Although texting and messaging apps can lead to compliance risks, firms in the advisory industry should not give up on these tools but instead face the challenges head on, according to lawyers.
“Our message today is not that you should do everything in your power to ensure that your employees are not texting or that you should throw up your hands and say there is nothing you can do to minimize the risk of texting and messaging,” Shannon Capone Kirk, e-discovery counsel at law firm Ropes & Gray, said this week at the Securities Industry and Financial Markets Association’s Compliance and Legal Virtual Forum.
“Rather, we think that there are practical, common-sense approaches to complying with record retention obligations and that the worst thing to do is to bury our heads in the sand on what the issues are and what the regulators are seeing,” she added.
The Securities and Exchange Commission requires firms to preserve electronically stored records in a non-rewriteable, non-erasable format, commonly known as the write once read many — or WORM — format.
Advisory firms still largely bar the use of text messaging despite persistent pressure from employees, according to electronic archiving provider Smarsh. Around 43% of the 111 respondents from broker-dealers and registered investment advisor firms said they want to be able to use text messaging for business, according to survey findings released by Smarsh earlier this year. But 51% of the respondents said text messaging is the greatest compliance risk among communication channels.
Meanwhile, Lisa Bebchick, a partner in the litigation and enforcement practice group at Ropes & Gray, said regulators often do not distinguish between messaging apps such as WhatsApp and traditional short message services or multi-media messaging services.
“While we think it’s important to understand the difference, it is also good to be mindful that regulators seemingly treat the two as interchangeable and while there are technological capabilities associated with each, they’re not necessarily viewed that way by the regulators,” Bebchick said at the conference.
Under the SEC’s books and records rule, “whether a firm must retain a particular communication depends on the content of that communication, not the specific device or application that is used to transmit the communication,” Bebchick said.
No matter how “informal the communication” and even “if it’s made on a personal device,” the message “may fall within a broker-dealer’s retention obligations” if it concerns a business topic, she added.
No gray area
Firms must have a clear policy about the use of messaging apps used for business purposes, Ropes & Gray’s Kirk said.
“When we’re talking about messaging apps and text messaging, the better policies that I’ve seen of late have very clear, binary language. It’s written in layperson, it’s very direct and it essentially says, ‘You are permitted to use this, and you are not permitted to use this.’ Then it will give some examples of what works in that environment, what is permitted and what is not,” Kirk said.
“If you allow for a policy that has that gray area, there could be non-compliance. It’s really difficult to enforce when it’s not black-and-white and binary,” she added.
Kirk went on to say that firms should use software to oversee business-related messaging.
“In general, we recommend that policies provide that business-related communications should exclusively occur on approved devices that are installed with something called mobile device management, or MDM, software. At a high level, this software can allow a company to monitor app usage and may help retain employee communications,” Kirk said.
The policies will result in greater compliance and create a record of the controls the companies have put in place, according to Kirk.
Among the potential policies, firms should consider limiting the use of text and messaging apps to employees who have a demonstrated business need for them, Kirk said. Firms should also determine the specific permissible content, she added.
Kirk believes firms should “specifically prohibit ephemeral messaging apps,” such as Snapchat.
Once they have established a policy, firms should also train employees about the policy, Kirk said. Such training is required by the Financial Industry Regulatory Authority, she noted.
Back in October, the SEC fined broker-dealer JonesTrading Institutional Services $100,000 over its alleged failure to preserve business-related text messages sent by its registered representatives. The issues occurred even if JonesTrading had policies barred the use of texts to conduct business, according to the SEC.
Do you have a news tip you’d like to share with FA-IQ? Email us at firstname.lastname@example.org.