5 Keys to a Texting Policy That Will Stand Up to SEC Scrutiny

 
 
 

What You Need to Know

  • The SEC is increasingly scrutinizing firms’ policies and procedures regarding personal device communications and penalizing them when they fail to implement a policy or fail to enforce an existing policy..

  • Policies and procedures are only effective if they are followed, including ongoing monitoring and reinforcement.

  • Maintain regular ongoing records of doing so, and that you have addressed any corresponding content concerns.

Do you have employees who text clients for business-related purposes? You say no, but are you sure?

Securities and Exchange Commission regulators are inquiring about firms’ corresponding policies and procedures and penalizing them (via enforcement actions with fines) when they fail to implement a policy or fail to enforce an existing policy.

This is a very important issue that must be recognized and addressed by the entire financial services industry, and, once implemented, it should be monitored and enforced thereafter on an ongoing basis.

How do you best address it? Beware: There is no perfect solution! 

We have reviewed the recent SEC enforcement matters regarding the use of personal mobile devices. The applicable RIA firms were “charged with violating certain recordkeeping provisions of the Investment Advisers [Act] of 1940 and with failing reasonably to supervise with a view to preventing and detecting those violations.”

The SEC further stated that “the firms also agreed to retain compliance consultants to, among other things, conduct comprehensive reviews of their policies and procedures relating to the retention of electronic communications found on personal devices and their respective frameworks for addressing non-compliance by their employees with those policies and procedures.”

Although your firm’s policies and procedures manual may have previously addressed the use of personal email, texting and social media relative to business-related matters, they must be reviewed and enhanced (including a strongly recommended initial and annual execution of a corresponding acknowledgment by each employee) to further address recent SEC scrutiny.

However, policies and procedures are only effective if they are followed via these actions:

1. Address the use of personal devices with all employees and independent contractor reps periodically (no less than during the annual compliance meeting/training); thus, a corresponding written meeting agenda item and sign-in sheet should be executed by each employee, and retained by the firm; 

2. If the firm holds regular meetings of all staff, the use of personal devices should be an ongoing agenda item (and be sure to keep a copy of the agenda); 

3. All employees and independent contractor reps should sign the corresponding applicable standard acknowledgment form (stating that texting is prohibited, with express limited exceptions) upon inception of employment and no less than annually thereafter (quarterly forms should be encouraged, based upon the recent SEC scrutiny); 

4. If the firm, upon prior written approval, permits texting via use of a firm-provided app installed on the employee’s/rep’s personal device (thereby permitting ongoing firm monitoring of such communications), then a corresponding different acknowledgment reflecting the same should be used; and, 

5. If the firm, upon prior written approval, permits texting via the use of a firm-provided device (thereby permitting ongoing firm monitoring of such communications), then a corresponding acknowledgment should be used. 

Remember, as indicated above, policies and procedures are only effective if they are followed, including ongoing reinforcement of the firm’s policies (per the meetings and corresponding agendas referenced above). Permitting ongoing monitoring is only effective if you can demonstrate that actual monitoring has occurred in the same manner as the firm performs ongoing email monitoring. Maintain regular ongoing (recommended monthly) records of doing so, and that you have addressed any corresponding content concerns. 

A Caveat

Regardless of your policies and procedures, don’t be surprised if a regulator asks you to prove a negative: “How do you know that your employee is not texting?” or if he/she is using an app, “How do you know that your employee is only using the approved app?”

Thus, implement, educate and follow the policies and procedures outlined above, and investigate and document any and all instances of actual or perceived violations or red flags.