While the convenience of communicating through electronic messaging is undeniable, also irrefutable are the regulatory and legal risks posed to investment advisers, particularly when their employees use unapproved electronic messaging platforms. Compliance officers must walk a fine line between adopting policies and controls adequately tailored to mitigate the relevant risks posed by electronic communications and imposing overly restrictive measures that would hamper employees’ ability to efficiently and productively conduct business. This final article in our three-part series examines six core components that advisers should consider including in their electronic communication policies, taking into account the records requested in the “Information Request List” (Request List) purportedly being used by the SEC in connection with electronic communication-focused examinations of investment advisers, as well as six steps that advisers can take to proactively prepare for future scrutiny. The first article
provided background on sweep exams, with particular focus on the ostensible electronic messaging exam and the potential drivers of SEC focus in this area. The second article
explored the various components of the Request List and analyzed the implications and consequences of certain requests. For more on designing risk-based policies and procedures, see “Will Inadequate Policies and Procedures Be the Next Major Focus for SEC Enforcement Actions?
” (Nov. 30, 2017); “General Insider Trading Policies and Procedures May Be Insufficient for Hedge Fund Managers to Avert SEC Enforcement Action
” (Nov. 3, 2016); and “Investment Adviser Penalized for Weak Cyber Policies; OCIE Issues Investor Alert
” (Oct. 1, 2015).