It’s been an eventful year, on many fronts, for financial services firms regulated by the SEC and FINRA.

While the industry is watching closely to see what changes may transpire under the Trump administration, there were some significant developments led by the regulators in 2016.

2017 will no doubt bring some uncertainty as the industry waits to see what rules and regulations may be impacted. However, firms are advised to proactively prepare for SEC and FINRA rules that have already been put in motion, rather than be caught up short. Consider the following:

1)     Sweeping Preparations for the New Fiduciary rule. As the Department of Labor (DOL) continues to work on the details of its new fiduciary rule, which goes into effect in April 2017, the financial services industry is working to integrate new operational standards to ensure compliance.

When the rule goes into effect, there will be more strict, universally applied standards for those who provide retirement advice, which will have a significant impact on advisors who will be held to the fiduciary standard. Advisors will be required, among other things, to reveal any potential conflicts of interest to clients, and state all fees and commissions clearly in dollar form to clients. Previously, only advisors who charged a fee for service on retirement plans were considered fiduciaries.

The rule will result in several important changes. Advisors will be required to adhere to a best-interest standard, new compliance protocols, an increased level of scrutiny on fees and advisor compensation.

2)     Social Media Reporting Changes to Form ADV. In 2016 the SEC announced it adopted amendments to Form ADV and the Advisers Act books and records rule, to provide investors and the SEC with a better understanding of the risk profile of each advisor and the overall industry. Any registered investment advisor filing an initial Form ADV or an amendment to an existing Form ADV on or after October 1, 2017 will be required to provide responses to the adopted form revisions.

Advisors need to start preparing now for these form revisions ─ and especially for the SEC’s new requirement that RIAs disclose their firm’s social media platforms in Section 1.I of Schedule D in Form ADV.

This change signifies a big shift in the way that the SEC will approach and evaluate an advisor’s risk profile. Up until now, advisors only needed to list their corporate websites on Form ADV. However, advisors are now also required to list all of their corporate social media accounts. This includes corporate social media pages and other publicly-available, business-related profiles on LinkedIn, Twitter, Facebook, and so on. The specific inclusion of social media signifies the SEC will more heavily scrutinize an advisor’s corporate social media accounts during an examination or audit, as the regulator does with corporate websites.

 To prepare, advisors need to archive and supervise their corporate social media accounts (which they should be doing already as part of their ongoing compliance procedures). The SEC will be asking for an advisor’s corporate social media records, so firms need to think about finding the most efficient and thorough way to retain and quickly produce that content, along with any other digital communications exchanged with clients and/or prospects on email, corporate websites, and more.

3)     Continued Focus on Cybersecurity. FINRA and the SEC continued to focus on cybersecurity in 2016, and require regulated firms to build, communicate and monitor a cybersecurity program to protect client information and financial transaction details. As a result, each regulator set out to routinely conduct cybersecurity-focused examinations in addition to other typical exams.

For FINRA, concerns about cybersecurity preparedness among firms persisted, and the regulator wanted firms to improve their defenses in 2016. Specifically, FINRA reviewed how firms approach cybersecurity risk management, and related governance, risk assessment, technical controls, incident response, vendor management, data loss prevention, and staff training practices. FINRA also said it would specifically examine a firm’s ability to protect the confidentiality, integrity, and availability of information, including compliance with SEC Rule 17a-4(f), which requires electronically stored records to be preserved in a non-rewriteable, non-erasable format.

SEC exam priorities for 2016 also struck a familiar chord for firms. Like 2015 priorities, at the top of the regulator’s list was assessment of market-wide risks, with a focus on advancing firm examination efforts around cybersecurity. (The regulator introduced its second initiative to examine broker-dealer and investment advisor cybersecurity compliance and controls in September 2015). In addition to cybersecurity assessment, firms had to be prepared for the actual implementation of cybersecurity controls and procedures for testing by the SEC in 2016. Firms that performed annual, thorough assessments of their legal, compliance, cybersecurity and operational risks – and then made needed adjustments –  were best prepared for cybersecurity examinations in 2016.

Along with these developments from regulators, Smarsh also had some major news of its own, which support our clients’ compliance programs in this rapidly changing regulatory environment.

The 2016 Electronic Communications Compliance Survey Report showed that current supervision practices aren’t sufficiently addressing the ongoing evolution of communication in the financial services industry, and firms have an immediate need to rethink their traditional approach to the retention and oversight of electronic communications amid a demanding regulatory environment.

While many acknowledge the risk, large gaps remain in the supervision of newer communication platforms like social media, instant messaging and mobile messaging. Many firms are also concerned about overburdening their compliance teams with more work, since status quo compliance processes don’t scale well with the volume and variety of today’s electronic communications.

To address this issue, Smarsh introduced The Assisted Review™ Electronic Communications Supervision Program, which features outsourced review services for firms that must supervise their electronic communications, including email, social media, instant messages, and text messages. Assisted Review combines several technology and service components in a comprehensive solution, enabling Smarsh clients to satisfy compliance requirements while reducing the burden and costs associated with the message review process.

Because we believe the financial services industry is only scratching the surface of how it can use archiving and supervision technology to identify and mitigate risk, this year we also introduced SmarshCONNECT. This highly focused user conference brought together Smarsh customers, technology and compliance partners and industry experts with Smarsh customer success, strategic and product leadership for an engaging and interactive series of keynotes, panel discussions, product sneak peeks and training opportunities. Compliance, risk, legal, IT and marketing executives from the global financial services community had the opportunity to gather in one place to share and gain the knowledge, best practices and industry insights critical to their organizations.

One of the hot topics at SmarshCONNECT was mobile communications, with many concerned that text messaging is exposing financial firms to significant risk. Firms must retain, govern and produce text messages with the same scrutiny as email and all other electronic communications used by their employees. However, the effective governance of SMS and MMS text messages has lagged, and firms are realizing they will experience brand and reputation problems, compliance consequences, and legal issues if they don’t put the right mobile governance safeguards in place.

In 2016, Smarsh tackled text message risk head on, and became the only comprehensive archiving solution that captures mobile/text content directly from leading telecom carriers. Smarsh customers can retain and supervise mobile/text content no matter which operating systems, mobile carriers or devices (company-issued or Bring Your Own Device) their firm and employees use. Smarsh also acquired MobileGuard, our long-term partner long-term partner and pioneer in mobile communication monitoring and retention. MobileGuard brings its patented, intellectual property and development resources to Smarsh, which will enhance the full Smarsh suite of mobile archiving solutions.

We wish everyone a safe and happy remainder of 2016, and look forward to bringing our customers more solutions to help manage change in a complex environment in 2017!