5 tips to help advisory firms keep off-channel communications compliant

August 25, 2023 6:26 PM

As mobile apps provide new avenues for advisory firms to connect with clients, a greater focus needs to be placed on keeping those connections compliant.

To help firms ensure that their off-channel communications don't land them in hot water with regulators, Smarsh, a provider of archiving and compliance software, teamed up with Optima Partners Compliance Advisory this week to host an educational webinar focused on the topic.

Led by Tiffany Magri, a senior regulatory compliance advisor at Smarsh; and Steve Boyd, a director at Optima, the session showed firms how to get started with mobile communications, provided advice on establishing policies, and outlined best practices to keep your firm where your clients are.

The duo explained that the shift toward mobile enablement allows firms to be more productive and responsive than ever. But regulators are cracking down on how professionals in the finance industry communicate with the people they serve.

Wealth management

SEC charges Fundrise Advisors for paying finfluencers $8M to solicit clients

August 23, 2023 4:08 PM

"Last year, we saw 16 firms fined $1.1 billion. The SEC had alleged that these firms, employees, supervisors and even senior executives were routinely communicating about business matters using text messages or other applications on personal devices," he said, noting that 15 of the firms were broker-dealers, and one of the firms was an affiliated RIA.

Boyd added that earlier this month, the SEC announced charges against several firms related to widespread recordkeeping failures resulting in "hundreds of millions paid in penalties, bringing now the total of these actions over $1.5 billion in penalties."

"So what firms need to do is they need to know their communication channels, and they need to strategize on what they can and cannot use," he said.

Scroll down for tips on how to avoid falling victim to similar fines while also maximizing the full potential of mobile communication channels.

Get key stakeholders identified and involved early

The recent SEC cases highlight the fact that everyone within an organization has the same responsibility to conduct their mobile communications by the book.

Because of that, Magri said it is important that individuals from every rung of the company have a seat at the table when crafting your firm's mobile communication strategy.

"What are my legal obligations? What are the needs of marketing? What are the needs of client services? So getting everyone together and having a better understanding will help you pinpoint some of the different applications that will be right for your firm. And then obviously the most important, I think, is to always make sure IT is included," she said. "So getting the right key stakeholders at the table early on into the strategy process will be pretty important."

For Boyd, identifying and addressing systemic issues should also be a top priority when developing your approach.

"It's really the behavior of the culture of these firms and the industry as a whole … it's very hard to change behavior," he said. "But when you see these types of (regulatory) actions come out against these firms, it makes these firms think. And I think they are thinking about this a little bit more and asking the right questions and trying to be on the right side of it.

"In almost all instances, nobody's trying to be a bad actor. But there are bad actors out there. So what a firm can do to try to mitigate bad actors from acting in that regard really goes beyond just the policies and procedures."

Bring your own device vs. corporate owned

When weighing the pros and cons of personal devices or provided devices, Magri said companies must consider factors such as cost, flexibility, compliance risk and customization.

"The BYOD may be cheaper, but you do tend to have a little more security (with corporate owned devices) even if it's ethical walls and whatnot," she said.

Boyd said this topic has been a struggle for many firms in recent years, and the right answer really depends on your circumstances.

It's also a matter of rising importance as remote work that has a greater reliance on technology leads to a greeting blurring the line that separates work and play.

"An emerging manager or somebody that's starting out isn't going to go for a corporate owned, company issued device. They're probably going to look at cost. And that's going to be the most important factor," he said. "But I think that other firms with the means to issue those corporate owned devices are starting to think about this more. Not for cost reasons, because they can obviously do it. But for other reasons. Do we want people using company issued devices for personal purposes? Or using applications or downloading things they want to use for personal entertainment or messaging or whatever it is? And then how do you delineate between what you need to archive on a company issued device if you're allowing your employees to use it for personal reasons?"

Trust, verify and redirect

Magri and Boyd said a key best practice to keep your firm safe is to make sure training and educational opportunities are readily available across the organization.

From there, regular risk assessments should be conducted to ensure that employees understand, acknowledge and adhere to the guidelines that are in place.

"So how do you actually make sure that they've adhered to the policy? It's really going in and looking and trying to find little things to pick at within the archive that have potentially identified that an employee didn't follow the policy," Boyd said. "You always want to trust your employees, but you also want to verify it, right? You want to side with them, you want to be able to defend them, but you want to make sure that they've actually gone and taken the proper steps to not use unapproved channels. So you make it clear. Educate them on which ones you can use, which ones you can't use."

He adds that you should have equally rigorous policies in place in the event communication comes in from an unapproved channel. For example, if a portfolio manager at a fund is getting text messages from their trader, those text messages must find their way back to the firm's archive of captured communications.

"They're communicating what they should do to trim or to add to a position, and that's all business related. So if you're pulling that in, you want to make sure that there is a policy that allows you to then forward to a specific email address or get it back onto an email or messaging platform that will then archive that message," he said.

Supervision and enforcement

Boyd said as a baseline, a firm's archive should be reviewed on at least a quarterly basis.

"The number of messages or the percentage of messages, that's going to vary and depend on the size of the firm, the strategies they run, the types of clients that they have, and the types of risks that they're exposed to," he said. "But you're also going to want to provide education and training that include the proper use of electronic communications, and you're going to want to make sure that your employees are attesting to compliance with these policies and procedures. I think that should be more frequent than annually, because it kind of gets lost annually."

Much like quarterly archive reviews, Boyd believes there is great value in quarterly attestation and having employees sign off on the fact that they have complied with your firm's electronic communications policy.

"So you're getting their word. And then you're going back, you're conducting your reviews of the archives, and you're trusting, but you're verifying to make sure that everything is status quo," he said.

Stay relevant

Magri said in addition to regular reviews and attestation, make sure you're keeping up with the times and tweaking policies to account for developing technology.

"We have so many different new forms of how we communicate now. It's not just texting and emails. It's WhatsApp, collaborative platforms, and chat. Like I talk pretty formally in email. But when I go into my text messaging or my chat internally with my coworkers, I'm using things like emojis and GIFs," she said. "So really trying to think through how to include some of the different things in your communication supervision is going to be key. … There was a case with the money eye emoji being (seen as) insider trading. We've seen items come up where the angry face emoji could be seen as a client complaint.

"There's a bunch of these different cases that are coming out. So I'd encourage you to take a look through those and really stay on top of how these evolving trends with some of these different forms of communication are coming out."