United States: OCIE Cautions Advisers To Review Policies On Electronic Messaging

The SEC Office of Compliance Inspections and Examinations ("OCIE") encouraged investment advisers to review their policies regarding electronic messaging, and to consider improvements to their compliance programs.

In a Risk Alert, the OCIE noted that changes in the ways mobile and personal electronic devices are used pose challenges for investment advisers in meeting their obligations under Advisers Act Rules 204-2 (the "Books and Records Rule") and 206(4)-7 (the "Compliance Rule"). The Books and Records Rule requires investment advisers to make and retain certain records related to their advisory businesses. The Compliance Rule requires advisers to adopt and implement policies and procedures reasonably designed to prevent violations of the Advisers Act, including with respect to the creation and maintenance of required records.

The Risk Alert outlines practices the OCIE observed that may assist advisers in meeting their regulatory obligations with respect to electronic messaging. These practices include, among other things:

• specifically prohibiting the business use of certain apps that can be misused by employees;
• adopting and implementing policies and procedures that address the use of personal devices for business purposes;
• requiring personnel to complete training on the adviser's policies and procedures regarding prohibitions and limitations placed on the use of electronic messaging;
• contracting with software vendors to monitor social media and email to archive such communications and ensure they have the capability to identify any changes to content;
• regularly reviewing social media to monitor employees' compliance with the adviser's policies; and
• loading certain security apps or other software on company-issued or personal devices.

In addition, the OCIE encouraged investment advisers to stay up-to-date on evolving technology, while being mindful of how it is being used.

Commentary / MatthewLefkowitz

While the OCIE Risk Alert reviews a broad range of communications issues, the heart of the message is that firms must prohibit the use of any communications technology if the firm is not able to retain a record of the communications sent on it. Without a record, the firm cannot adequately supervise the communication and the regulators cannot oversee it.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.