Regulatory Best Practices in Mobile Communications
In today’s digital age, financial services firms are increasingly looking to mobile communication tools—such as text messaging, WhatsApp, Slack, WeChat and Telegram—for internal communication and to engage with clients. But such communications create a new source of regulatory risk if recordkeeping and supervisory obligations are not met.
In our recent webinar, Compliance Quick Hits – Mobile Communications in 20 Mins, our experts discussed:
- Trends in mobile communication engagement
- How to minimize regulatory risk while permitting increased channel usage; and
- How to craft policies to enable efficient reviews
Below is a summary of critical points from our discussion.
Trends in mobile communication engagement
Regulatory requirements pertaining to electronic recordkeeping fall under two main buckets: books and records and supervision. Rules such as the Adviser Act Rule 204-2, SEC Rules 17a-3 and 17a-4, and FINRA Rule 4511 describe how registered investment advisers (RIAs) and broker-dealers are required to maintain and preserve books and records, including digital communications.
However, the widespread use of mobile communication platforms for business is creating new regulatory risks, becoming a major point of inquiry by regulators. Across the board, broker-dealers and RIAs of all sizes—small, medium and large—are “actively facing examinations,” said Alex Egan, director at Kaufman Rossin, a CPA and advisory services firm. “It’s really important that we’re taking a proactive approach to bring people into compliance.”
At a minimum, broker-dealers and RIAs should be prepared to produce electronic communications upon request by the SEC or other regulators. “That’s one thing that we’re always thinking about is whether or not we’re properly capturing these communications and satisfying our various books and records obligations,” Egan said.
The second bucket, supervisory obligations over digital communications as described in FINRA Rule 3110 and the Adviser Act Rule 206(4)-7, has evolved dramatically regarding how firms today select which communications to review when taking a risk-based approach. In the past, where firms may have looked over a random sample of communications, “now we see much more sophisticated ways of surveilling, with a focus on trying to identify all of these key risk areas that are applicable to our specific firm,” Egan said.
Best practices to minimize regulatory risk
Reevaluate digital communication policies and procedures
Before mobile communication platforms were popular, broker-dealers and advisory firms outright banned many of the mobile communication and social media platforms commonly use today. Instead, they generally only allowed business communications over the firm’s email channel to easily satisfy books and records and supervisory obligations.
However, this approach has not stopped people from using mobile communication platforms for business purposes. Thus, broker-dealers and RIAs have started to adjust their policies and procedures accordingly, enabling their use internally and with clients.
“By enablement, you’re basically offering that, ‘Hey, if this is important or valuable to you to be able to interact on these platforms, it is allowed at our firm as long as you go through this process to authenticate with our archiving and to subject these communications to all of our supervision obligations. It will make sure that we stay in compliance and also allow you to do business in a way that works for you,’” said Egan.
Tiffany Magri, regulatory advisor at Smarsh, recommends thinking about how to set up ethical walls between personal and professional communications:
“Are you including the right to conduct spot checks on personal phones in your policies and procedures? Is that something your firm will be comfortable with, or are you just going to reserve those measures to maybe something that's an investigation or surveillance where you found a potential violation and then you have to take additional measures?”
Leverage technology platforms
“We leverage technology platforms to archive other platforms, in addition to just emails,” Egan said. “We incorporate those into our supervisory review processes as well.”
While there is a small amount of work upfront to adjust policies and procedures and onboard new platforms, it’s worth the effort — and most of the people outside of compliance and supervision tend to be appreciative.
Monitor off-channel communications
When monitoring digital communications, be proactive about understanding what new technologies get rolled out. New features could create new ways of communicating. If you built procedures around a particular platform or are archiving certain components and then find out that other ways to communicate are not being archived or captured, the business then faces new regulatory risk.
“Technology providers like Smarsh tend to stay on top of those features because they’re the ones that are implementing the technology solutions to be able to properly archive and record that information,” Egan said. “If you do have questions, I’d encourage you to speak to your rep about it because what you’ll find is a lot of times Smarsh already has features built-in with some of those platforms to capture some of the evolution that’s going on with these existing applications.”
Take inventory of mobile communications
Finally, take stock of all your mobile communications and make note of their impact. Where do those business records lie? How can they be captured?
Egan recommended speaking with your adviser or broker-dealer about where business communications are taking place. Firms and advisers like to think they know where everything is, “but as we explore some of these other platforms,” Egan said, “we realize some communications constitute business communications and do trigger supervisory obligations that we’re not currently capturing or satisfying.”
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.