It’s a new year, and the SEC has texting and social media on its radar.
The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) recently released a risk alert, notifying advisors that it is paying close attention to text messaging, instant messages, and social media. OCIE notes that “text/SMS messaging, instant messaging, personal email, and personal or private messaging” are covered by the “Books and Records Rule” Rule 204-2, and reminds advisers of their obligations when using electronic messaging.
Rule 204-2 requires advisers and their personnel to make and maintain records relating to their investment advisory business, which includes keeping “originals of all written communications received and copies of all written communications sent” relating to (i) recommendations and advice, (ii) the receipt or disbursement of funds, (iii) purchasing or selling a security, or (iv) the performance of a managed account or securities recommendation,” subject to certain limited exceptions.
Additionally, social media was referenced in the alert. Rule 204-2(a)(11) requires advisers to make and keep a copy of each notice, circular, advertisement, newspaper article, investment letter, bulletin, or other communication that the investment adviser circulates or distributes, directly or indirectly, to ten or more persons. The Commission has stated that, “regardless of whether information is delivered in paper or electronic form, broker-dealers and investment advisers must reasonably supervise firm personnel with a view to preventing violations.”
Additionally, the alert references the “Compliance Rule” 206(4)-7, which “requires advisors to adopt and implement written policies and procedures reasonably designed to prevent violation” of the Advisers Act and its rules.
The alert also includes the following SEC recommendations to help advisers implement electronic communication policies and procedures:
- Prohibit electronic communication applications that allow for messages to be sent anonymously, allow for automatic destruction of messages, or prohibits third-party viewing or back-up.
- If advisers permit their personnel to use social media, personal email accounts, or personal websites for business purposes, adopt and implement policies and procedures to monitor, review, and retain all electronic communications.
- Require firm procedures to move messages received from clients to an electronic archive that is in compliance with its books and records rules.
- Adopt and implement policies concerning the use of personal devices, if such devices are used for business purposes.
- Train personnel on all policies and procedures in place on the use of electronic messaging and the disciplinary consequences for violations.
- Provide regular reminders to employees of what is permitted and prohibited under the adviser’s policies and procedures with respect to electronic messaging.
- Solicit feedback from personnel as to what forms of messaging are requested by clients and service providers in order for the adviser to assess their risks, and how those forms of communication may be incorporated into the adviser’s policies.
- Regularly review popular social media sites to identify if employees are using the medium in compliance with the adviser’s policies. Such policies may include prohibitions on using personal social media for business purposes or using business social media accounts excluded from monitoring and record retention services.
- Conduct regular Internet searches or set up automated alerts to notify the adviser when an employee’s name or the adviser’s name appears on a website to identify potentially unauthorized advisory business being conducted online.
- Establish a confidential reporting program so employees can report their concerns “about a colleague’s electronic messaging,” including use of social media or impermissible posts.
- Supervisory Review — For advisers that permit use of social media, personal email, or personal websites for business purposes, contract with software vendors to (i) monitor the social media posts, emails, or websites, (ii) archive such business communications to ensure compliance with record retention rules, and (iii) ensure the capability to identify any changes to content and compare postings to a lexicon of key words and phrases.
“OCIE encourages advisers to review their risks, practices, policies, and procedures regarding electronic messaging and to consider any improvements to their compliance programs … and to stay abreast of evolving technology and how they are meeting their regulatory requirements while utilizing new technology,” the alert states.
The alert should come as no surprise. What’s next? Expect FINRA to step up its monitoring of advisor electronic communication this year too.