Rule 204-(2)(a)(7) of the Investment Advisers Act of 1940 (“Investment Advisers Act”) requires investment advisers registered with the U.S. Securities and Exchange Commission (“SEC”), to preserve “all written communications received and copies of all written communications sent by such investment adviser relating to (i) any recommendation made or proposed to be made and any advice given or proposed to be given, (ii) any receipt, disbursement or delivery of funds or securities, or (iii) the placing or execution of any order to purchase or sell any security . . . .” The SEC has stated that electronic communications are considered written communications and are subject to the supervisory and record keeping requirements. Most books and records requirements for state registered investment advisers are the same as or similar to the SEC requirements, but each state registered investment adviser needs to make sure that it familiarizes itself with the requirements of its securities regulator.
Investment advisers must establish policies and procedures to cover electronic communications for the firm that will include, at a minimum, how the investment adviser will gather and retain email or other electronic communications and how the investment adviser will supervise such communications. Additionally, these communications should be retained for not less than five years from the end of the fiscal year during which the last entry was made on such record. In the event of an SEC or state regulatory examination, examiners will likely request email and other electronic correspondence retained by the investment adviser. If the investment adviser is not able to adequately produce its electronic communications, the investment adviser may face disciplinary measures. Additionally, investment advisers should periodically review and test the email retention and supervision policies in procedures to ensure that electronic communications are being adequately supervised, properly maintained, and can be accessed promptly upon request from an SEC or state regulatory examiner.
Several recent FINRA enforcement actions should serve as a warning to investment advisers and highlight the importance of an investment adviser having in place strong written policies and procedures concerning email and electronic communications. While investment advisers are not regulated by FINRA, investment advisers have similar requirements relating to the supervision and retention of electronic communications and FINRA’s recent actions exemplify regulator’s increased enforcement effort in this area. In one recent disciplinary action, a broker-dealer was fined $7.5 million by FINRA for email violations. FINRA contends that it discovered 35 separate, significant email system failures which prevented the broker-dealer “from accessing hundreds of millions of emails and reviewing tens of millions of other emails.” Additionally, FINRA indicated that as the broker/dealer grew rapidly it failed to devote sufficient resources to update its email systems, which became increasingly complex and unwieldy for the broker-dealer to manage and monitor effectively. FINRA indicated that the broker-dealer was well aware of its email systems failures and the overwhelming complexity of its systems. Consequently, FINRA found that from 2007 to 2013, the broker-dealer’s email review and retention systems failed at least 35 times, leaving the firm unable to meet its obligations to capture email, supervise its representatives and respond to regulatory requests. Because of the broker-dealers numerous deficiencies in retaining and performing surveillance on emails, it failed to produce all requested email to certain federal and state regulators, and FINRA indicated that the broker-dealer “also likely failed to produce all emails to certain private litigants and customers in arbitration proceedings, as required.”
Earlier this year, FINRA fined five affiliated broker-dealer firms for $1.2 million for “failing to retain or review millions of emails for periods ranging from two months to more than six years.” It was further found “…that the firms failed to properly configure hundreds of employee email accounts to ensure that the emails sent to and from those accounts were retained and reviewed at various times between 2004 and 2012. In addition, four of the firms failed to set up systems to retain certain types of emails, such as emails using alternative email addresses, emails sent to distribution lists, emails received as blind carbon copies, encrypted emails and ‘cloud’ email (emails sent through third-party systems). As a result of these failures, emails sent to and from hundreds of employees and associated persons were not retained; and because the emails were not retained, they were not subject to supervisory review.” FINRA ordered the firms to “to conduct a comprehensive review of their systems for the capture, retention and review of email, and to subsequently certify that they have established procedures reasonably designed to address and correct the violations.”
Investment advisers can learn from the mistakes of others and use these lessons to determine if the investment adviser’s electronic email communication retention and supervision policies and procedures are ready to stand-up to regulatory scrutiny. Investment advisers are advised to monitor and periodically review their current policies and procedures to determine whether email retention is adequately addressed and that such policies concerning electronic communications are being followed. Failure to properly maintain emails or other electronic communications may result in disciplinary actions faced by the investment adviser. For more information, RIA Compliance Consultants is hosting a webinar, “Social Media and Email Compliance for Investment Advisers,” on Thursday, June 20, 2013, at 12:00 p.m. Central. During this webinar, RIA Compliance Consultants will discuss the regulatory compliance requirements related to investment advisers’ use of social media websites and email. Our consultants will provide guidance regarding record retention requirements and developing policies and procedures related to using social media websites and communicating with your clients via email. Additionally, we will discuss the need to address the supervision and monitoring of email communication and the personal use of social media websites by investment adviser representatives. To register for this event, click here.