Overview

On 3 April 2024, the US Securities and Exchange Commission (the SEC) announced the first settlement with a stand-alone registered investment adviser for, among other things, failures to maintain and preserve certain electronic communications (the Order).¹ Like prior settlements involving broker-dealers, the SEC’s focus was on communications relating to employees’ use of unapproved applications on personal devices to engage in business-related communications (known as “off-channel communications”).² Notably, this marks the first off-channel communications settlement with an adviser who was not otherwise affiliated with a broker-dealer.³ Under the terms of the settlement, the adviser agreed to pay a US$6.5 million penalty and to implement improvements to its compliance policies and procedures.

Advisers Act Recordkeeping Requirements

Under Rule 204-2(a)(7) of the Investment Advisers Act of 1940, as amended (the Advisers Act), registered investment advisers are required to preserve in an easily accessible place all original communications received and copies of all written communications sent relating to, among other things, recommendations made or proposed to be made and any advice given or proposed to be given. Through a series of recent enforcement actions, which primarily focused on large broker-dealers and certain affiliates, the SEC has been clear that its recordkeeping requirements apply to off-channel communications as well, including ephemeral messaging platforms such as WhatsApp and social media messaging services, as well as personal email and text messaging, which have proliferated in the post-pandemic environment.

Takeaways From this Adviser-Focused Enforcement Action

According to the Order, from at least January 2019 through December 2021, the adviser’s employees at various levels of authority sent “thousands” of off-channel communications about firm business internally and externally using personal texting platforms and other non-firm messaging applications in violation of the firm’s policies and procedures. The Order alleged that the adviser failed to maintain or preserve the required off-channel communications. The Order provides new insight into how the SEC views adviser’s recordkeeping obligations, which are narrower than broker-dealer regulatory requirements.

Our takeaways from the Order are as follows:

The Order Provides Minimal Information as to the Types of Communications That Are “Business-Related” and Fall Within Rule 204-2(a)(7) of the Advisers Act

Although the Order states that some of the communications at issue were related to recommendations made or proposed to be made and advice given or proposed to be given, as with prior orders related to off-channel communication, the Order lacks explicit descriptions or examples of the types of communications the SEC found to fall within those categories. Therefore, how the SEC applies the Advisers Act recordkeeping requirement with respect to off-channel communications remains an open question.

Given the reference to “thousands” of business-related communications, the SEC may be taking an expansive view of the types of communications that are subject to the recordkeeping requirement. There is a risk of regulation creep, with the SEC staff potentially taking a broad view of what constitutes a communication “relating to” recommendations made or proposed to be made and any advice given.

At a minimum, advisers should be cautious that any firm-related business off-channel communications, including clerical communications about setting up meetings, are likely to result in a close review by the SEC staff in an examination. That risk is enhanced where the number of off-channel communications about firm business is in the thousands.

The Order Emphasizes the Firm’s Failure to Implement Policies and Procedures to Retain All Business-Related Communications, Including Off-Channel Communications

The Order noted that the adviser’s policies and procedures strictly prohibited its personnel from using non-firm electronic communication services for any business purpose and that, per the policies and procedures, employees’ personal devices were subject to surveillance by the firm. Citing the widespread use of off-channel communication, the Order alleges that the firm failed to implement procedures to monitor whether its employees were complying with the firm’s communication policies, and specifically noted that the firm did not access employee personal devices to determine whether they were complying.

Importantly, the emphasis in the Order on these points relates to both a failure to implement a sufficient compliance program and the resulting failure to preserve required records. This underscores that advisers should be certain their compliance programs are tailored to their regulatory obligations and that they are implementing and monitoring the effectiveness of these programs on an ongoing basis.

The Order specifically mentions senior officers’ use of personal devices to send and receive text messages related to firm business, including communication concerning recommendations made or proposed to be made and advice given or proposed to be given about securities, and that at least three senior officers had their personal devices set to automatically delete messages after 30 days. The Order notes that the SEC’s review of messages revealed that certain required records had been deleted under these automatic deletion settings.

