On December 14th, 2018, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a Risk Alert reminding advisers of their obligations regarding the use of electronic messaging. Under Rule 204-2 of the Advisers Act (the “Books and Records Rule”), advisers are required to keep a wide variety of communications sent and received by the firm and its employees, including communications transmitted via electronic means, where the communication relates to:
- Recommendation or advice made or proposed to be made;
- Receipt, disbursement or delivery of fund or securities;
- Placing or execution of any security transactions; or
- Performance of any managed accounts or securities recommendations.
Advisers are also required to keep copies of all notices, advertising, bulletins, and other communications that are circulated to ten or more persons, regardless of how these communications are delivered.
In the Risk Alert, OCIE included numerous observations and recommendations that it based on a recent examination sweep that targeted advisory firms’ and employees’ use of texting, instant messaging, and personal emails. Examples of OCIE’s recommendations include:
- Requiring periodic training on the adviser’s policies and procedures governing the use of electronic messaging and social media;
- Prohibiting the use of software and technologies that allow for anonymous communication, automatic destruction of messages, or circumventing third-party review or backup;
- Requiring employees to obtain approval before using personal devices for company business; and
- Conducting a regular review of electronic communications, social media activity, and instant messaging.
WHAT DOES THIS MEAN FOR ME?
Advisers are encouraged to review their policies and procedures regarding electronic communications to ensure that they comply with the appropriate regulatory requirements. OCIE also suggested that advisers stay up to date with technology and how it may help (or hinder) an adviser’s practice.
Fairview will assist clients with reviewing their existing policies and procedures regarding electronic communication and in making any required changes. Additionally, as part of Fairview’s testing services, we assist clients in periodically reviewing social media profiles of our advisory clients and their access persons.
OCIE’s Risk Alert does not cover all regulatory risks or requirements. Other risks and requirements beyond those described in this Risk Alert remain appropriate to consider.
If you have any questions about the requirements of the Advisers Act or policies and procedures governing electronic communications, please reach out to Fairview directly. Fairview is committed to ensuring its clients’ compliance programs are robust and compatible with SEC regulations.