Is your firm keeping its emails? Have these records been kept in an electronic, searchable format? Can you promptly retrieve an email from five years ago? These are questions that investment advisors are now facing during routine exams by the SEC. As you prepare for your next exam, here are few items to consider.
First, an SEC registered investment advisor is required under SEC Rule 204-2 to maintain certain books and records for specified periods, including those specified records that are in the form of emails. (There’s a similar requirement under state regulations for state registered advisors.) In particular, this retention requirement includes all emails to and from a client or prospective client, all internal email regarding a client (including those concerning documentation, instructions, contracts, disclosures, receipt of disclosures, suitability information and investment recommendations), and numerous business related (addressing internal governance, finances and operations, transactions, and marketing) emails. For a complete listing of the documents subject to retention requirements, the actual retention periods and appropriate storage mediums, please refer to the actual rule.
Second, please understand that an investment advisor’s emails will be reviewed as part of your firm’s next SEC examination. The most recent focus has been on the top four officials of the firm. Examiners have been asking for all emails of the top four executives for the past 6 months to 2 years. Keep in mind that emails fall under the 5 year books and records requirement.
Third, examiners have indicated that the produced emails should be in their original electronic format. It appears that firm producing hard copies face greater scrutiny. Moreover, examiners have indicated that the emails need to be produced promptly, which has been defined by the examiners as a few hours. This is a change from the previous practice of allowing 24 hours to produce such requested documents.
With this in mind, your firm needs to make sure that it has carefully established a comprehensive written policy regarding email. This policy should be communicated to your staff and representatives and integrated into your employee and rep continuing education/training program. Next, the firm needs to establish procedures/systems for reviewing its email and devise internal controls to detect whether any employees or reps are using emails outside such a review system. Depending upon your firm’s situation, it’s possible that your firm will want to utilize specialized software designed for surveillance and supervision of email.
If you have any questions or need assistance in preparing your firm’s policies and supervisory procedures related to email usage, please do not hesitate to contact RIA Compliance Consultants.
Posted by Bryan Hill
Labels: Compliance Program
