On May 1, 2024, we sat down with Jaqueline Hummel, Director of Thought Leadership at SEC3, and Howard Fischer, Partner at Moses Singer, to discuss how to build effective, future facing communication compliance strategies.
During the session, we received a number of questions from audience members surrounding their compliance concerns. Owing to time constraints, we weren’t able to answer all these questions during the session. So, Jaqueline and Howard took those questions away, and have answered them below.
Howard Fischer, Partner at Moses Singer
Jaqueline Hummel, Director of Thought Leadership, SEC3
Clearly the SEC is not satisfied with some firms’ policies, training, and internal reviews to address unapproved communications channels. Assuming that a firm doesn’t have a ‘rampant’ problem, what expectations do they have of a private fund adviser with a staff of around 25 employees (not a broker-dealer or firm serving retail clients)?
First, the firm should have policies and procedures that prohibit the use of unapproved communication channels. Second, the firm should be training its staff periodically on this issue. This training should emphasize the significant compliance risks this practice poses, discussing that the SEC and other agencies have imposed almost $3 billion in penalties. It is not sufficient to instruct staff that these practices are forbidden; they should also be advised that these practices have been an enforcement target for the last few years, and will continue to be an enforcement priority.
Third, the compliance officer should be monitoring approved communications channels for indications that staff members are using off-channel communications. This review should include documentation that it has been conducted, in case an enforcement agency asks for proof. Fourth, the firm should require periodic certifications from staff that they are not using off-channel communications to discuss firm business, either internally or externally. This certification should be at least annually, preferably more frequently.
Fifth, both executives and managers should periodically reinforce the message that off-channel communications are not allowed. Sixth, if any staff member is found to be using off-channel communications, the firm should take action to sanction the employee. Although this is no guarantee that the SEC staff will not pursue enforcement, these actions show that the firm is taking reasonable steps to prevent the use of off-channel communications.
What, if any, do requirements of B/Ds vs RIAs regarding recordkeeping of communications, differ?
There are significant differences to broker-dealer and registered investment adviser record-keeping requirements for communications. Exchange Act Rule 17a-4(b)(4) requires that a broker-dealer retain originals of all communications received and copies of all communications sent by the broker-dealer relating to its “business as such” for at least three years, the first two years in an easily accessible place.
Advisers Act Rule 204-2(a)(7) requires advisers to make and keep “[o]riginals of all written communications received and copies of all written communications sent by such investment adviser relating to (i) any recommendation made or proposed to be made and any advice given or proposed to be given, (ii) any receipt, disbursement or delivery of funds or securities, (iii) the placing or execution of any order to purchase or sell any security, or (iv) the performance or rate of return of any or all managed accounts or securities recommendations,” subject to certain limited exceptions. Rule 204-2(a)(11) requires advisers to make and keep a copy of each notice, circular, advertisement, newspaper article, investment letter, bulletin or other communication that the investment adviser circulates or distributes, directly or indirectly, to ten or more persons.”
The Advisers Act record-keeping requirements are much narrower. However, compliance professionals should be careful not to construe the narrower focus of the Advisers Act requirements as license to be less stringent.
Would sanctioning the individual be a better way of addressing the behavioural issues that the use of personal device for business? The firm can only do so much to control behaviours, and out of office behaviours are not simple to manage.
We don’t really know the answer. So far, the SEC has taken the easy cases – where a firm has a policy prohibiting the use of off-channel communications for business communications which has been ignored by staff and management as well, with no evidence of training or testing and monitoring to check if the policy is being followed. We don’t have any cases where a firm did testing and used sanctions as a deterrent. I would suspect that testing and sanctions would be positive steps to avoid larger penalties. While the SEC has not sanctioned individuals yet, it is possible that the SEC is waiting for a case in which the firm took reasonable precautions, and the individual evaded or disregarded them.
Thoughts on having an eComms policy that requires firm-approved channels only for business comms that are required by 204-2 under the Advisers Act, e.g., trade orders; investment advice, etc?
I would recommend writing the policy that way – there is no reason to mandate more than the regulation requires, since the SEC typically requires firms to enforce their policies as written. Keep in mind, however, that firms are also required to have policies and procedures to prevent insider trading, so make sure the eComms policy addresses that as well.
The SEC has suggested in recent charges against an RIA named Sevnest that a compliance program should include (1) testing of employee’s personal phones (assuming a BYOD approach) and (2) capture of off-channel communications, but this is unclear. Does a reasonable policy under Rule 206(4)-7 need to include these elements?
We don’t know the answer. OCIE issued a risk alert that is still relevant – “Observations from Investment Adviser Examinations Relating to Electronic Messaging“. That has some useful tips about the Examination staff’s expectations.
How can firms and regulators get comfortable with traders meeting in coffee shops/golf clubs and then discussing market details away from recorded devices?
This activity has been going on for as long as there have been investment advisers and broker-dealers. I do not think the ultimate objective is for regulators to have access to every single conversation between investment professionals and their clients. I think existing regulations sufficiently address the standard of behavior required by investment professionals. Firms are expected to perform due diligence prior to hiring, supervise staff, provide training, and set the tone for expected behavior. If a firm is not comfortable with a trader meeting in a coffee shop because of what they might say, the firm should probably fire that trader.
Also, it is important to recognize that part of what motivates the SEC’s enforcement efforts is a concern that investigative efforts are hindered by the use of off-channel platforms, rather than automatically archived firm platforms. As the SEC is more used to people meeting in person and not recording it, that doesn’t interfere with settled enforcement expectations about what communications are preserved, so it is less likely to raise SEC ire.
Short of instituting a provision in policy for personal (or even corporate) devices to be open to inspection – and as far as l am aware such inspection will need to be manual – I cannot see a way forward with regards to “monitoring” of off-channel communication. What solutions are there, if any, to monitor something we have no visibility of?
I think this risk alert provides some answers: “Observations from Investment Adviser Examinations Relating to Electronic Messaging“. Also, it is important to recognize that part of what motivates the SEC’s enforcement efforts is a concern that investigative efforts are hindered by the use of off-channel platforms, rather than automatically archived firm platforms. As the SEC is more used to people meeting in person and not recording it, that doesn’t interfere with settled enforcement expectations about what communications are preserved, so it is less likely to raise SEC ire.
The recordkeeping rule clearly requires that investment advisers keep any external written conversation. The rule does not require that investment adviser keep internal conversations. If the policies are prepared accordingly, and employees are constantly advised to keep any external written conversation, do you guys think it is a problem to allow internal conversations through WhatsApp?
Yes, this is a problem. Based on my experience, I don’t think the SEC would be persuaded by the argument that firm employees can use an unmonitored channel of communication for internal conversations. The Staff will argue that the record-keeping rule is not limited to external communications since the language requires retention of “all written communications received and copies of all written communications sent by such investment adviser” in the specific categories. The problem is that once you allow employees to use WhatsApp to talk to each other, you will have no idea whether they are only discussing topics that are not required to be retained. So just like email, you end up having to retain everything to make sure that you are not missing a required record.
