Electronic Messaging Exams: Looking Beyond Emails

The SEC is conducting “electronic messaging” examinations, which include all forms of written communications related to an Adviser’s business which are conveyed electronically by methods other than email messages sent or received using the Adviser’s email system.

The types of electronic messaging in the examination include those of the Adviser and the Adviser’s personnel (including independent contractors) used for the Adviser’s business and subject to the Books and Records rule (Rule 204-2(a)(7) or (11)).

The types of electronic messaging include:

  • Instant messaging
  • Text/SMS messaging
  • Email and personal or private messaging, whether on the Adviser’s systems or third party apps or platforms
  • The Adviser’s mobile devices
  • Personally owned computers or mobile devices used by Adviser personnel, including independent contractors

The exam document request asks the Adviser to provide copies of written policies and procedures relating to electronic messaging, including informal or unwritten policies or procedures, and those addressing transmittal of sensitive information and related security and privacy concerns.  The exam requests identification of all persons overseeing the policies and procedures and their roles and responsibilities, monitoring and review processes, exception reports, whether any violations have been detected, a summary of any internal audits or compliance reviews associated with electronic messaging, and copies of any risk assessments or risks, and how the Adviser mitigates or addresses these risks.  Information regarding recordkeeping is requested, including if maintained by a third party vendor.

Takeaways: 

  • Review your policies and procedures related to electronic messaging. Ascendant’s Cybersecurity Practice can partner with you to craft more robust policies related to Electronic Communications, Acceptable Use and Information Security that are tailored to your business and cover policies and controls for email, text messaging, apps and cloud-based services. You can also use our proprietary technology tool, Ascendant Compliance Manager, to manage and distribute those policies, capture employee attestations, document your control activities and log any material findings. Contact us to learn more.
  • We’ve also previously weighed in on some of your options relating to policies regarding personal e-mails at work in a previous blog we did on cybersecurity, linked here.
  • We believe this is a sweep exam in the NY region, which may be designed for information gathering and result in a soon-to-be SEC Guidance Alert. We will continue to keep you posted if/when we learn anything new.

Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Loading form...

Latest Content

Form CRS and Its Impact on State-Registered Advisers

While many investment advisers are starting to plan for Form CRS/Form ADV Part 3, one group of investment advisers can breathe a sigh of relief that this is a project that does not need to be on their ‘To Do’ list. As of now, no state regulator has adopted this disclosure document for state-registered advisers. … Continued

Effective Compliance Policies & Procedures and Annual Reviews: Meeting the Reasonably Designed Standards

Investment Advisers must perform an annual evaluation of the effectiveness of their compliance program. This starts with ensuring, maintaining and implementing reasonably designed policies and procedures. This ComplianceCast webinar covers the recent regulatory changes that may trigger a need to reevaluate your present policies. Who Conducts and How to Conduct the Annual Review Planning and … Continued

7 Reasons to Attend Our Scottsdale Fall 2019 Compliance Conference

If you’ve been considering joining us in Scottsdale for our Sept. 23-25 compliance event, here are seven reasons you should take the plunge now! The Best Mix of Informational & Educational Speakers – We just added OCIE’s Co-National Associate Director of Investment Adviser/Investment Company Examination Program Marshall Gandy to our stellar list of presenters. He joins ex-NFL star Merril … Continued