SEC Highlights Risks of Unapproved Communications via Mobile Apps

In a recent article, we discussed the increasing importance for private fund managers (and other types of investment advisers) to more effectively track, archive, and surveil their employees’ business-related communications across all mobile apps being utilized. In the article, we included several practical tips about how private fund managers can manage business and reputational risks in this fast-evolving area of SEC scrutiny. Around the time we published the article, the SEC took one of its first (if not the first) enforcement actions against a private fund manager and its founder for various alleged failures in this area, as discussed below in greater detail. This enforcement action, which involved the SEC stipulating a comprehensive corrective-action plan, highlights why managing risk in this area through comprehensive and cutting-edge regulatory technology (RegTech) software tools, like ACA’s e-comms surveillance software, is no longer an optional best practice.

SEC allegations

The SEC alleged that even though the private fund manager’s compliance manual restricted business communications to firm-provided email accounts and certain messaging platforms (like Microsoft Teams and Bloomberg Chat), multiple personnel of the private fund manager (including its founder) communicated via various mobile apps on personal devices (such as iMessage and WhatsApp) that were neither authorized nor archived. These communications included recommendations and advice made or proposed for clients, the movement of client funds, and securities sale and purchase orders.

The SEC further alleged that the restrictions in its compliance manual relating to permissible business communication channels (and related record-keeping requirements under the Investment Advisers Act) were not enforced. Additionally, the SEC alleged that by not updating its compliance manual to permit and archive business communications through the above-mentioned additional channels, the fund manager violated the Adviser’s Act’s requirement to adopt and implement an adequately tailored compliance program. Further, apart from not producing any text messages in response to a SEC staff’s investigative subpoena, before the fund manager was made aware of the SEC investigation, the founder, on multiple occasions, allegedly instructed at least one officer of the fund manager to delete all text messages.

SEC-Stipulated Corrective Action Plan

Perhaps even more noteworthy than the SEC’s allegations is the corrective action plan that the fund manager and its founder had to agree to. This corrective action plan (described below) along with the practical takeaways in our recent blog should provide private fund managers solid actionable takaeways to better manage risks in this area.

Under the SEC mandated corrective action plan, the private fund manager is required to retain an independent compliance consulting firm to assist it with the following tasks:

• A review of the private fund manager’s surveillance, compliance, and archiving policies and procedures (and training provided to employees) designed to ensure that its electronic communications, including those conducted via mobile apps on personal devices, are conducted in accordance with applicable regulatory requirements.
• A review of employee certifications of compliance with the foregoing policies and procedures to ensure these are being submitted quarterly.
• An assessment of the technological solutions that the private fund manager has begun implementing to assist with the above tasks, including an assessment of the likelihood that employees will use such technological solutions going forward and a review of the measures employed by the private fund manager to track employee usage of new technological solutions.
• A review of the private fund manager’s electronic communications reviews to ensure they are covering business communications sent via mobile apps.
• An assessment of the steps taken by the private fund manager to prevent the use of unauthorized communications channels for business communications.
• A review of the framework adopted by the private fund manager to address instances of non-compliance by employees with the foregoing policies and procedures. This review should include corrective action taken in instances of non-compliance, an evaluation of who violated policies and why, what penalties (if any) were imposed, and whether penalties were handed out consistently across business lines and seniority levels.

How we help

Employees’ increasing use of electronic platforms like Teams, Zoom, Slack, WhatsApp, and WeChat to communicate with colleagues and clients can lead to increased conduct risks at your firm. We have multiple options to help your firm detect and mitigate these risks effectively and efficiently to protect your business.

Technology: ACA’s eComms Surveillance Solution is an integrated natural language processing surveillance and investigations platform that ingests eComms, messaging, mobile traffic, and voice calls to provide firms with a complete view of potential high-risk activities and behavior across their organization. By reducing false positives and delivering more precise, meaningful alerts, our solution increases the effectiveness and efficiency of an eComms surveillance operation while reducing the time needed for teams to review electronic and voice communications. Our intuitive interface allows end users to focus on reviewing results and addressing risks.

Managed Services: We specialize in conducting risk-based reviews of eComms to help firms meet their regulatory obligations and assist with identifying the effectiveness of existing trainings, policies, and procedures. Analysts conduct eComms reviews at a determined regular cadence via Boolean methodology and our proprietary lexicon in any archival platform our clients utilize. This service is suitable for all archived messaging platforms and can include email, messaging, and voice recording reviews.

Clients looking for the optimal best practice and investment in risk mitigation will benefit further with our combined managed services and eComms Surveillance RegTech Solution in our ACA ComplianceAlpha^® platform.

Questions?

If you have any questions or would like to discuss how ACA can help your firm strengthen its surveillance program, increase efficiencies through technology, and ensure that your regulatory obligations are met, please reach out to your ACA consultant or contact us here.

Download our Private Markets Quarterly Update

This is just one of many insightful articles included in our Private Markets Quarterly Update Q3 2022. Download the full newsletter to learn about:  

• New Marketing Rule Performance Net Return Calculation Methodologies 
• The SEC’s New Marketing Rule – Challenges for Real Estate Advisers  Proposed Amendments To Form PF (Round 2) – What Private Markets Fund Managers Should be Aware Of 
• Task Force on Climate-Related Financial Disclosures Quick Reference Guide 
• ACA Group Acquires Data Specialist Ethos ESG to Offer First Data Analytics Product 
• SEC’s Continued Focus on Valuations - Risk Management & Investment Processes 
• Other Notable Recent Enforcement Actions 
• Regulatory Changes in the UK Could Present Promising Opportunities for Private Markets Emerging Managers 
• A Brief Primer on Co-investments 
• Exempt Reporting Advisers – Why Building and Maintaining Robust Compliance Programs Has Become Increasingly Important 
• Emerging Threats in the Cyber Landscape

Download the newsletter