Written by: Gabrielle Magdziarz
As we head into the holiday season, let’s introduce a small history lesson. On December 3, 1992 the first SMS message was sent from a computer by Neil Papworth, a 22 year old engineer, to a colleague’s phone stating a simple message “Merry Christmas”. Thirty years later, we look at the wide array of communication methods available to us: email, texting, instant messaging, hundreds of applications with messaging capabilities, and video conferencing. The way we communicate is changing every day, but with those changes remain the steadfast rules of this industry - it needs to be maintained, it needs to be preserved, and it needs to be supervised.
“Finance, ultimately, depends on trust. By failing to honor their recordkeeping and books-and-records obligations, the market participants we have charged today have failed to maintain that trust.” Securities and Exchange Commission Chair, Gary Gensler
Over the past two years there has been a resounding increase in violations surrounding the Securities and Exchange Commission's ongoing recordkeeping initiative. The most recent release in September announced another ten firms charged for widespread and longstanding failures to maintain and preserve electronic communications, totalling $79 million in fines and penalties. This news came on the tailwind of August’s release where the SEC charged eleven firms with penalties totaling $289 million. In conjunction with the total fines and penalties from 2022 regarding record-keeping violations, this brings the tally to over $1.8 billion and over 50 enforcement actions. In reviewing these enforcement actions, the commonalities are:
- Failure to reasonably supervise, with a view to prevent and detect violations of federal securities laws.
- Failure to maintain and preserve business communications, whether it be internal or external communications.
- Inadequate policies, procedures, and controls that are compliant and designed to detect and prevent violations.
RIAs have a fiduciary responsibility to their Clients, and recordkeeping has been vital to preserve that integrity. As technology continues to advance, so should the policies and procedures of every RIA to ensure all communications are being maintained. So, how does an Investment Advisor effectively mitigate their risk? Really, an Advisor has two options:
- The Advisor opts to completely ban the use of personal devices and/or other various off-channel communication applications. Examples of certain control measures that can be put into place regarding this policy are:
- Written policies and procedures stating that personal devices and other various off-channel communication applications can not be used for business purposes, and have supervised person’s attest to those policies.
- Enhance review of supervised electronic communications (i.e email) to ensure that off-channel communication is not occurring with clients or members of the firm alike.
- Provide training for all supervised person’s of the Advisor regarding what is and is not acceptable, and the ramifications for violations.
- The Advisor opts to allow for the use of text-messaging and other electronic communication methods with appropriate policies and procedures in place. Examples of certain control measures that can be put into place regarding this policy are:
- Written policies and procedures regarding personal devices and/or electronic communication applications may be utilized on an approved basis by the Chief Compliance Officer.
- Advisors undergo a due diligence process for vendors they seek to utilize as part of the firm’s communication platform. This includes the reviewing the messaging platform for supervised person use, ensuring there are supervisory capabilities, and understanding the archiving set up.
- Provide training for the supervised persons who use the platform and compliance reviewers who supervise the platform, and the ramifications for violations.
Advisors in need of a solution, should start with current vendors they utilize to determine if they can bundle their email, social media, website, and texting platforms which, in turn, streamlines supervision and cost as well.
Whether an Advisor allows the activity or not, having the appropriate testing and supervision measures in place is the best line of defense. Effective supervision, due diligence and proper training are key when it comes to mitigating risk.