SEC Investigations Related to Messaging Apps | Maxwell Baker Reacts
Vigilant Insights
Vigilant’s own, Maxwell Baker, Esq., was quoted in InvestmentNews related to the SEC’s continued investigations into the use of messaging apps by employees of registered firms.
Maxwell covered the following areas below in his quotes throughout the article:
- Regarding the sheer size of the requests being made regarding access to personal devices used by employees, it would take a significant amount of time and resources to sit down with each employee to get the detailed information the SEC is requesting.
- The reality of how phone use is used in the industry; advisors typically use one device for both personal and business purposes, and texting has become the most common form of communication.
- The need for expanded policies and procedures goes beyond email archiving, with the goal of finding a way to separate business communication from personal communication.
Maxwell Baker’s Frame of Reference and In-Depth Analysis
It is no secret that Advisory Firms, Broker Dealers, and other industry registrants are starting to take more and more advantage of messaging technologies and platforms in order to streamline their business operations and to connect with clients, investors, and others. However, these types of electronic messaging, like WhatsApp and text messaging, can create unique compliance issues with the Investment Advisers Act of 1940 (“Advisers Act”).
Rule 204-2 of the Advisers Act (“Books and Records Rule”) requires Firms to make and keep certain books and records relating to their investment advisory business. The Books and Records Rule requires Firms to maintain records of written business communications regarding advice given as well as other communications involving securities and business activities. In order to ensure compliance with the Books and Records Rules in light of the SEC’s attention to recordkeeping practices of electronic messaging, Firms should start evaluating their electronic messaging policies and procedures and how they are being applied on a day-to-day basis during everyday business activities.
First thing is first, Firms should sit down and conduct a risk assessment to determine how pervasive electronic communication outside its archived channels is within the firm. Firms and their personnel should be honest with themselves when conducting their risk assessment in order to start preparing how to deal with electronic communications that may be falling outside of the channels being archived. In conducting this risk assessment, Firms should interview personnel and conduct email reviews to uncover “red flag” language like “please text me” or similar language within email archives. The key here is to take an honest look at day-to-day practices and to focus on not just text messaging, but all electronic messaging platforms, like WhatsApp, Slack, or similar.
Once Firms have a grasp on how widespread electronic messaging within their doors is given the results of the risk assessment, Firms should consider how to address their current electronic messaging practices. If there is truly limited electronic messaging outside of archived channels, Firms should consider adopting policies and procedures that extend their current electronic messaging policies to include oversight procedures and certifications of email-only policy adherence. If the risk assessment reveals widespread use of electronic communications that are not being archived, then the Firm has a little more work to do. The Firm should start exploring technology to assist in the archiving of whatever electronic messaging they are using to communicate with clients or coworkers about the business activities of the firm. Once the Firm finds a way to archive its electronic messaging in compliance with the Books and Records Rule, the Firm should amend its policies and procedures to ensure that they are consistent with the electronic messaging practices of personnel and the archiving of such electronic messages. The Firm should consider reviewing the electronic messaging periodically and obtaining certification from personnel regarding adherence to the new electronic policies and procedures.
Finally, Firms should consider how they are applying their electronic messaging policies. Firms should examine how they conduct oversight of their personnel’s electronic messaging. Firms should especially examine how they deal with personnel who violate their electronic communication policies. Repercussions for violations of the Firms’ electronic communications policies and procedures should be applied evenly and equitably across its personnel base regardless of where the offender falls within the hierarchy of the organization.
Please contact Vigilant if your organization needs assistance in conducting reviews of electronic communication practices, or assistance in developing compliance programs incorporating electronic communication policies and procedures.