By Jennifer Dickinson, Senior Managing Director, U.S.
On April 3, the U.S. Securities and Exchange Commission (SEC) announced a settlement with a registered investment adviser for recordkeeping failures relating to so-called “off channel” communications. This is the first case against a standalone adviser (i.e., not also registered as or affiliated with a broker-dealer).
The facts are similar to prior cases (see, e.g., our article on the cases settled in August 2023) in that employees throughout the organization communicated about company business internally and externally using text and messaging applications that the adviser was not archiving. Accordingly, the SEC found that the adviser violated its own policies and procedures as well as the SEC’s recordkeeping rule. Notably, the order called out instances in which three senior employees sent these communications on personal devices that were set to automatically delete messages after 30 days; those employees were responsible for supervising and training others, including on the adviser’s recordkeeping and communications policies.
What was the adviser’s e-comms policy?
The adviser’s policies seemed to tick all the boxes of a reasonably-designed policy:
- The policy required retention of all electronic communications sent and received and specified approved communication platforms were designed to retain all such communications
- On an annual basis, employees acknowledged in writing that they read, understood, and abided by the adviser’s compliance manual, which provided that the use of unapproved electronic communication methods was not permitted and that they should not use personal email, text or messaging to transmit work-related communications
- In an emergency, employees could temporarily use alternative communication methods but were required to report such use and copy those communications to their business email accounts
- The policy permitted the adviser to access employees’ personal devices to review for any off-channel communications
- Supervisors were expected to supervise and train employees on the communications and recordkeeping policies
However, during an almost two-year period, the SEC found that thousands of communications, including with fund investors and financial industry participants, were not being archived.
Policy issues and violations
Since the adviser was in the midst of responding to SEC inquiries, it was unable to produce materials that the SEC asked for. In concluding that the adviser failed to follow through on key elements of its policies, the order highlights the fact that the adviser did not actually access any employees’ personal devices to see if employees were using personal email, texts and/or apps for business communications, even though the policy allowed it to do so.
In addition to the recordkeeping violations, the adviser faced charges of failing to enforce elements of its code of ethics, which required employees to pre-clear all of their personal securities trades and mandated supervisory review of employees’ quarterly transaction reporting. Penalties included a $6.5 million dollar payment to the SEC and undertakings to engage a compliance consultant to conduct a comprehensive review of the firm’s policies, procedures and practices as they relate to electronic communications and recordkeeping.
The importance of culture and technology
This case shows that having appropriate policies is only the first step. Leadership and compliance teams should collaborate to best understand their firm’s particular culture and risk as they relate to off-channel communications.
We’re seeing firms rolling out periodic employee acknowledgements, specific to electronic communications and recordkeeping policies, assessing technology solutions to archive text messaging and ramping up electronic communications surveillance. For example, searching for indications that conversations are being moved to, or from, unarchived platforms and spotting trends in terms of the number of communications being archived.
If a firm finds violations of its electronic communications policy and/or recordkeeping rules, it should promptly address and remediate them, as this is a key factor in how the SEC determines penalties.
