The ever-increasing collaboration and instant messaging platforms like Microsoft Teams and Slack have become more popular and have changed the way we interact with our co-workers. If you are a broker-dealer or investment adviser, that internal communication is not just a conversation among co-workers, it’s also “written communication” that could be subject to SEC record-keeping rules. Broker-dealers and investment advisers should consider whether these internal communications fall under the same scrutiny and retention requirements as something sent to a client or prospect. This includes instant messaging, text messages, and chats using personally-owned devices.
For broker-dealers, the requirements are clear. Rule 17a-4 of the Securities Exchange Act of 1934 (“SEA”) requires firms to preserve for three years “originals of all communications received and copies of all communications sent (and any approvals thereof) by the member, broker or dealer (including inter-office memoranda and communications) relating to its business.”
Determining the requirements for investment advisers is more challenging. Under Rule 204-2(a)(7) of the Investment Advisers Act of 1940 (“Advisers Act”), advisers must maintain “books and records” including all written communications sent or received by the adviser relating to its investment advisory business. The rule requires advisers to make and keep originals of all written communications received, and copies of all written communications sent, by the investment adviser relating to “(i) any recommendation made or proposed to be made and any advice given or proposed to be given, (ii) any receipt, disbursement or delivery of funds or securities, (iii) the placing or execution of any order to purchase or sell any security, or (iv) the performance or rate of return of any or all managed accounts or securities recommendations.” These written communications must be maintained for five years. Rule 204-2(a)(7) does not explicitly state that inter-office memoranda and communications must be retained.
On December 14, 2018, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a Risk Alert – Observations from Investment Adviser Examinations Relating to Electronic Messaging (the “Electronic Messaging Risk Alert”). In the alert, OCIE discussed its views about investment advisers’ failures to update their compliance programs to accommodate the use of electronic messaging. OCIE said that instant messages are the same as other written communications and are subject to retention under Rule 204-2(a)(7) if they relate to the topics specified in that rule (e.g., relating to investment advice). The firm is responsible for maintaining those records. The rule does not differentiate between internal and external business communications.
Written communications that fall outside the parameters of Rule 204-2(a)(7), such as human resource matters, are not required to be maintained. However, segregating communication into required and non-required content is a significant challenge. As a practical matter, most firms archive all electronic communications as a way to ensure compliance with the rule.
Firms should review the collaboration and instant messaging platforms they are using and determine how to meet the record retention requirements. Some apps like Microsoft Teams and Slack can be configured to meet SEC and FINRA electronic storage and retention requirements. Advisers should also check with their current email retention service to see if it has the capability to retain other types of electronic messages. Many service providers specialize in archiving instant messages, so it pays to shop around.
The Electronic Messaging Risk Alert identified practices that advisers should consider to meet their record retention obligations:
- Develop policies and procedures specific to your firm. This could include permitting only forms of electronic communication that can be archived in compliance with the books and records requirements, prohibiting certain apps or technology, and monitoring and reviewing electronic communications.
- If an employee receives an electronic message using a form of communication prohibited by your firm for business purposes, firm procedures should require that the employee move those messages to a firm-approved messaging system.
- Train your employees and have them attest to the policies and procedures you have in place.
- Regularly review your employee’s activities.
- Have control over employee devices. This could include loading security apps or software on computers or phones or requiring employees to obtain prior approval before accessing firm information on a personal device.
Finally, in the Electronic Messaging Risk Alert, OCIE “encourages advisers to stay abreast of evolving technology and how they are meeting their regulatory requirements while utilizing new technology.” Compliance officers should be familiar with the technology being used and adjust the firm’s policies and procedures to meet their regulatory requirements.
Partner with Hardin Compliance
Have a compliance question or want an independent review of your compliance program? Hardin Compliance can help! Call us today at 1.724.935.6770, or shoot us an email at firstname.lastname@example.org so we can set up a time for one of our consultants to discuss your needs and how we can help. Hardin is always in your corner.
Hardin Compliance Consulting provides links to other publicly-available legal and compliance websites for your convenience. These links have been selected because we believe they provide valuable information and guidance. The information in this e-newsletter is for general guidance only. It does not constitute the provision of legal advice, tax advice, accounting services, or professional consulting of any kind.