Under the leadership of SEC Chairman Gary Gensler and Director of Enforcement Gurbir Grewal, the SEC has consistently prioritized compliance with books and recordkeeping obligations for registered broker-dealers, especially with regard to the failure to preserve communications from personal devices and ephemeral messaging applications that concern company business. Since December 2021, the SEC has procured over $1 billion in penalties from registered broker dealers that failed to maintain and preserve electronic communications.
In October 2022, news reports emerged that the SEC had initiated sweeps of investment advisers to determine whether those entities had adequate policies and procedures in place to preserve “off-channel” communications. However, as soon as these reports emerged, questions were raised as to whether, under the existing federal securities laws, investment advisers are subject to the same recordkeeping standards as broker dealers.
On January 31, 2023, the Managed Funds Association (“MFA”), along with several other trade associations involved in the securities and financial markets, wrote a letter to Chair Gensler raising important questions about the scope and application of the recordkeeping provisions of the Investment Advisers Act of 1940 (“Advisers Act”). This blog post examines the context giving rise to the MFA Letter and summarizes the MFA’s position.
Recent SEC Enforcement of Recordkeeping Requirements
In September 2022, the SEC announced 15 charges against broker-dealers and one affiliated investment adviser for failure to properly maintain and preserve electronic communications. Combined penalties totaled over $1 billion. The investigation revealed that the companies failed to properly preserve “pervasive off-channel communications,” meaning business-related communications on personal electronic devices, often through text message. Chair Gensler expressed a particular interest in enforcing recordkeeping requirements in the digital age, stating, “As technology changes, it’s even more important that registrants appropriately conduct their communications about business matters within only official channels, and they must maintain and preserve those communications. As part of our examinations and enforcement work, we will continue to ensure compliance with these laws.”
In October 2022, news reports suggested that the SEC broadened its recordkeeping enforcement initiative from broker-dealers to investment advisers. According to anonymous sources, the agency sent inquiries to numerous investment funds and advisers asking for information about their recordkeeping protocols for off-channel business communications. The SEC declined to comment on the “existence or nonexistence of a possible investigation.”
These alleged investigative probes demonstrate higher SEC scrutiny on the practice of using personal devices for business communications without proper maintenance and recordkeeping protocol. The MFA Letter claims that, as part of its investigative sweeps, the SEC has asked certain investment advisers to image and review the personal phones of several employees in search of “any off-channel business communication, regardless of its nature.” While the MFA and other signatories to the MFA Letter agree that good recordkeeping is critically important to maintaining market integrity, the MFA Letter expresses concerns that the SEC’s recent demands may exceed the agency’s authority and raise privacy concerns.
Scope of Statutory Authority
First, the MFA Letter expresses concern that the SEC is exceeding its statutory authority under the Advisers Act by requiring investment advisers to search for all off-channel business communications. According to the MFA, the Advisers Act’s recordkeeping requirements are narrower than those applicable to broker-dealers under the Securities Exchange Act of 1934 (“Exchange Act”). Specifically, while Advisers Act’s Rule 204-2(a)(7) requires registered investment advisers to maintain and preserve four categories of written communications—(1) “[a]ny recommendation made or proposed to be made and any advice given or proposed to be given”; (2) “receipt, disbursement or delivery of funds or securities”; (3) “placing or execution of any order to purchase or sell any security”; and (4) “predecessor performance”—recordkeeping requirements for broker-dealers under the Exchange Act’s Rule 17a-4(b)(4) demand that broker-dealers retain “all communications . . . (including inter-office memoranda and communications) relating to its business as such.” The broad recordkeeping language in the Exchange Act rule contrasts the enumerated categories subject to recordkeeping requirements in the Advisers Act rule. Additionally, whereas the Exchange Act rule explicitly requires broker-dealers to preserve “inter-office” communications, no such requirement is present in the Advisers Act rule. The MFA Letter argues that the SEC “knows how to draft broad books and record requirements,” and when it comes to communications under the Advisers Act, the broader statutory formulations are notably absent.
The MFA Letter also points out that a January 2011 Study on Investment Advisers and Broker-Dealers created by the SEC itself acknowledges that “[d]ifferences . . . exist in the books and records requirements applicable to broker-dealers and investment advisers.” In fact, the Study recommended that the SEC should consider “harmoniz[ing]” the books and records requirements under the Advisers Act and the Exchange Act.
Individual Employee Non-Compliance
Second, the MFA Letter cautions the SEC to avoid “recasting” individual employees’ non-compliance with internal firm recordkeeping requirements as adviser firm violations. According to the MFA, many investment advisers employ electronic communication policies that are even broader than statutory requirements. For example, internal policies often require employees to exclusively use approved devices for business communications, regardless of whether those communications fall into any of the enumerated categories of communications under Advisers Act Rule 204-2(a)(7). However, the MFA urges, guaranteeing perfect compliance by every single employee is almost impossible. Penalizing firms for imperfect compliance may lead to firms adopting “policies that narrowly circumscribe recordkeeping obligations,” instead of a broader approach. Moreover, because investment advisers are required only to “[a]dopt and implement written policies and procedures [that are] reasonably designed to prevent violation[s]” of the Act, the MFA is concerned that seeking perfect compliance from all employees is an over-broad reading of investment advisers’ duties.
Finally, the MFA Letter expresses concerns about the privacy implications of a broader approach to enforcing recordkeeping requirements. Describing collection of personal devices as “extremely invasive,” the MFA Letter explains that the imaging and collection process often collects sensitive personal information that do not relate to business communications, such as medical information, passwords, and financial information. The MFA Letter suggests that such expansive methods may even violate international privacy standards, like the European Union’s General Data Protection Regulation.
The MFA Letter ultimately urges the SEC to interpret the Adviser Act’s recordkeeping requirements “as written,” and, if the agency would rather interpret the rule broadly, to issue formal guidance instead. During this process, the SEC can seek input from industry participants and the public before issuing additional guidance. It remains unclear whether the SEC will take up the MFA’s suggestion to commence a notice-and-comment process on this issue. In the meantime, investment advisers and funds should be aware of the SEC’s increased scrutiny on books and recordkeeping policies and practices. This may be especially important in recent years, as remote and hybrid work during the COVID-19 pandemic may have resulted in greater use of personal devices for business communications. To limit potential exposure, firms in this industry should continue to create and maintain policies that limit the use of personal devices for business communications and regularly train employees on such policies.