a number of risks when it comes to compliance.
Changes in the way mobile and personally owned devices are being utilized for business purposes brings into question whether firms are fully complying with the Books and Records Rule (Advisers Act Rule 204-2) and the Compliance Rule (Advisers Act Rule 206(4)-7).
The staff shared that specific concerns related to registrants' utilization of electronic communications include, but are not limited to, increased use of messaging to clients and others via:
- Social media
- Text messaging
- Electronic messaging apps
- Personal devices and accounts used for business purposes
The Office of Compliance Inspections and Examinations (OCIE) conducted a limited-scope examination advisory firms' use of electronic messaging and released a risk alert, capturing the examiner's observations of strong internal controls used by the financial industry, which in turn will help firms to foster and improve their protocols, systems and policies.
The complete OCIE Risk Alert on "Observations from Investment Adviser Examinations Relating to Electronic Messaging" can be read here.
OCIE's examination initiative focused on whether, and to what extent, advisers complied with the Books and Records Rule and adopted and implemented policies and procedures as required by the Compliance Rule.
Unfortunately, some examiners found that certain investment advisory firms failed to have any testing or monitoring practices in place to help ensure compliance with firm policies and procedures.
In an effort to assist firms in meeting their record retention obligations under the Books and Records Rule and their implementation and design of policies and procedures under the Compliance Rule, OCIE published 17 practices for firms to consider.
6 Internal Controls to Consider for Electronic Messaging
The following are selected highlights of the staff's identification of potential internal controls to consider for electronic messaging:
- If firms permit their employees to use social media, personal email accounts, etc., for business purposes, policies and procedures should address protocols for the adviser's monitoring, review, and retention of such electronic communications, including the transferring of those communications to a storage system which satisfies Rule 204-2.
- Training should be provided related to the firm's acceptable practices regarding the use of electronic messaging and electronic apps.
- Firms should clearly emphasize in their policies and procedures that policy violations may result in disciplinary actions up to and including dismissal.
- Firms should regularly remind employees of the firm's policies and procedures regarding electronic messaging, as well as solicit feedback from employees as to what forms of messaging are requested by clients and service providers to help identify potential risks.
- Procedures should be implemented reviewing popular social media sites and conducting periodic internet searches to identify potentially unauthorized electronic messaging activities related to the firm.
- Security apps or other software should be employed on company-issued or personally owned mobile devices prior to utilization for business communications that:
- Automate mandatory cyber security patches to the devices to better protect the devices from hacking or malware
- Monitor for prohibited apps
- Allow for remote "wiping" of the device's entire local memory in the event a device is lost or stolen
The complete list of suggestions can be found in the OCIE's Risk Alert - read here.
This Risk Alert Signals the Need for Internal Review
The publishing of this Risk Alert sends a clear signal that investment advisers will be held accountable for employee electronic communications.
We strongly advise firms to review their risks, practices, policies, and procedures governing electronic messaging and consider what improvements are required to bring their compliance programs into agreement with ever-developing regulatory requirements.
Should you need assistance in reviewing your policies and procedures covering the use of technology, or in developing an effective employee training program covering the proper use of electronic messaging, our attorneys are here to help.
For more information on regulatory compliance issues, or any other related legal questions, contact Jacko Law Group, PC. Let our decades of experience work for you.
A Reminder to Our Readers
We'd like to remind our readers to file form ADV in a timely manner with the necessary regulatory bodies, including the SEC and state securities authorities, and to provide the required updated informational brochures to clients. This must be done regardless of the operational status of the SEC. Should you like us to review your Form ADV disclosures and assist with your annual amendment filing requirements, contact Jacko Law Group, PC - click here.
- Managing Partner and CEO
Michelle L. Jacko, Esq. is the Managing Partner and CEO of Jacko Law Group, PC, which offers securities, corporate, real estate and employment law counsel to broker-dealers, investment advisers, investment companies ...
Add a comment
- New SEC Climate Change and ESG Task Force to Enhance Investor Protection by Red Flagging Examples of Corporate Greenwashing
- What Investment Advisers Must do to Qualify for the DOL’s Prohibited Transaction Exemption for IRA Rollovers
- SEC Division of Examinations Cites Enhanced Focus on Business Continuity Processes, Protection of Retail Investors and ESG-Related Risks Among its 2021 Priorities
- FINRA Report Suggests Growing Need for Enhanced Risk Management in Cybersecurity and Outside Business Activities
- Deadline Approaching: Considerations for Your Form ADV
- Leveraging JLG's Latest Service: Real Estate
- Safeguarding Your Firm Against Fraudulent or Improper Recognition of Revenue
- New Advisers Act Advertising Rule to Undergo Further Review
- Investors, Advisers Must be Mindful to Comply with New U.S. Ban on Estimated $1 Trillion of Chinese Securities
- Your First Meeting on the SEC’s New Investment Adviser Marketing Rule Should Address These Topics
- Securities and Exchange Commission (SEC)
- Investment Advisers
- Regulatory Examinations
- Policies and Procedures
- Social Media Marketing
- Due Diligence
- Transition Services
- California Consumer Privacy Act (CCPA)
- Aging Clients
- Advisers Act
- Virtual Currency
- Dodd-Frank Act
- Ponzi Scheme
- Office of Compliance Inspections and Examinations (OCIE)
- Broker Protocol
- Securities Law
- Form U5
- Private Equity
- Private Funds
- Hedge Funds
- Regulation Best Interest
- Personally Identifiable Information (PII)
- Government Shutdown
- Risk Alert
- Exchange-Traded Funds (ETFs)
- Investment Company Act
- Rule 6c
- Wells Fargo