OCIE Risk Alert – Recent examination focuses on advisor violations of Books and Records and other Regulatory Compliance Rules.
Submitted by: Randy Randall, Senior Compliance Consultant, Red Oak Compliance Solutions
The SECs exam division, the Office of Compliance Inspections and Examinations (OCIE) has recently conducted an examination of registered investment advisers (advisers) to better understand the various forms of electronic messaging used. Considered long overdue by most since there are so many types of electronic messaging that are generally prohibited from use (by firms, not regulation) because of supervisory concerns.
SEC Rule 204-2(a)(11) requires firms to keep copies of and to supervise all notices, circulars, advertisements, newspaper articles, investment letters, bulletins or other communications that the adviser circulates or distributes (directly or indirectly) to ten or more persons. Additionally, Rule 206(4)-7 requires advisers to adopt and implement written policies and procedures designed to prevent violations of the Advisers Act.
An obvious concern is how to capture (for document retention requirements) and supervise real-time communications like text (SMS), private messaging, instant messaging, chat rooms and forums, not to mention third-party apps or communications sent using the adviser’s personal computer or mobile devices.
While not a complete list, the following are some of the main points that the OCIE recommends:
Policies and Procedures:
- Permitting only those forms of electronic communication for business purposes that the adviser determines can be used in compliance with the books and records requirements of the Advisers Act.
- Specifically prohibiting business use of apps and other technologies that can be readily misused by allowing an employee to send messages or otherwise communicate anonymously, allowing for automatic destruction of messages, or prohibiting third-party viewing or back-up.
- For advisers that permit use of social media, personal email, or personal websites for business purposes, contracting with software vendors to (i) monitor the social media posts, emails, or websites, (ii) archive such business communications to ensure compliance with record retention rules, and (iii) ensure that they have the capability to identify any changes to content and compare postings to a lexicon of keywords and phrases.
- Regularly reviewing popular social media sites to identify if employees are using the media in a way not permitted by the adviser’s policies. Such policies include prohibitions on using personal social media for business purposes or using it outside of the vendor services the adviser uses for monitoring and record retention.
- Running regular Internet searches or setting up automated alerts to notify the adviser when an employee’s name or the adviser’s name appears on a website
Click here to read the full OCIE alert.
The OCIE encourages advisers to review their risks, practices, policies and procedures regarding electronic messaging and to consider any improvements to their compliance programs. It is your responsibility to know, understand and evidence the communications being sent on your behalf. If you have any question or concerns about how to accomplish this, the consultants at Red Oak are ready and willing to help…without the $600,000 fine from the SEC! We help broker-dealers, advisors, investment firms, and hedge funds meet regulatory requirements, improve their compliance programs and increase ROI. We provide customized services to get your firm up and running, on-going compliance assistance, workflow software solutions and much more to keep your compliance program on track.
For more information about Red Oak Compliance software and services solutions, partnership and/or integration opportunities or to schedule a demonstration, please visit us online, email us firstname.lastname@example.org or give us a call at 888-302-4594.