With annual compliance reviews in full swing this time of year, we write today to remind advisory firms to be sure to assess the sufficiency of their policies and procedures in the ever-developing area of electronic messaging. Our note comes on the heels of a recent Risk Alert on this topic issued by the SEC’s Office of Compliance Inspections and Examinations or “OCIE,” which exhorts advisory firms to take a fresh look at their current compliance policies in light of the particular risks of non-compliance posed by the firm’s usage of electronic messaging.
“Electronic messaging,” as discussed in OCIE’s Risk Alert, refers to such mediums as text/SMS messaging, instant messaging, personal email, and personal or private messaging, but specifically excludes firm-wide email. Notably, OCIE’s exclusion of firm email from analysis in the Risk Alert should not be read as diminishing an adviser’s compliance obligations to capture, store, and periodically review firm email communications. Rather, as OCIE explains, “firms have had decades of experience complying with regulatory requirements with respect to firm email” and it is not as problematic from a compliance standpoint as compared to some of the newer technologies that run on third-party applications or platforms. Continue reading