As a registered investment adviser, you are required to keep any and all records of client correspondence, including emails, text messages, and social media messages in accordance with Rule 204-2 of the Advisers Act. In addition to being able to easily access these records of communication at any time, you should also be conducting surveillance of such correspondence on a regular basis in order to sufficiently supervise the actions of your employees and fulfill your responsibility to supervise all persons acting on the firm’s behalf.
So, how can you measure whether or not your surveillance of employee communication with clients is adequate? While there is no specific requirement of how such a review should be conducted, below are five guidelines to help you get on the right track.
- Engage an Email Archive Vendor
There are companies that specialize in archiving messages and have user friendly software specifically designed for supervisory and surveillance purposes. Many third party vendors have advantages that can help with email surveillance, including sorting, flagging and backing up the many messages sent and received by your firm. Additionally, many have the technical ability to capture messaging data from other social media sites like Facebook, LinkedIn, Twitter, Bloomberg, and even text messages.
- Set Up a Key Word Lexicon
Once you have engaged an archiving vendor to capture all of your firm’s emails and social media messages, you should set up a key word lexicon to automatically detect and flag emails containing those keywords. This will save you a lot of time, while making your review more effective because it alleviates the bulk of the archive from your manual review. If you have a very large number of emails coming and going through your firm, setting up a keyword lexicon can be especially effective as it will help narrow down the list of messages to only those that require supervisory attention. In addition to reviewing messages flagged by the keyword lexicon, it is recommended you conduct a random search of messages. Doing so will produce a more well-rounded review and may result in finding violations that may not have otherwise been detected by keywords.
- Review and Amend Your Policies and Procedures
Your policies and procedures manual should realistically address the parameters regarding your surveillance. Since there is no hard and fast rule telling you how many messages to review and how often, you are dictating your own requirements in your policy. As a best practice it is recommended that you perform your review at least quarterly. You could include a certain percentage of messages to be reviewed in your policy, but this is subjective to the number of messages your firm has. You want to make sure that email surveillance does not become your full time job, but also make sure you are reviewing enough messages to support the position that you are in fact supervising. If you have set unrealistic procedures for yourself, you may want to consider amending your policy to match your actual email review practices to make sure you are meeting your requirements.
- Perform Your Review
So once you have your keyword lexicon and you know how often and how many messages you are supposed to review, it’s time to dig in! There are various concerns that you should be keeping an eye out for when reviewing employees’ messages. These concerns may include, but certainly are not limited to, client complaints, insider trading, unapproved marketing materials, promissory claims or a guarantee of performance, undisclosed outside business activities, breach of non-public information, or other matters in which the employee is not acting in the client’s or the firm’s best interest. While keeping these potential misconducts in mind, keep your focus very broad because you there is no definitive list of potential issues you may discover. As appropriate, you should discuss any findings with the employee involved and decide on a plan of action from there. Be sure to document any such escalations and their resolution or next required actions.
- Download a Report
Make sure you document all of your hard work reviewing messages. Your archiving vendor should provide various report options that you can run and download for your records. You will want to select a report that details the number or percentage of messages that you actually looked at, relative to the total number of messages. Although you should be able to produce these reports at any given time, it is recommended as a best practice that you generate the report upon completion of each review, and save the report in your files for recordkeeping purposes as well as easy access to the reports.
Following these guidelines will improve the effectiveness of your firm’s email review and surveillance and should arm you with a satisfactory response if the SEC ever asks to see your documentation. While reviewing employee messages may not be on the forefront of your to-do list, or want-to-do list, it plays an important role in your firm’s overall compliance program. For more information on this and other compliance concerns, please contact us today at 800-800-3204 or visit us online at ncsregcomp.com.