Last week, the Securities and Exchange Commission (SEC) and Tesla Chief Executive Officer (CEO) Elon Musk reached an agreement over the CEO’s use of social media. The settlement requires all of Musk’s communication about Tesla’s business via social media, the company’s website, press releases, and investor calls to be preapproved by a securities lawyer. The agreement follows an August 2018 tweet from Musk saying he had obtained the funding necessary to take Tesla private at $420 per share. This violated a previous agreement that Musk was supposed to seek approval before tweeting material information about Tesla. The SEC then went back to court to establish clearer rules for Musk’s public communications. Their settlement required Musk to step down as the chairman of Tesla’s board of directors for three years, pay a $20 million fine, and seek approval prior to publishing all future communications that could be relevant to Tesla shareholders.

The SEC also recently fined a marketplace lender $3 million for miscalculating and materially-overstating annualized net returns to retail and other investors.

According to the SEC order, from approximately July 2015 until May 2017, the lender in question excluded certain non-performing charged-off loans from its calculation of annualized net returns that it reported to investors. As a result, the firm reported overstated annualized net returns to more than 30,000 investors through individual account pages of its website, and in emails soliciting additional investments. Many investors decided to make additional investments based on these overstated annualized net returns. 

“As this case shows, we are committed to holding fintech companies to the same standards applicable to other participants in the securities markets,” said Daniel Michael, chief of the SEC Enforcement Division’s Complex Financial Instruments Unit.

FINRA fined a broker-dealer $32,500 for failing to establish and enforce a supervisory system for email review.

From January 2013 through August 2013, the firm failed to establish, maintain, and enforce a supervisory system, including written supervisory procedures (WSPs), reasonably designed to review email correspondence for indications of potential violations of federal securities laws or FINRA rules. In particular, the firm lacked any pertinent WSPs, and its methods for reviewing email messages were ineffective and unreasonable given its business, size, structure, and customer base.

While the broker-dealer lacked reasonably designed WSPs, the firm conducted email reviews during the relevant period. However, the firm’s President and Chief Compliance Officer (CCO) performed these reviews. In alternate weeks, the CCO reviewed either: (a) 100 emails selected randomly by the firm’s email vendor, or (b) messages flagged by the email system as containing a suspicious word or phrase from a lexicon of 24 search terms created by the firm. The firm’s email reviews were not reasonable, however. The randomly selected messages did not constitute a reasonable amount of the firm’s overall electronic communications, and did not take into account the individuals, branch offices, departments, or business units generating the correspondence. The firm’s lexicon-based review was also not reasonable. Although the firm contacted its email provider to discuss appropriate lexicon search terms and selected 24 search terms that would ‘flag’ an email for a principal review – collectively, these search terms were not comprehensive enough to yield a meaningful sample of flagged communications. Moreover, the lexicon was not based on an assessment of risk areas at the firm, nor was it reasonably tailored to the firm’s size, structure, and business model. As a result, most of the search terms resulted in an unreasonably small number of emails flagged for review. Further, two search terms generated the vast majority of flagged emails, and at least one of those terms was ineffective because it resulted in an unreasonably high percentage of “false positives.” Despite the obvious indications that the firm’s lexicon system was not reasonably designed, the firm did not evaluate the efficacy or make any changes to its lexicon system during the entire Relevant Period. Through this conduct, the firm violated NASD Conduct Rule 3010(a), (b), and (d), and FINRA Rule 2010.

FINRA fined a broker $5,000 for use of personal email in direct violation of company policy.

Although the broker was advised by the firm that he was required to use his firm-approved email address for official business, his use of personal email account to conduct securities business caused his member firm to maintain inaccurate books and records. The findings stated that communications included emails pertaining to sales literature, prospectuses, term sheets, and stock purchase agreements, as well as negotiations of sales terms and fees.

TAKEAWAY

It is vital to your company’s security and reputation to archive all electronic communications data — including social media. Partner with one archiving vendor that captures all electronic communications. Having a centralized archive to search for all your communication data is far more effective than separate solutions.

The WSP’s should provide for adequate electronic communication reviews, methods of review, frequency, and documentation procedures. Outline whether employees have the ability to communicate via email through means other than their firm email account and through third-party communication systems such as Bloomberg and Reuters. If the firm permits employees to communicate with customers through these systems or through other non-firm email accounts, the firm is required to supervise and retain those communications. If the firm elects to prohibit its use altogether, then there is a need to train and require employees to certify that they are acting in accordance with such policies and procedures frequently — on an annual basis at a minimum. Where possible, firms should block access to outside email platforms through their networks. Thus, an employee would be able to access the Internet but not outside email applications. Members utilizing this blocking functionality should periodically conduct tests to ensure that it is functioning as designed or intended. The firm should be able to demonstrate adherence to the requirements during regulatory examinations.

Supervision is critical for retention and oversight of electronic communications. Firms need to demonstrate to regulators that they are supervising the activities of their associated persons. Monitoring electronic communications can be incredibly effective at finding potential violations beyond advisors using their personal email to conduct business; client complaints; overstated annualized net returns; breaches of non-public personal information; or failure to follow privacy policies.

There is no prescribed formula for determining how many emails to review, but enough should be reviewed for an advisor to be able to defend it as reasonable. FINRA recommends that firms adopt a combination of lexicon and random review of electronic correspondence. Randomly selected messages should constitute a reasonable amount of the firm’s overall electronic communications, and take into account the individuals, branch offices, departments, or business units generating the correspondence.

Keep in mind, policies and procedures are not required to specify exact percentages or quantities to review. The most important takeaway here is to review as many messages as are required in the firms WSP’s. Don’t say you do something, if you don’t. If the policies and procedures call for a review of 4% of all emails each month, reviewing only 2% every quarter is missing the mark.

Lastly, make sure to document your review process — another powerful tool to highlight your supervision efforts. Smarsh provides a means by which to electronically document the review and create an audit trail. If the email is spam, note the document is “not material, junk message.” You want the documentation to evidence the review.

An effective supervision system can not only meet regulatory requirements, but also successfully prevent potential violations and oversee the firm’s activities.