It’s a new year, and the SEC has texting and social media on its radar.
The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) recently released a risk alert, notifying advisors that it is paying close attention to text messaging, instant messages, and social media. OCIE notes that “text/SMS messaging, instant messaging, personal email, and personal or private messaging” are covered by the “Books and Records Rule” Rule 204-2, and reminds advisers of their obligations when using electronic messaging.
Rule 204-2 requires advisors and their personnel to make and maintain records relating to their investment advisory business, which includes keeping “originals of all written communications received and copies of all written communications sent” relating to (i) recommendations and advice, (ii) the receipt or disbursement of funds, (iii) purchasing or selling a security, or (iv) the performance of a managed account or securities recommendation,” subject to certain limited exceptions.
Additionally, the SEC referenced social media in the alert. Rule 204-2(a)(11) requires advisers to make and keep a copy of each notice, circular, advertisement, newspaper article, investment letter, bulletin, or other communication that the investment advisor circulates or distributes, directly or indirectly, to ten or more persons. The Commission has stated that, “regardless of whether information is delivered in paper or electronic form, broker-dealers and investment advisors must reasonably supervise firm personnel with a view to preventing violations.”
Additionally, the alert references the SEC “Compliance Rule” 206(4)-7, which “requires advisors to adopt and implement written policies and procedures reasonably designed to prevent violation” of the Advisers Act and its rules.
The alert also includes the following SEC recommendations to help advisors implement electronic communication policies and procedures:
- Prohibit electronic communication applications that allow for messages to be sent anonymously, allow for automatic destruction of messages, or prohibits third-party viewing or back-up
- If advisors permit their personnel to use social media, personal email accounts, or personal websites for business purposes, adopt and implement policies and procedures to monitor, review, and retain all electronic communications
- Require firm procedures to move messages received from clients to an electronic archive that is in compliance with its books and records rules
- Adopt and implement policies concerning the use of personal devices, if such devices are used for business purposes
- Train personnel on all policies and procedures in place on the use of electronic messaging and the disciplinary consequences for violations
- Provide regular reminders to employees of what is permitted and prohibited under the advisor’s policies and procedures with respect to electronic messaging
- Solicit feedback from personnel as to what forms of messaging are requested by clients and service providers in order for the advisor to assess their risks, and how those forms of communication may be incorporated into the advisor’s policies
- Regularly review popular social media sites to identify if employees are using the medium in compliance with the advisor’s policies. Such policies may include prohibitions on using personal social media for business purposes or using business social media accounts excluded from monitoring and record retention services
- Conduct regular internet searches or set up automated alerts to notify the advisor when an employee’s name or the advisor’s name appears on a website to identify potentially unauthorized advisory business being conducted online
- Establish a confidential reporting program so employees can report their concerns “about a colleague’s electronic messaging,” including use of social media or impermissible posts
- Supervisory Review — For advisers that permit use of social media, personal email, or personal websites for business purposes, contract with software vendors to (i) monitor the social media posts, emails, or websites, (ii) archive such business communications to ensure compliance with record retention rules, and (iii) ensure the capability to identify any changes to content and compare postings to a lexicon of keywords and phrases
“OCIE encourages advisors to review their risks, practices, policies and procedures regarding electronic messaging and to consider any improvements to their compliance programs … and to stay abreast of evolving technology and how they are meeting their regulatory requirements while utilizing new technology,” the alert states.
The alert should come as no surprise. What’s next? Expect FINRA to step up their monitoring of advisor electronic communications this year too.
- 2022 Regulatory Roundup: Record-Breaking Penalties Provide a Glimpse Into 2023 - December 28, 2022
- Smarsh Advance Recap: Voice – The Newest Frontier in Supervision - December 15, 2022
- CFTC's 2022 Enforcement Results Highlight Recordkeeping and Supervision - October 27, 2022