This Connected Suite Spotlight Series, is for clients using the Professional Archive, and anyone who is interested in benefits and tips for compliance best practices for financial services.

Supervision Policies and Procedures

Supervision configuration options include policy management. This allows policy configuration for data supervision and classification based on a wide set of search criteria such as sender/recipient, content type, keywords, subject, body, attachments and exclusions.

Create policies for a modern workforce with compliance in mind
With a rich policy engine at your fingertips, clients are enabled to flag and classify messages based on a wide set of criteria, including sender/recipient, content type, keywords, subject, body, attachments, and exclusions. And, retention policies let clients hold or purge data as required by corporate policies.

Pro Tip: Policies designed for email will need re-inspection to reflect specific ways new channels (like text, social, instant messaging and collaboration), intersect with traditional email, especially over personal devices (like mobile phones).

Refine policies and zero in on messages being flagged for review that truly pose risk – this reduces review queue volume and saves time. Refining supervision policies can be a key competitive advantage for your supervision team.

Written Policies and Procedures

FINRA Rule 3110, and SEC Rule 206(4)-7 require a firm’s supervisory system to provide for the establishment and maintenance of policies and procedures. Firms that have not already done so should adopt and periodically review formal written electronic communication policies. As your firm works through creating and maintaining policies and procedures, consider the following:

• Policies and procedures must be tailored to the specific risks of the firm and address all activity in which your firm engages. Policies should be appropriate for the size and structure of the firm’s business.
• Policies and procedures should set forth standards for devices and applications that may be used so all communications can be retained and supervised.
• Permissible messaging applications must allow message retention.
• Policies and procedures should be updated to reflect regulatory changes, as well as changes made to the supervisory process.
• FINRA recommends that firms adopt a combination of lexicon and random review of electronic correspondence.
• A manual internal review process is recommended.
• All applicable departments should be involved in the creation of the firm’s written electronic policy (Management, IT, Legal, Compliance, Marketing, Operations, Trading).
• All policies and procedures must specify basic parameters for reviewing electronic communications. There is no prescribed formula for determining how many emails to review, but enough should be reviewed for an advisor to be able to defend it as reasonable. Policies and procedures are not required to specify exact percentages or quantities to review.
• The most important takeaway is to review as many messages as are specified by the firm’s policies. If the policies call for a review of four percent of all emails each month, reviewing only two percent in a quarter is missing the mark.

Periodically gather feedback from your employees and peers who regularly use new technology. Your policies should reflect today’s evolving digital communications landscape. Since new channels frequently emerge, it’s important to keep employee training up to date in order to keep pace with the latest technology.

Not following your firm’s policies and procedures is just as bad as not having any in first place. It’s important to ensure policies are properly enforced and followed by the designated reviewers.

“One of the most frequently cited violations is failure to follow Policies and Procedures.”

Need help with policy development and tuning? We can help!
Policies can be custom-created, or built from one of the 40+ expert templates that we can provide, which have been honed over time and developed by our subject matter experts. Policies should be tuned on a regular basis for maximum performance and efficiency. Learn more about our policy tuning services

Watch how to create policy rules in the Professional Archive

Related Knowledge Base Articles in Smarsh Central:
- What are policies?
- How to search for policy matched content
- How to configure policies

• Keyword or Lexicon Policy
• Auto-Review Policy
• Privileged Policy
• Retention Policy

Always keep your lexicons up to date
For a comprehensive list of frequently updated terms and keywords see ‘Most Common or Popular Keywords, Phrases and Exclusions’ – a knowledge base article on Smarsh Central.