The Rise of Slack, Teams, Hangouts, Stride and Other Instant Messaging Apps for the Remote Workforce – Are your Books and Records Practices up for the Challenge?

Hardin Compliance Consulting LLC

The ever-increasing collaboration and instant messaging platforms like Microsoft Teams and Slack have become more popular and have changed the way we interact with our co-workers. If you are a broker-dealer or investment adviser, that internal communication is not just a conversation among co-workers, it’s also “written communication” that could be subject to SEC record-keeping rules. Broker-dealers and investment advisers should consider whether these internal communications fall under the same scrutiny and retention requirements as something sent to a client or prospect. This includes instant messaging, text messages, and chats using personally-owned devices.

For broker-dealers, the requirements are clear. Rule 17a-4 of the Securities Exchange Act of 1934 (“SEA”) requires firms to preserve for three years “originals of all communications received and copies of all communications sent (and any approvals thereof) by the member, broker or dealer (including inter-office memoranda and communications) relating to its business.”

Determining the requirements for investment advisers is more challenging. Under Rule 204-2(a)(7) of the Investment Advisers Act of 1940 (“Advisers Act”), advisers must maintain “books and records” including all written communications sent or received by the adviser relating to its investment advisory business. The rule requires advisers to make and keep originals of all written communications received, and copies of all written communications sent, by the investment adviser relating to “(i) any recommendation made or proposed to be made and any advice given or proposed to be given, (ii) any receipt, disbursement or delivery of funds or securities, (iii) the placing or execution of any order to purchase or sell any security, or (iv) the performance or rate of return of any or all managed accounts or securities recommendations.” These written communications must be maintained for five years. Rule 204-2(a)(7) does not explicitly state that inter-office memoranda and communications must be retained.

On December 14, 2018, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a Risk Alert – Observations from Investment Adviser Examinations Relating to Electronic Messaging (the “Electronic Messaging Risk Alert”). In the alert, OCIE discussed its views about investment advisers’ failures to update their compliance programs to accommodate the use of electronic messaging. OCIE said that instant messages are the same as other written communications and are subject to retention under Rule 204-2(a)(7) if they relate to the topics specified in that rule (e.g., relating to investment advice). The firm is responsible for maintaining those records. The rule does not differentiate between internal and external business communications.

Written communications that fall outside the parameters of Rule 204-2(a)(7), such as human resource matters, are not required to be maintained. However, segregating communication into required and non-required content is a significant challenge. As a practical matter, most firms archive all electronic communications as a way to ensure compliance with the rule.

Firms should review the collaboration and instant messaging platforms they are using and determine how to meet the record retention requirements. Some apps like Microsoft Teams and Slack can be configured to meet SEC and FINRA electronic storage and retention requirements. Advisers should also check with their current email retention service to see if it has the capability to retain other types of electronic messages. Many service providers specialize in archiving instant messages, so it pays to shop around.

The Electronic Messaging Risk Alert identified practices that advisers should consider to meet their record retention obligations:

  1. Develop policies and procedures specific to your firm. This could include permitting only forms of electronic communication that can be archived in compliance with the books and records requirements, prohibiting certain apps or technology, and monitoring and reviewing electronic communications.
  2. If an employee receives an electronic message using a form of communication prohibited by your firm for business purposes, firm procedures should require that the employee move those messages to a firm-approved messaging system.
  3. Train your employees and have them attest to the policies and procedures you have in place.
  4. Regularly review your employee’s activities.
  5. Have control over employee devices. This could include loading security apps or software on computers or phones or requiring employees to obtain prior approval before accessing firm information on a personal device.

Finally, in the Electronic Messaging Risk Alert, OCIE “encourages advisers to stay abreast of evolving technology and how they are meeting their regulatory requirements while utilizing new technology.” Compliance officers should be familiar with the technology being used and adjust the firm’s policies and procedures to meet their regulatory requirements.

Photo Credits: Photo by Robin Worrall on Unsplash.

Written by:

Hardin Compliance Consulting LLC

Hardin Compliance Consulting LLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.