Regulatory Best Practices in Mobile Communications
In today’s digital age, financial services firms are increasingly looking to mobile communication tools—such as text messaging, WhatsApp, Slack, WeChat and Telegram—for internal communication and to engage with clients. But such communications create a new source of regulatory risk if recordkeeping and supervisory obligations are not met.
In our recent webinar, Compliance Quick Hits – Mobile Communications in 20 Mins, our experts discussed:
- Trends in mobile communication engagement
- How to minimize regulatory risk while permitting increased channel usage; and
- How to craft policies to enable efficient reviews
Below is a summary of critical points from our discussion.
Trends in mobile communication engagement
Regulatory requirements pertaining to electronic recordkeeping fall under two main buckets: books and records and supervision. Rules such as the Adviser Act Rule 204-2, SEC Rules 17a-3 and 17a-4, and FINRA Rule 4511 describe how registered investment advisers (RIAs) and broker-dealers are required to maintain and preserve books and records, including digital communications.
However, the widespread use of mobile communication platforms for business is creating new regulatory risks, becoming a major point of inquiry by regulators. Across the board, broker-dealers and RIAs of all sizes—small, medium and large—are “actively facing examinations,” said Alex Egan, director at Kaufman Rossin, a CPA and advisory services firm. “It’s really important that we’re taking a proactive approach to bring people into compliance.”
At a minimum, broker-dealers and RIAs should be prepared to produce electronic communications upon request by the SEC or other regulators. “That’s one thing that we’re always thinking about is whether or not we’re properly capturing these communications and satisfying our various books and records obligations,” Egan said.
The second bucket, supervisory obligations over digital communications as described in FINRA Rule 3110 and the Adviser Act Rule 206(4)-7, has evolved dramatically regarding how firms today select which communications to review when taking a risk-based approach. In the past, where firms may have looked over a random sample of communications, “now we see much more sophisticated ways of surveilling, with a focus on trying to identify all of these key risk areas that are applicable to our specific firm,” Egan said.
Best practices to minimize regulatory risk
Reevaluate digital communication policies and procedures
Before mobile communication platforms were popular, broker-dealers and advisory firms outright banned many of the mobile communication and social media platforms commonly use today. Instead, they generally only allowed business communications over the firm’s email channel to easily satisfy books and records and supervisory obligations.
However, this approach has not stopped people from using mobile communication platforms for business purposes. Thus, broker-dealers and RIAs have started to adjust their policies and procedures accordingly, enabling their use internally and with clients.
“By enablement, you’re basically offering that, ‘Hey, if this is important or valuable to you to be able to interact on these platforms, it is allowed at our firm as long as you go through this process to authenticate with our archiving and to subject these communications to all of our supervision obligations. It will make sure that we stay in compliance and also allow you to do business in a way that works for you,’” said Egan.
Tiffany Magri, regulatory advisor at Smarsh, recommends thinking about how to set up ethical walls between personal and professional communications:
“Are you including the right to conduct spot checks on personal phones in your policies and procedures? Is that something your firm will be comfortable with, or are you just going to reserve those measures to maybe something that's an investigation or surveillance where you found a potential violation and then you have to take additional measures?”
Leverage technology platforms
“We leverage technology platforms to archive other platforms, in addition to just emails,” Egan said. “We incorporate those into our supervisory review processes as well.”
While there is a small amount of work upfront to adjust policies and procedures and onboard new platforms, it’s worth the effort — and most of the people outside of compliance and supervision tend to be appreciative.
Monitor off-channel communications
When monitoring digital communications, be proactive about understanding what new technologies get rolled out. New features could create new ways of communicating. If you built procedures around a particular platform or are archiving certain components and then find out that other ways to communicate are not being archived or captured, the business then faces new regulatory risk.
“Technology providers like Smarsh tend to stay on top of those features because they’re the ones that are implementing the technology solutions to be able to properly archive and record that information,” Egan said. “If you do have questions, I’d encourage you to speak to your rep about it because what you’ll find is a lot of times Smarsh already has features built-in with some of those platforms to capture some of the evolution that’s going on with these existing applications.”
Take inventory of mobile communications
Finally, take stock of all your mobile communications and make note of their impact. Where do those business records lie? How can they be captured?
Egan recommended speaking with your adviser or broker-dealer about where business communications are taking place. Firms and advisers like to think they know where everything is, “but as we explore some of these other platforms,” Egan said, “we realize some communications constitute business communications and do trigger supervisory obligations that we’re not currently capturing or satisfying.”
Share this post!
Smarsh
Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.
Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit www.smarsh.com.
Latest posts by Smarsh (see all)
- Strategic Partnerships Highlighted at SmarshCONNECT 2024 - April 15, 2024
- What Are Financial Firms Saying About 2023’s Regulatory Squeeze? - January 10, 2024
- Form ADV Amendments: Frequently Asked Questions (FAQ) for RIAs - December 6, 2023
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
FEATURED CONTENT
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US