Every compliance professional must be cognizant of the dual-settled disciplinary actions confirmed in late 2021 by the SEC and the CFTC against an enrolled broker-dealer and associated entities for allegations that included failing to oversee communications in addition to record-keeping infringements resulting from the utilization of devices by firm employees for corporate communications and the commensurate inability by the firm to sustain, retain, and generate to regulators that information.
When the Division of Examinations (DOE, formerly the Office of Compliance Inspections and Examinations) released information about the SEC’s activity, it “…encourage[d] registrants… to scrutinize their document preservation processes and self-report failures such as those outlined [in the enforcement action]…”. The SEC’s action taken was the most recent in a string of governmental cautions stressing the risks of utilizing personal emails, text messages, and other electronic interactions for commerce.
Prior to this, the DOE and FINRA of the SEC had only published regulation warnings, risk alerts, and inspection priority announcements about the records and books in compliance. The court action of hold fees for infringements of the books and records responsibilities, severe financial sanctions, the appointment of an external contractor, and an admission of guilt—all of which indicate to the sector that the compliance shift has occurred—are less frequent than books and records violations, which are frequently cited as inadequacies in regulatory examinations.
There has been a lot of reporting about the dangers, issues, and regulatory monitoring. The absence of feasible, workable, and compliant answers to the record – keeping, tracking, information security, and compliance program commitments that are brought up when a registrant’s overseen individuals use, or are allowed to use, text messages and personal emails to perform the registrant’s business, however, it seems to have prevented the creation of an active monitoring reaction.
This SEC process entails a licensed financial adviser, which is liable to FINRA rules for the preservation and oversight of books and records, especially electronic communications, as well as federal securities laws and rules adopted and provided by law. Additionally, broker-dealers must define, maintain, and impose procedures to monitor the various types of companies they conduct and the actions of their organizational members. These procedures must be fairly intended to guarantee compliance with the relevant securities laws and regulations as well as FINRA rules. With an emphasis on the preservation and oversight of electronic books and records, and the utilization of personal devices for business communications, instant messaging, blogs and social networking sites, FINRA has offered significant guidance regarding financial adviser books and records conformity.
Even though this case involved a double registration acting as a financial adviser, advisers should also be affected significantly in terms of compliance. The Investment Advisors Act of 1940 (Advisers Act) and its implementing rules and regulations, which address the preservation and oversight of all business-related books and documents, apply to advisers. According to guidelines from the SEC’s DOE, an advisor should permit its employees to utilize electronic communication tools for work-related purposes as long as those tools comply with the Advisors Act’s need for books and records. Apps and other technologies should not be utilized for business purposes if they can be easily abused by an employee to send messages or communicate in another way anonymously, allow for message deletion on demand, or forbid backup or reading by other parties. In addition, according to the DOE’s alert, the advisor’s policies should assert that when an employee gets a work-related electronic message using a communication technique that the company forbids for business purposes, the employee is obligated to transfer the statement to another electronic system that the advisor has ascertained is suitable for compliance with its books and record obligations. Advisors who allow the use of individually owned mobile devices for work-related activities must create and put into practice policies and processes that cover such use with regard to things like social media, instant messaging, texting, personal email, personal websites, and information security. Advisers who license staff members to use personal email addresses, websites, or social media platforms for work-related reasons must also embrace and enforce rules and processes for monitoring, reviewing, and retaining such electronic communications. These procedures and guidelines must include a warning to employees that infringements may result in disciplinary action or termination.
This case has enormous ramifications for all registered businesses. Regulators for the financial sector, including the SEC and FINRA, will concentrate more of their examination and investigation efforts on ensuring that books and records are maintained and monitored, including electronic communications, the use of personal devices, and personal communication accounts. All registered businesses must ascertain right away whether they have policies, practices, and controls in place that are rationally intended to prevent infractions of the relevant legislation, regulations, and laws.
Information from Kroll