This Connected Suite Spotlight Series, is for clients using the Professional Archive, and anyone who is interested in benefits and tips for compliance best practices for financial services.
In the financial services industry, supervision is critical for retention and oversight of electronic communications. All regulated firms must demonstrate to regulators that they are supervising the activities of their associated persons.
FINRA Rules 3110 and 3120 require a firm to establish, maintain, and enforce written procedures to supervise the types of business in which it engages. Firms must also include the activities of its associated persons that are reasonably designed to achieve compliance with applicable securities laws and regulations, and FINRA rules.
SEC Rule 206(4)-7, the so-called Compliance Rule, requires an investment advisory firm to adopt and implement written compliance policies and procedures to detect and prevent compliance violations, perform an annual review, and designate a Chief Compliance Officer (CCO).
Being a compliance officer in today’s highly regulated world does not need to be a daunting task. Implementing a powerful solution with capabilities to capture, search, and review all electronic communications, and with rich policy tools that help accuracy and efficiency of supervision is critical to compliance teams.
Monitoring electronic communications can be incredibly effective to find potential violations of fraud, criminal behavior, undisclosed reportable events – as well as client complaints.
“Failure to meet FINRA and SEC retention and supervision requirements results in serious consequences for firms and their associated persons, including fines and other disciplinary actions.”
Are you getting the most out of the Supervision App in the Connected Suite?
The Supervision App is chock full of capabilities to set up and fine tune your supervision program using pre-defined policies. With the rich policy library in the Connected Archive, firms can easily customize their policies to address common compliance issues and overcome typical risks associated to the volume and complexity of electronic communications used by their organization.
Use this checklist to perform an audit of your supervision processes and determine next steps towards improving your firm’s supervision practice:
- Identify the person responsible for definition and management of the supervision policies.
- Create supervisory policies and procedures for all business-related communications with clients, this includes creating procedures to detect regulatory violations in electronic communications.
- Monitor the accuracy of disclosures made to investors, clients, and regulators, including account statements and advertisements.
- Ensure your team is conducting reviews of the business at least annually, to ensure compliance with applicable rules and laws.
- Conduct “risk-based reviews” of incoming and outgoing written correspondence and internal communications. Reviews must be conducted by a registered principal and evidenced in writing, electronically (such as in the Smarsh Professional Archive), or on paper.
- Create lexicons of search terms that are appropriate for your business. Lexicon policies may even be used to test for situations where advisors provide their personal email addresses, phone numbers, or social media handles. Lexicons can be keyed to identify such phrases as “text me,” “send info to my personal email,” “direct message me on Facebook,” etc.
- Plan your review and determine how much time you will spend on random sampling versus keyword search.
- If review is based on percentage, include the sample size and adhere to that requirement.
- Determine a plan for supervising high-risk individuals who require heightened supervision or multiple layers of review.
- Flag questionable communications for secondary reviewers.
- Use supervision policies to search for client complaints.
- Use supervision policies to search for guarantees of performance.
- Use supervision policies to search for fraudulent activity, insider trading violations.
- When supervising communications and setting supervision policies, use an audit history and keep detailed notes to document reviews.
- Periodically conduct a test of your archiving system to ensure all capture and review functions are working as intended.
It’s imperative that your firm review its formal written electronic communication retention and supervision policies to ensure those policies keep up with the pace of technology. If your firm does not review its policies and procedures on an annual basis, then your firm is not in compliance with SEC and FINRA regulations.
We also recommend that firms update their policies to include often-overlooked (but extremely popular) forms of electronic communications, including collaboration platform content, instant messages, text messaging, social media posts, email marketing, and more. It’s important to note that simply forbidding these communication channels in a policy isn’t sufficient to protect against recordkeeping rules violations. As we have seen, regulators may fine or suspend a firm and/or advisor if they discover an advisor uses a communications channel that isn’t archived by their firm.
In this Connected Suite blog series for our clients, we will be publishing more tips with checklists for creating supervision policies and procedures, how to manage and make your review queues incredibly efficient, and providing more information about data retention rules and storage requirements of the SEC.
To learn more about Professional Services offered for Supervision, such as Health Checks, Assisted Review, and Policy Tuning – visit the following pages to see data sheets or to ask questions: