Over the past few years, banks and broker-dealers have been the SEC’s primary targets of their probes on violation of communication compliance regulations. SEC has imposed significant penalties on broker-dealers so far. Many large banks, like Morgan Stanley and Goldman Sachs Group Inc, were charged whopping billions of fines for failing to comply with SEC record-keeping requirements.
Recent reports imply that the regulators have expanded their operations beyond broker-dealers. The latest financial firms that have come under the scrutiny of the SEC are Registered Investment Advisers or RIAs.
So does this mean RIA firms are the next ones that could face similar financial penalties from SEC? It is high time for RIA to implement effective policies, procedures, and communication practices and be well-prepared for SEC scrutiny and regulatory examinations.
Compliance Challenges of Registered Investment Advisors
The SEC Required all RIA forms to capture all electronic communications and satisfy their retention requirements. Following is a review of major compliance rules applicable to RIA firms.
Communication compliance for RIA
- SEC Rule 204-2 – Investment Advisers Act of 1940 (the Books and Records rule) – RIA firms must maintain the books and records specified by the SEC. Also, they must preserve these records for at least five years. In addition, in the first two years, they must be stored in a readily accessible place.
- Rule 206(4)-7 – RIAs must adopt and implement policies and procedures that address the recordkeeping obligations under Rule 204-2. Therefore, RIAs must restrict employees from using channels they cannot keep adequate records for business-related communications
- Rule 204-2(a)(14) – According to this rule, RIAs are “required to maintain a copy of each disclosure document and each amendment or revision to it that was given or sent to clients or prospective clients, along with a record reflecting the dates on which such disclosure was given or offered to be given to any client or prospective client who subsequently became a client. In other words, you need to retain every disclosure ever sent to clients and prospective clients, along with the details of when it was sent.”
What are the challenges?
The increasing adoption of electronic messaging, including emails, instant messages, social media posts, and text messages within registered investment adviser (RIA) firms, has created new compliance responsibilities. RIA firms face the challenge of capturing, archiving, and retaining all these types of communications and providing evidence when examiners request them.
One of the biggest compliance challenges of launching an independent RIA is the adoption of the registration process. It can be challenging for firms to comprehend the connection between the advisor’s jurisdiction and the type of advisory business they will operate. Also, running an independent compliance program can take time and effort.
In addition, If the RIA firms do not develop a solid foundation for the firm’s compliance program, there can be negative impacts. Furthermore, managing conflict of interest and other requirements from the SEC and other financial services industry regulators are challenging tasks.
Investment advisor compliance checklist
The following RIA compliance checklist provides an overview of RIA compliance requirements to avoid the risks of compliance violations.
- Implement the policies and procedures to prevent compliance violations according to SEC Rule 206(4)-7.
The policies should be:
Reviewed periodically and manually.
Suitable for the firm’s structure and size
Created by involving all related departments like IT, Legal, Management, and Operations.
The policies should specify the following:
- The devices and apps allowed to use
- The permitted and non-permitted content and how the message content will be captured.
- The permissible and non-permissible communication platforms like social media, email, collaboration, conferencing, and SMS/text messaging.
- Implement supervision strategies that should include:
- Techniques to detect regulatory violations through electronic communications.
- Data privacy and protection
- Prevention mechanisms for unauthorized access to records
- Firms must also implement the following:
- Engage a Chief compliance officer (CCO)
- The creation of ‘lexicons’ to detect possible compliance violations.
- Review captured messages for compliance violations using lexicons, keyword search, and random sampling.
- Perform the necessary enforcement activities
- Document and test the reviews
- When supervising, firms must look for communications like:
- Insider trading violations
- Conflicts of interests
- Unencrypted or unsecured client information
- Communications exchanged through personal email accounts
- Client complaints
- Misleading languages
- Manage communications on mobile devices.
- Determine what devices you allow (BYOD or Employer issued devices?)
- Identify all forms of communication and devices your employees use
- Prohibit what you cannot adequately capture and retain, apps that automatically delete content and have self-destructing messages
- Provide compliance training for associated persons and supervisors
- Third-party vendors can be utilized to provide comprehensive collection, monitoring, and archiving of electronic communications. They should fulfill the following requirements:
- They should be knowledgeable and have purpose-built compliance solutions.
- They can adapt to changing communication platforms.
- They can securely capture and retain data and provide easy access to them.
- They should have advanced search and e-discovery tools, audit, and reporting capabilities.
Best practices for RIA compliance
- Automating the archiving system
Manual archiving systems eliminate the need for time-consuming and hectic manual data capturing and retaining processes. An automated system also reduces costly human errors and helps increase your productivity.
- Maintain the security and privacy of the records
Implement access control mechanisms to avoid unauthorized access to data. Enforce strong password policies, encryption, and other necessary security practices to secure the data from possible breaches.
- Maintain regular backups
Frequent and automated backups help restore the data in case of a data breach, natural disaster, and system unavailability.
- Update the archiving systems and policies regularly.
Update your systems with software patches to avoid security loopholes. Also, regularly review and update the equipment, compliance policies, and procedures to match the latest compliance updates.
- Evaluate your archival system regularly.
Test your archival system periodically to evaluate if it can perform consistently and capture the right data accurately.
How LeapXpert can help RIAs to solve compliance challenges?
LeapXpert offers organizations a modern, high-quality, and compliant mobile messaging solution. Its federated architecture integrates with many instant messaging apps enabling organizations to carry out secure and compliant remote mobile communication supporting iPhones.
Our new RIA solution enables you to easily archive client conversations conducted over WhatsApp, iMessage, and SMS and stay compliant with investment advisor compliance regulations. It is a fast and flexible SaaS solution that has been developed with RIAs and their needs in mind. It is easy to enroll, has no obligation on a minimum number of seats, and onboarding only takes minutes. When all messages are archived with the LeapXpert messaging solution, RIA firms can reap the benefits of compliant mobile messaging with their clients.
SUBSCRIBE TO OUR NEWSLETTER
Useful tips and helpful information.
You can unsubscribe at any time - obviously!