They're coming for the RIAs: Latest SEC messaging sting nabs small firm

A more than $6 million SEC fine against Senvest Management signals regulators are beginning to move down to the RIA level in their quest to stamp out illegal "off-channel" communications.

The Securities and Exchange Commission announced on Wednesday that it reached a $6.5 million settlement with Senvest, a registered investment advisor, over allegations that its employees had discussed business both internally and externally using texts and other communications that weren't properly recorded for review at a later date. As one example, the SEC said three senior executives at the firm had set their personal devices to delete business-related messages 30 days after being sent.

"Adherence to these requirements is essential for the commission to effectively exercise its regulatory oversight and enforce the federal securities laws," said Eric Werner, the director of the SEC's Fort Worth Regional Office.

A spokesperson for Senvest, which neither admitted to nor denied the SEC's allegations, declined to comment.

Starting with the big boys

The case comes as the latest foray in the SEC's attempt to rein in advisors' use of WhatsApp, WeChat and other messaging services to talk business with colleagues and clients. Regulators have so far handed down more than $2.5 billion in fines against firms accused of violating restrictions on so-called "off-channel communications," or messages sent outside systems used to track and record employees' work-related discussions.

The initial enforcement rounds fell on some of the biggest names in the industry. In December 2021, for instance, regulators at the SEC and the Commodity Futures Trading Commission hammered JPMorgan with a $200 million fine after finding that employees as high as the senior level had used WhatsApp and private email services to discuss company business. Then in September 2022 the two regulators imposed $1.8 billion in fines on Goldman Sachs, Morgan Stanley, Bank of America, UBS and other industry stalwarts over similar alleged violations. Subsequent sweeps have hit such well-known firms as Wells Fargo and BNP Paribas, in August last year, and Northwestern Mutual, in February.

READ MORE:
JPMorgan bosses addicted to WhatsApp fuel $200 million in fines
Compliance experts look to AI, tech to help with WhatsApp violations
SEC fines 16 firms in latest WhatsApp probe penalties
Firms struggle to monitor staffers even after WhatsApp probes
Latest WhatsApp sweep shows value of cooperating with SEC

Max Mejiborsky, the vice president of compliance services at the regulatory consultant COMPLY, said it was only a matter of time before regulatory scrutiny should alight on the RIA level. As far as he knows, Mejiborksy said, Senvest is the first independent registered investment advisor to reach an SEC settlement over alleged off-channel violations.

"The SEC has certainly identified it as an industry-wide issue," Mejiborksy said. "And I think that's how it all starts. I think when we had the email enforcement cases, years ago, they started with big firms and they defined solutions as a result of those cases. And I think this will follow a similar path."

Staying on message

Of the more than 30,000 registered investment advisors in the U.S., roughly half are overseen by the SEC and the other half by the states. Firms under the SEC now come under regulatory examination at least once every seven years — which some at the agency say is not nearly frequent enough.

But no matter how stretched their resources, the SEC and other regulators have made cracking down on off-channel communications a priority. Mejiborksy said probes into the misuse of WhatsApp and similar services often start with regulators investigating some unrelated matter such as allegations of insider trading.

It's when they can't retrieve the records they were expecting to find that they'll start leveling accusations about off-channel violations.

"But these could become a sort of primary driver of examinations or the subject of some sort of a targeted sweep because they're so prevalent now," Mejiborsky said.

Allegations aplenty

Senvest is a New York-based firm with nearly $3.7 billion under management and 25 employees, according to a registration document filed with the SEC on April 3. The SEC's complaint stated the firm had a policy requiring employees to acknowledge every year that they had reviewed internal policies banning "unapproved electronic communication methods" and stating that they "that they should not use personal email, any form of text messaging, iMessage, or PIN-to-PIN messaging to transmit work-related messages."

Despite that prohibition, according to the SEC, employees used off-channel means to send thousands of messages from 2019 to 2021 to "senior officers, managing directors, employees, fund investors and other financial-industry participants." The SEC said Senvest supervisors had authority to access employees' personal devices to look for proscribed communications but chose not to exercise it.

The SEC said three senior officers and a managing director at Senvest sent off-channel messages concerning "communications concerning recommendations made or proposed to be made and advice given or proposed to be given about securities." Regulators accused the firm of violating recordkeeping and ethics provisions of the Investment Advisers Act of 1940 and failing to properly supervise employees. 

Three steps to avoid SEC ire on off-channel communications

Brad Levy, the CEO of the compliance software firm Symphony, recommended three steps for firms that are worried they could find themselves in a similar situation. First, they should review their policies to make sure they're strong enough to withstand regulatory scrutiny. Levy said it's essential to revise internal prohibitions and procedures to keep pace with changes in communications technologies and regulators' priorities.

Second, they should make sure those policies are clearly communicated to employees and that employees acknowledge they understand both their obligations and prohibited actions. 

Finally, Levy said, they should adopt some firm-wide system that can be used to track and store messages.

Symphony is one of several fintech companies offering technology that ties into WhatsApp and other services and tracks and records messages advisors and other users send. Levy recommended that firms that don't have some sort of similar system in place put out a request for proposals from Symphony and other tech providers.

Levy said the mere act of moving to have a strong recordkeeping system in place is often enough to buy some goodwill from regulators.

"A lot of people don't like to do that because they don't want to spend money," he said. "And then, it's almost like when you start to do the work, does that mean you have a problem? But I think it's clear you need to start with, say, over five providers and put out a [request for proposals]. And then put a time on it and say, 'In 270 days, we're gonna have a physical thing implemented.'"

Should firms issue dedicated phones or insist on access to personal devices?

Levy said many firms deal with off-channel communications by insisting on the exclusive use of company-owned devices for business dealings. In the Senvest settlement, the SEC says the firm issued cell phones to its employees before the $6.5 million penalty was handed down.

"These devices automatically upload communications into Senvest's archiving system for retention," according to the settlement.

Levy said such a step isn't absolutely necessary, and that there are good reasons for opting something a little less far-reaching. For one, equipping every employee with a phone is expensive. Many advisors also object to the idea of having to carry two devices around with them everywhere.

Levy said firms can also insist that employees give them access to their personal devices. That prevents them from having to carry around two phones but also could let supervisors see photos and other private information.

Some firms take a third option and let employees know that if they want to discuss business on their personal devices, they have to agree to the use of some sort of recordkeeping system. The alternative is to stick strictly to emails and other forms of communication for work-related matters.

Levy said firms can vary their policies according to how much regulatory scrutiny individual employees are likely to come under. Those who trade frequently may need to have firm-issued phones or give supervisors access to their devices. Those with administrative or operational duties don't necessarily fall under the same requirements.

"It's probably not one-size-fits-all," Levy said.

Outside eyes to ensure compliance

In Senvest's case, there will also soon be a third-party looking over supervisors' shoulders and making sure they're living up to their obligations. 

The settlement with the SEC gives the firm 60 days to bring in an outside compliance consultant who will be charged with reviewing its recordkeeping policies and systems and recommending improvements in a written report. 

The SEC then gives Senvest 120 days to comply with recommendations. The consultant will later have to produce a one-year report gauging whether Senvest has been properly carrying out its policies and obligations.

Senvest has also told its employees that they're prohibited to do options trading in their own accounts and "that making more than 10 preclearance trades in a month may trigger increased scrutiny," according to the SEC settlement. Employees also are generally banned from trading in securities owned by the firm's clients.