Supervision Policies and Procedures
This Connected Suite Spotlight Series, is for clients using the Professional Archive, and anyone who is interested in benefits and tips for compliance best practices for financial services.
Supervision Policies and Procedures
Supervision configuration options include policy management. This allows policy configuration for data supervision and classification based on a wide set of search criteria such as sender/recipient, content type, keywords, subject, body, attachments and exclusions.
Create policies for a modern workforce with compliance in mind
With a rich policy engine at your fingertips, clients are enabled to flag and classify messages based on a wide set of criteria, including sender/recipient, content type, keywords, subject, body, attachments, and exclusions. And, retention policies let clients hold or purge data as required by corporate policies.
Pro Tip: Policies designed for email will need re-inspection to reflect specific ways new channels (like text, social, instant messaging and collaboration), intersect with traditional email, especially over personal devices (like mobile phones).
Refine policies and zero in on messages being flagged for review that truly pose risk – this reduces review queue volume and saves time. Refining supervision policies can be a key competitive advantage for your supervision team.
Written Policies and Procedures
FINRA Rule 3110, and SEC Rule 206(4)-7 require a firm’s supervisory system to provide for the establishment and maintenance of policies and procedures. Firms that have not already done so should adopt and periodically review formal written electronic communication policies. As your firm works through creating and maintaining policies and procedures, consider the following:
- Policies and procedures must be tailored to the specific risks of the firm and address all activity in which your firm engages. Policies should be appropriate for the size and structure of the firm’s business.
- Policies and procedures should set forth standards for devices and applications that may be used so all communications can be retained and supervised.
- Permissible messaging applications must allow message retention.
- Policies and procedures should be updated to reflect regulatory changes, as well as changes made to the supervisory process.
- FINRA recommends that firms adopt a combination of lexicon and random review of electronic correspondence.
- A manual internal review process is recommended.
- All applicable departments should be involved in the creation of the firm’s written electronic policy (Management, IT, Legal, Compliance, Marketing, Operations, Trading).
- All policies and procedures must specify basic parameters for reviewing electronic communications. There is no prescribed formula for determining how many emails to review, but enough should be reviewed for an advisor to be able to defend it as reasonable. Policies and procedures are not required to specify exact percentages or quantities to review.
- The most important takeaway is to review as many messages as are specified by the firm’s policies. If the policies call for a review of four percent of all emails each month, reviewing only two percent in a quarter is missing the mark.
Periodically gather feedback from your employees and peers who regularly use new technology. Your policies should reflect today’s evolving digital communications landscape. Since new channels frequently emerge, it’s important to keep employee training up to date in order to keep pace with the latest technology.
Not following your firm’s policies and procedures is just as bad as not having any in first place. It’s important to ensure policies are properly enforced and followed by the designated reviewers.
“One of the most frequently cited violations is failure to follow Policies and Procedures.”
Need help with policy development and tuning? We can help!
Policies can be custom-created, or built from one of the 40+ expert templates that we can provide, which have been honed over time and developed by our subject matter experts. Policies should be tuned on a regular basis for maximum performance and efficiency. Learn more about our policy tuning services
- Keyword or Lexicon Policy
- Auto-Review Policy
- Privileged Policy
- Retention Policy
Always keep your lexicons up to date
For a comprehensive list of frequently updated terms and keywords see ‘Most Common or Popular Keywords, Phrases and Exclusions’ – a knowledge base article on Smarsh Central.
Share this post!
Archiving and Compliance Blog
Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.