In today’s digital age, electronic communications play a crucial role in business operations. As you embark on this exciting journey, it’s important to remember the electronic communications records obligations that come with being a registered investment advisor (RIA). With electronic communications serving as the primary medium for collaboration and engagement, RIAs must take extra care to meet recordkeeping and supervisory obligations set forth by the U.S. Securities and Exchange Commission (SEC).
In this recent webinar, Considerations for New RIAs: Electronic Communications Best Practices webinar, regulatory experts discussed:
- Key regulations for RIAs
- How to get started with electronic recordkeeping and supervision obligations
- Best practices to consider when implementing your policies and procedures.
Below is a summary of the critical points from the discussion.
- Rules of the road
The two main categories when it comes to electronic recordkeeping are books and records and supervision. The Adviser Act Rule 204-2 is the main books and records rule for RIAs. The rule outlines specific requirements for the storage, retention, and accessibility of electronic records, such as ensuring that records are tamper-proof, stored in a format that cannot be altered, and that they are available for immediate retrieval in a readable format. This storage requirement is sometimes referred to as WORM compliance, which stands for write once, read many. Meaning the data is locked down to ensure you have a complete and accurate record of all your business communications.
The second category is supervision, which is also known as the Compliance Rule. These requirements state you must supervise all your business communications, whether it’s email or chat to ensure compliance.
For a slightly more modern take on electronic communications, the OCIE Risk Alert for Observations from Investment Advisers Examinations Relating to Electronic Messaging provides additional guidance around electronic communications practices for business communications and how RIAs could comply with the Books and Records Rules and the implementations of policies and procedures required by the Compliance Rule.
- Best practices
Defining a business record
Take an inventory of how you communicate internally, externally, and particularly with clients. This goes well beyond email into collaborations tools, social media, text messaging, and other messaging applications. Define what would be considered a business record under regulations. Consider how you will retain, review, and supervise those communications over the long haul.
Develop robust policies and procedures
Regulators are increasingly looking for customized, thoughtful business decisions in policies and procedures, so it’s crucial to make sure that you’re rightsizing your supervision and gaining crucial insights into your business as you’re going through your review. RIAs should not only include what communications channels are permitted for business communications but include what is prohibited and how they’ll supervise off-channel business communications.
Documentation of your supervision review is also crucial to electronic recordkeeping. Additionally, think through how you’ll handle violations and ensure that policies and procedures reflect this. Once your policies and procedures are defined, think about customizing lexicons and reviews for different types of business communications you’re engaged with. For example, consider using contextual phrases instead of single-word lexicons to identify risk and set up red flags for off-channel communications. This helps ensure that your business communications are supervised effectively.
Features within those permitted channels are changing rapidly. Another best practice we’re seeing is maintaining ongoing evaluation within those permitted channels. Is there a new whiteboard that’s popped up in your communication channel? Is there a new feature that you must figure out? Can I monitor this? Can I turn it off if I’m going to prohibit it?
When it comes to regulatory obligations, it’s important to know whether you’re covered or exposed and what communication channels need to be archived to be compliant. It’s also crucial to capture everything and let people know if some channels — or features within channels — are off-limits. If some channels cannot be archived, it’s best to find out early in the process. There may be prerequisites, such as licenses or requirements from InfoSec teams, that need to be considered before choosing a compliance vendor.
Historical data should also be considered, mainly the cost-benefit analysis and what needs to be archived. Firms should also identify who is required to be archived and who needs to be archived in addition to them.
Define your goals and outcomes
Defining goals and outcomes is an important best practice when it comes to electronic communication for RIAs. Defining your goals helps you set measurable objectives, track progress and make needed adjustments along the way.
To get started, figure out why you need to archive electronic communications. Beyond regulatory requirements, there are other reasons, such as storing data longer for internal processes and policies. By defining the archiving goals, you can ensure that you’re meeting compliance obligations and making the most of your investment in archiving solutions.
Once you have identified your goals, it’s important to communicate them to your compliance archiver to ensure they are on board and delivering exactly what you need. This can help avoid miscommunications that could lead to non-compliance. It’s also essential to ensure that your business partners understand the outcomes that you need, so they can help you achieve success.
A well-designed supervision program should incorporate a centralized platform for efficient message alerting, documentation, reporting, and other compliance-related tasks, ensuring seamless accessibility and tracking in the event of an audit or regulatory request.
Firms are recommended to engage in periodic checks and balances for when the SEC visits, but also on an ongoing basis. This includes monthly, quarterly, or other regular assessments to determine whether you are meeting your targets and adhering to the requirements of your WSPs.
You should also review each user or channel to determine if you’re under-reviewing or over-reviewing any area. It’s essential to regularly evaluate policy and lexicon performance, as policies tend to drift over time. This review should include an assessment of your highest hit rate policies. It’s vital to consider whether changes to communication channels have occurred over the last year — such as WhatsApp’s rapid growth in the industry — and whether you have adjusted your policies accordingly.
Managing electronic recordkeeping requires compliance with various regulations and best practices. By defining what a business record is, developing custom policies and procedures, and documenting your compliance, you can help ensure that your electronic business communications are being recorded and supervised effectively. These rules and best practices can help you demonstrate compliance with these regulations and better prepare for audits and regulatory requests.
Author: Tiffany Magri – Regulatory Advisor at Smarsh
As a Regulatory Advisor at Smarsh, Tiffany monitors, evaluates and consults on the financial services regulatory landscape. Tiffany has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Tiffany was a Senior Associate at Benefit Street Partners and a Compliance Analyst at Broadstone and Manning & Napier Advisors.
Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.
Need A Regulatory Marketing Compliance Consultant? A Bit More About Us
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.
We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…
You can see our Google reviews here.
Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.