The Sanctions Imposed Include Substantial Undertakings to Retain Independent Compliance Consultants

Consistent with the SEC’s prior off-channel communication settlements, the firm is required to retain an independent compliance consultant, at the firm’s expense, to perform:

• A comprehensive review of the firm’s policies and procedures, including those for personal electronic devices, to ensure compliance with federal securities laws and firm policies;
• A comprehensive review of the firm’s training programs to ensure employees are complying with federal securities laws and firm policies, including quarterly written certifications of compliance;
• An assessment of the firm’s surveillance program effectiveness in maintaining ongoing compliance with federal securities laws;
• An assessment of the firm’s technological solutions for meeting recordkeeping requirements under federal securities laws;
• An assessment of the measures used by the firm to prevent unauthorized communication methods, including a review of the firm’s policies and procedures to ascertain whether they provide for any significant technology or behavioral restrictions (such as disabling chats on platforms that do not allow for adequate recordkeeping) that prevent the risk of the use of unapproved communication methods on personal devices; and
• A review of the firm’s electronic communications surveillance procedures to ensure integration of electronic communications from approved methods on personal devices into the overall surveillance program.

Recommendations and Next Steps

It is clear that the SEC remains focused on enforcing recordkeeping requirements among registered investment advisers of all sizes. The substantial penalties and settlements are intended to send a message to market participants. Practices and procedures registered investment advisers may wish to consider include:

Institute and Evaluate Current and Prior Policies Pertaining to Electronic Records Preservation and the Use of Communication Channels

Among other things, such policies should address permitted (and prohibited) communication channels, types of communications permitted on approved channels, record retention requirements, and supervision. Policies should be clear that any business-related communications through employees’ personal devices, if permitted, are subject to firm policies, and firm policies should require that any communications subject to the recordkeeping requirements of the Advisers Act are conducted only on firm systems or otherwise subject to the firm’s recordkeeping program. Policies should be periodically analyzed to confirm they are being followed, enforced, and are effective. As required by the Order, firms should also consider requiring their employees to certify compliance with such policies quarterly.

Conduct Routine Employee Trainings, Including Initial and Annual Training, Regarding the Firm’s Policies and Procedures Regarding Electronic Communications and Proper Use of Electronic Communications

These trainings should include proper practices for electronic communication preservation and the use of personal text and email, WhatsApp, Signal, and other off-channel mediums to discuss business-related matters. Firms should consider making these trainings mandatory for all employees.

Institute Technological Measures That Preserve and Flag Off-Channel Communication or Prohibit the Download or Use of Certain Applications Where Message Retention Is Not Possible

Such measures may include surveillance of tracked communications, such as firm email accounts, for indications that employees may be taking business-related communications into an unmonitored medium. Consider if existing retention methods should be extended to certain platforms that employees are most likely to use.

Conduct Periodic Reviews of the Firm’s Technological Measures That Are Designed to Preserve Off-Channel Communications

Firms should continuously be considering whether existing measures to maintain and preserve off-channel communications are sufficient in light of the ever-evolving technology and how employees use that technology. New ways of communication are constantly being developed and it is critical that a firm is prepared to identify these new methods of communication and the firm’s technology is able to monitor these new channels. The SEC emphasized the importance of ongoing monitoring in the Order by requiring an assessment of the firm’s measures to track employee usage of new technological solutions to meet recordkeeping requirements under federal securities laws.

Firm Policies Should Clearly State That Violation of the Policy Can Result in Serious Disciplinary Actions, Including Fines and Termination of Employment

Disciplining employees that violate policies can effectively deter future violations and demonstrate to the SEC that the firm is serious about recordkeeping laws. Firms should also bear in mind that the SEC staff also considers self-reporting when assessing potential penalties for recordkeeping violations.

¹ See SEC Press Release, SEC Charges Advisory Firm Senvest Management with Recordkeeping and Other Failures (Apr. 3, 2024), available here. The Order also charged the adviser with failure to supervise certain of its employees and failure to enforce its code of ethics. For example, a managing director effected numerous securities transactions in a personal account without preclearance, including transactions in a security owned by a fund managed by the firm.

² See our recent alert on this topic here.

³ On 27 September 2022, the SEC settled with DWS Investment Management Americas, Inc., along with its affiliated broker-dealer, Deutsche Bank Securities Inc., for, among other things, off-channel communications violations. See In re Deutsche Bank Sec. Inc., DWS Inv. Mgmt. Ams., Inc., & DWS Distributors, Inc., SEC Release No. 34-95928 (Sept. 27, 2022), available here.