On April 3, 2024, the U.S. Securities and Exchange Commission (SEC) announced its first enforcement action against a registered investment adviser (RIA) with no ties to a broker-dealer regarding so-called "off-channel" communications—that is, communications sent away from firm-captured devices and/or firm-approved communications platforms. This action marks a significant progression in the SEC's multi-year initiative to bring enforcement actions against registrants for violations associated with recordkeeping and is clearly influenced by a broader, ongoing, enforcement sweep of large RIAs regarding their electronic communications practices.1

Prior to this action, all of the SEC's enforcement actions relating to off-channel communications targeted broker-dealers, but extended to a few cases where brokers were dually registered as investment advisers or operated with affiliated investment advisers.2 While those cases relied in large part on the recordkeeping requirements applicable to broker dealers under the Securities Exchange Act of 1934 ("Exchange Act"), some of the matters settled for alleged violations of recordkeeping obligations under the Investment Advisers Act of 1940 ("Advisers Act").

In last week's action, the SEC found that the settling firm's off-channel communications practices caused one violation tied to the firm's failure to follow its own written policies (the compliance rule violation) and another tied to the firm's failure to maintain a subset of those communications as books and records specifically required by the Advisers Act (the books and records rule violation). For those reading the settlement to try to discern whether the SEC is taking the position that the recordkeeping requirements of the Advisers Act are commensurate with the Exchange Act or narrower, the order appears to be purposely obscure. On one reading, the order specifically calls out the failure to maintain those communications specifically required by the Advisers Act to be maintained. On another reading, the order could be read to reflect an incremental step by the SEC towards a stance that requires investment advisers to maintain electronic communications beyond those required by the books and records provisions of the Advisers Act.3

The SEC also highlighted that the firm's recordkeeping practices may have impeded the agency's ability to "carry out its regulatory functions and investigate violations of the federal securities laws."4 Indeed, the SEC noted that the firm likely failed to provide responsive materials to SEC books and records requests and even subpoenas for documents.5 In describing communications that were not maintained, let alone produced by the firm, the order pointedly highlighted that senior individuals at the firm themselves communicated off-channel and utilized 30-day auto-delete functions for messages on their devices.

The settlement involved a $6.5 million civil monetary penalty, admissions by the RIA, a commitment by the RIA to engage an independent compliance consultant at its own expense to oversee changes to its compliance program and findings by the SEC relating to other aspects of the firm's compliance program, particularly with respect to personal securities transactions.

Several portions of the settled order are noteworthy:

The Firm Did Not Follow its Stated Policies. According to the SEC, the firm adopted policies that required the retention of all electronic communications and "strictly prohibited [its employees] from using non-[firm] electronic communication services for any business purpose."6 In addition, the firm's policies required its employees to acknowledge that "text messaging, iMessage, or PIN-to-PIN messaging" were not permitted for work-related messages other than during emergencies or technological disruptions.7

In violation of those written compliance policies, the SEC found that firm personnel, including senior individuals, sent "thousands of business-related messages using off-channel communications."8 The SEC also found that the RIA did not access employees' personal devices to confirm whether they were complying with the RIA's communication policies.9 As a result, the SEC found the firm violated rule 206(4)-7, the compliance policies rule of the Advisers Act.

The Firm Also Did Not Maintain Required Books and Records. The SEC also found that the firm violated rule 204-2, the books and records rule, which enumerates particular sets of documents that RIAs must maintain under the Advisers Act. The order noted that "numerous" off-channel communications related to documents described in rule 204-2(a)(7), which covers, among other things, recommendations made (or proposed to be made) and advice given (or proposed to be given) by an investment adviser and the placing or execution of any order to purchase or sell any security.10 The order pointed out that "[a]fter engaging in off-channel communications," no firm employee took steps to copy messages to firm-captured systems.11

Failure to Supervise. To further drive home the emphasis on recordkeeping, the SEC also brought a separate failure to supervise charge against the firm. This charge, which is a standalone violation of the Advisers Act, highlighted the conduct of senior individuals at the firm who sent and received off-channel communications, including about matters subject to books and records requirements, and had 30-day auto-delete functions set on their personal devices.12

Personal Securities Trading Highlighted. The settled order also included violations relating to personal securities trading by RIA employees and the firm's related compliance with the code of ethics rule. By weaving this violation into an order principally about the firm's recordkeeping, the SEC may have intended to signal that electronic communications practices will now be subject to scrutiny in investigations that, at least at the outset, do not relate to recordkeeping practices and books and records compliance.

Underscoring the apparent importance of this violation to the SEC's investigation, the settled order highlighted a number of specific remedial efforts relating to pre-clearance, including blanket restrictions on options trading in employee brokerage accounts, prohibitions on employees trading in positions owned by the firm's clients "absent exceptional circumstances" and notifications to employees that "making more than 10 preclearance trades in a month may trigger increased scrutiny."13

Admissions and Independent Compliance Consultant. In line with past settlements relating to off-channel communications, the firm also admitted to the findings in the SEC's order and agreed to retain an independent compliance consultant at its own expense to conduct a comprehensive review of the firm's electronic communications policies and procedures.

Takeaways

  • This latest settlement demonstrates that the SEC is continuing to rigorously investigate violations related to recordkeeping, now against a standalone RIA. With this settlement now public, we expect to see the SEC continue to take steps to review RIA electronic communications practices in both examinations and enforcement investigations.
  • The $6.5 million civil penalty here is significant, and was likely derived from the firm's failure to abide by its own policies and procedures, as well as actions that may have inhibited the SEC's investigation, including the auto-deletion of communications by senior individuals at the firm.
  • RIAs should take steps to understand how their personnel actually communicate with others, investigate technological options for electronic messaging that can be captured and reviewed in the firm's archives, ensure that they are taking steps to retain required books and records and evaluate the scoping of their policies and procedures regarding electronic communications.

Footnotes

1 See https://www.bloomberg.com/news/articles/2024-03-14/citadel-kkr-blackstone-mobilize-to-temper-sec-s-whatsapp-probe.

2 Additional SEC enforcement actions in this space are available here (December 2021), here (September 2022), here (May 2023), here (August 2023), here (September 2023) and here (February 2024).

3 Order, available at https://www.sec.gov/files/litigation/admin/2024/ia-6581.pdf.

4 Id. ¶ 4.

5 Id. ¶ 18. The reference to document subpoenas in the Order is notable given the SEC's broad authority to request books and records from RIAs under its inspection authority.

6 Id. ¶ 10.

7 Id. ¶ 11.

8 Id. ¶ 14.

9 Id.

10 Id. ¶ 15; see also id. ¶ 9 (noting rule 204-2 requires maintenance "of all communications received and copies of all written communications sent relating to, among other things, recommendations made or proposed to be made and any advice given or proposed to be given; any receipt, disbursement, or delivery of funds or securities; or the placing or execution of any order to purchase or sell any security"). These references line up with a 2018 risk alert from the SEC's Division of Examinations relating to electronic communication use by RIAs that similarly called out enumerated categories of rule 204-2.

11 Id. ¶ 15.

12 Id. ¶¶ 15­–16.

13 Id. ¶ 23.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.