One of the most important tasks for mutual fund and ETF chief compliance officers is oversight of the advisors and sub-advisors.
If you are a chief compliance officer, a recent SEC case brought against a large broker-dealer should cause you to re-think how you review and assess the adequacy of your service provider's email retention and review policies. Here's why: If someone at the advisor or sub-advisor is sending deceptive emails to clients or prospective clients, you want to ensure the email retention system and review policies are reasonably designed to detect the deception. Federal securities laws prohibit investment advisors from engaging in any transaction, practice, or course of business that operates as a fraud or deceives clients or prospective clients.
For advisors and sub-advisors, electronic archiving and compliance systems are useful tools, but they don't provide a complete solution to managing oversight responsibilities. As important, firms must properly train to identify problematic emails that technology alone can't catch.
Background
Chief compliance officers of funds and ETFs that are registered under the Investment Company Act of 1940 are responsible for administration of the compliance policies and procedures.
These policies and procedures must protect investors by ensuring the advisors and sub-advisors have internal programs in place to comply with the federal securities laws. When it comes to email review, advisers and sub-advisers can't rely solely on review software to detect fraud. Therefore when chief compliance officers perform their due diligence reviews of advisors and sub-advisors, they need to make sure the supervisors at those advisors and sub-advisors have the tools and training they need to detect any potential fraud.
The Challenges of Email Review
E-mail review and retention has historically been a difficult issue for the financial services industry due to the sheer number of emails that employees write and the number of platforms in use.
Approximately 145 billion emails are sent worldwide per day, 89 billion of which are business related, according to internet news and information provider Mashable. To make matters more complicated, these emails are sent via the firm's own email system, instant messaging systems (AOL, MSN, Yahoo, etc.), Bloomberg, Blackberries, and more. Last year, FINRA, which regulates broker-dealers including mutual fund and ETF distributors, fined a large distributor of financial products, $7.5 million for 35 instances of email system failures. These failures prevented the distributor from accessing hundreds of millions of emails and reviewing tens of millions of others.
The distributor had recently experienced a period of rapid growth and its email systems failed to keep up. The result-the distributor failed to retain and review 3.5 billion Bloomberg messages and failed to supervise 28 million emails sent and received by thousands of representatives who were operating as independent contractors.
Supervision Is Key
Electronic archiving and compliance systems are excellent tools to help firms stay complaint. These systems have a number of features. They randomly sample each employee's messages, perform "lexicon" searches based on certain keywords or phrases that may signal problematic communications such as "guarantee" or "sure thing," and provide an audit trail of reviews and actions taken related to flagged emails.
However, a recent SEC case brings into light the need to go beyond lexicon searches when performing email review. A large broker-dealer recently agreed to pay $25 million to settle SEC charges that it failed to reasonably supervise its trading desk. The desk was alleged to have misled customers about mortgage-backed security pricing.
The SEC asserted that the firm's electronic communications surveillance did not include Bloomberg group chats where traders communicated much of their misleading pricing information
The SEC also faulted the firm for failing to provide supervisors with the tools to "meaningfully review" electronic communications because the supervisors did not conduct sample pricing testing comparing communicated prices to actual prices. In other words, the firm did not adequately train its supervisors to detect possible misrepresentations to customers.
Without this training, it would be very difficult for supervisors to detect the trading desk's pricing misrepresentations because they were not trained to check a sample of the communications about pricing against actual pricing information.
Final point: Review and retention present challenges for providers throughout the financial services industry. So when you are checking under the hood of your service providers, make sure the supervisors of those providers have the tools and educational training they need to stay compliant.
QUESTIONS CCO SHOULD ASK WHEN ASSESSING AN ADVISOR'S EMAIL REVIEW POLICIES
1. Sample Size: Is the advisor looking at enough emails? The sample size should be large enough that it would be considered "reasonable" by the SEC.
2. Search Results: Does the advisor rely solely on emails flagged by lexicon searches? The advisor should select a certain amount of randomly selected emails to review.
3. Scope of Systems Searched: Is the scope of the review adequate? Many firms have been fined or sanctioned because their electronic surveillance systems omitted certain forms of communications such as Bloomberg group chats.
4. Identification Compliance Risks: Do the policies and procedures adequately account for compliance risks? The policies and procedures should guide supervisors on how to detect possible misrepresentations to customers that can be elevated for further analysis.
5. Training: How does the advisor train its supervisors to perform email review? If you are entrusting supervisors to uncover a "smoking gun," they need to be trained so they have sufficient understanding of the types of "smoking guns" they are looking for to identify them.
