The SEC’s Office of Compliance Inspections and Examinations (OCIE) has identified Books and Records as one of the top five compliance issues raised most often in deficiency letters to investment firms. OCIE observes advisors have failed to maintain all required records, kept inaccurate records, did not update records, and demonstrated inconsistencies in record keeping practices.
For example, in January a large investment firm agreed to pay a $13 Million penalty for compliance breakdowns that included books and records violations. The bottom line: record keeping violations are prevalent. Your firm can avoid record keeping sanctions by implementing Smarsh best practices in modern records management.
Navigate the SEC Books and Records Rule
SEC Rule 204–2 requires firms to maintain certain books and records pertaining to their advisory business. On its examination request lists, the OCIE asks firms to provide emails and other electronic communications retained by registered investment advisors (RIAs). Electronic communications must be kept for the same length of time as a written or printed record.
Records should be kept for a period of not less than five full fiscal years after the last entry was made in that record. For the first two years following the creation of a record, the records must be maintained in the advisor’s principal office. For the final three years, the record may be stored offsite, but must be readily accessible.
You may store your original books and records by using electronic media, such as electronic text, digital images, proprietary and off-the shelf software, and email. Also, if you use email, social media, text messaging, or websites to communicate with clients, you must maintain records of those business electronic communication channels in compliance with SEC Rule 204–2. Plus, if an email pertains to documentation demonstrating the calculation of a product’s financial performance, it may be subject to retention for five full fiscal years after an advisor stops advertising the performance to prospects and clients.
Electronic records must be arranged and indexed in a way that permits easy location, access and retrieval of any record. You should be able to promptly (within 24 hours) produce required electronic records requested by examiners, including email.
Best Practices in Modern Records Management
The electronic communications landscape has never been more complex. Employees of regulated firms now access and use multiple electronic communication platforms during their workday to communicate in real-time. Plus, new communication platforms launch regularly, adding to the complexity.
Firms need to be aware of the electronic communications landscape and ensure they archive all business communications sent to and received by their RIAs, whether those advisors communicate via email, social media, text messaging, websites, or other forms of electronic communication. Your advisors have smartphones. Even if you have a policy that prohibits the use of text messages or social media for business communications, you can’t assume your investment advisors aren’t using their smartphones or social media accounts to communicate with clients.
It’s best practice to implement what I call an archive everything strategy. First, conduct an audit of the communication channels your RIAs really use, and then ensure your firm archives those channels.
Review and Update Your Written Policies and Procedures
Registered investment advisors should review their compliance policies and procedures to ensure they have adequately addressed these issues. OCIE continues to find deficiencies in compliance programs adopted and implemented by RIAs as required by Rule 206(4)-7.
Rule 206(4)-7 requires firms to adopt written policies and procedures designed to ensure compliance with the Investment Advisers Act. If a firm’s compliance manuals don’t fit their practice or are out of date, the firm is in violation of Rule 206(4)-7. Firms are also in violation if they neglect to conduct annual reviews or don’t follow their own policies and procedures.
If your firm does not review its policies and procedures on an annual basis to make sure they are relevant, then your firm is not in compliance with Rule 206(4)-7. In addition, your firm must review its formal written electronic communication retention and supervision policies to ensure those policies keep up with the pace of technology.
Smarsh recommends that firms update their policies to include often-overlooked (but extremely popular) forms of electronic communications, including website pages, instant messages, text messaging, social media posts, email marketing, and more. It’s important to note that simply forbidding these communication channels in a policy isn’t sufficient to protect against recordkeeping rules violations. As we have seen, regulators may fine or suspend a firm and/or advisor if they discover an advisor uses a communications channel that isn’t archived by their firm.
To maintain compliance, the smartest approach is to acknowledge that your advisors use most modern electronic communication channels to reach out to their prospects and clients, including text messaging and social media. Update your policies now to allow your advisors to use the electronic communication tools they want to use, and then archive everything!
Marianna is an adjunct professor and lecturer of Law at New York Career Institute, where she teaches Law Office Management and Real Estate Law. She earned her J.D. at Nova Southeastern University, and a B.B.A. degree in marketing from Baruch College.