Off-Channel Communications: Compliance Policy Considerations
The Securities and Exchange Commission (SEC) has made headlines with its enforcement actions against Wall Street firms for the use of “off-channel” communications by their supervised persons. “Off-channel” communications typically take place over social media or other platforms (e.g., text messages, WhatsApp and other direct messaging sites). At the heart of the SEC’s recent enforcement actions were allegations that registered firms failed to adopt and implement written policies and procedures reasonably designed to ensure recordkeeping requirements were met. While there is no “one size fits all” solution to the creation of policies and procedures, the following procedures should be considered:
- Periodic Training and Policy Reinforcement: All supervised persons should be periodically trained on the adviser’s “off-channel” communication policy, and a record of training sessions and attendees maintained.
- Annual Attestation of Compliance: Rather than simply relying on the broad annual attestation of compliance with an investment adviser’s compliance program, require a separate and specific attestation confirming compliance with “off-channel” communication policies. (See Appendix A below for sample certification.)
- Ongoing Monitoring: A chief compliance officer’s oversight should incorporate keyword or key-term searches within emails and other “on-channel” communications for an indication that supervised person may be using “off-channel” communications. Examples of such keyword or key-term searches include: text me; DM me; switch to; and specific names of various platforms (e.g., WhatsApp, gchat, etc.). Warnings should be given, and increasingly severe consequences should be imposed for repeated policy violations.
Policy Drafting Considerations
We recommend that your compliance policy prohibit, at a minimum, “off-channel” communications between supervised persons and advisory clients related to:
- Recommendations made and advice given (or proposed to be made or given)
- Receipt, disbursement or delivery of funds or securities
- Placing or execution of orders to purchase or sell securities
- Predecessor performance
Such types of communications are required records under Advisers Act Rule 204-2(a)(7), and the use of “off-channel” communications likely creates a compliance blind-spot for investment advisers.
We understand that many investment advisers have adopted off-channel communications policies that are broader than the statutory requirement, such as requiring employees to use only certain approved devices and platforms for all business communications.
We also understand that employees likely would consider a comprehensive compliance review of their personal devices to be invasive. Compliance officers should be careful not to collect or maintain employees’ sensitive personal data from their personal devices, such as medical information, passwords, or financial information. In some circumstances, it can also create complications under state or foreign data privacy laws, such as the European Union’s General Data Protection Regulation.
We recommend that an adviser’s written policies and procedures also address instances where a supervised person receives client-initiated off-channel communications. After all, not all business-relationships are purely based on business, and a client likely will not be aware of the adviser’s policies. Options include requiring supervised persons to (i) forward the “off-channel” communication to an on-channel platform or (ii) create a record of the “off-channel” communication in a client relationship management system or the client’s file.
The effectiveness of any policy comes down to ensuring supervised persons are appropriately educated and trained on their obligations and role in ensuring compliance with the Advisers Act books and records rule.
SEC Exam Request
We note that the SEC Staff’s standard form of Examination Information Request List (see attached) for registered investment advisers includes the following request:
Electronic communications. Please explain the steps taken by the adviser to monitor, review and retain electronic communications related to the adviser’s business. Electronic communications include, but are not limited to, email, text messages, messaging apps, instant messages, Bloomberg messaging and private messaging on social media sites. Please address the following: (1) whether supervised persons are permitted to use personal devices for firm business or are permitted to use any form of electronic communication other than adviser email accounts for business purposes; (2) if so, what steps the adviser takes to approve the use of such personal devices or additional means of electronic communications; and (3) what steps the adviser takes to ensure that supervised persons only use approved means of electronic communications to conduct firm-related business. Please also explain the adviser’s policies on use of Dropbox, Google Drive and other forms of cloud storage by supervised persons.
As a result, we recommend that advisers clearly communicate their policies to advisory personnel, keep track of any approved messaging platforms and cloud storage, and ensure that advisory personnel use only these approved methods for external communications for advisory firm business.