The branch of the Securities and Exchange Commission’s compliance efforts issued a Risk Alert on electronic messaging used by investment advisers and their personnel.
The Office of Compliance Inspections and Examinations released the alert to remind advisers of their obligations when firm personnel use electronic messaging and to help advisers improve their systems, policies, and procedures by sharing the staff’s observations from SEC examinations.
PERT members should ensure that electronic communications by firm personnel comply with the “Books and Records Rule” of the Investment Advisers Act (IAA Rule 204-2(a)(7)), which requires advisers to keep copies of all communications relating to:
- any investment recommendation made or proposed to be made;
- any receipt, disbursement or delivery of funds or securities;
- the placing of any order to purchase or sell any security; or
- the performance or rate of return of any or all managed accounts or securities recommendations,” subject to certain limited exceptions.
The Books and Records Rule also requires advisers to retain a copy of each advertisement or other communication the adviser distributes to ten or more persons.
Although the above requirements primarily impact broker-dealers and advisers that trade marketable securities, PERT members should ensure that they have adopted and implemented written policies and procedures reasonably designed to prevent violations of the IAA. The Risk Alert describes several practices SEC staff believes may assist advisers in complying with their IAA obligations, including:
Policies and Procedures
- Prohibiting business use of apps and other technologies that can be misused by allowing an employee to send messages anonymously, allowing for automatic destruction of messages, or prohibiting third-party viewing or back-up.
- Where appropriate, requiring in firm procedures that the employee move messages received in an impermissible format to a permitted electronic system.
- Where advisers permit the use of personally owned mobile devices for business purposes, adopting and implementing policies and procedures addressing use of social media, instant messaging, texting, personal email, personal websites, and information security.
- Where appropriate, contracting with software vendors to monitor social media posts, emails, or websites and archive business communications to ensure compliance with record retention rules.
- Regularly reviewing popular social media sites to identify if employees are using the media in a way not permitted by the adviser’s policies.
- Running regular Internet searches or setting up automated alerts to notify the adviser when an employee’s name or the adviser’s name appears on a website to identify potentially unauthorized advisory business being conducted online.
A full copy of the Risk Alert can be found here.
This alert outlines the importance of adopting policies related to modern investment adviser communications and compliance with the Books and Records rule.