Compliance may not be fun, but it can be easy. By investing the time now to set up a flexible and adaptive compliance system, you can save your team time and trouble in the future. Here are a few best practices to consider when establishing and maintaining your electronic recordkeeping compliance system.
It All Starts with the Manual
When it comes to keeping you and your firm compliant with SEC and FINRA regulations around recordkeeping, everything should start and end with your compliance manual. Documenting your compliance rules and practices has several advantages. When your rules are documented, you reduce confusion and you have a source of truth that employees can turn to when they have any questions or concerns. Having a compliance manual and conducting periodic training helps maintain accountability.
The first step is to ensure that employees are clear on which communication channels are approved and which are not approved. All known communication channels should fall into one bucket or the other – there shouldn’t be any communication channels that don’t appear on your list. If you ban WhatsApp, don’t assume that your employees will extrapolate that ban and apply it to Signal and Telegram. If you allow Twitter, make sure you have a clear policy on Mastadon as well.
Data Retention & Storage
In most cases your data will need to be stored for 5 years if you are a Registered Investment Advisor and the first two years in an easily accessible place (“easily accessible place” is vague, but electronic storage that can be easily searched, indexed, filtered, and reviewed is recommended). All written communications from both current AND prospective clients must be archived, so that includes any advertisements (email marketing, social media marketing, flyers, etc).
Test Your Systems
It’s not enough just to have compliance systems and processes in place, you need to ensure that the systems are capturing all expected client communications and that employees aren’t communicating outside of these channels. Schedule a time every month to log into your archiving system and make sure that it is capturing all of the information you are expecting – any changes to your website, all of your social media posts, any text messages and all of your emails. Test your reporting system to make sure it is capturing all of your reviews.
Review and Audit
Set a specific percentage of client communications that you randomly review (this percentage might vary by firm size, but aim for at least 10%), and be sure to review any flagged communications. Your compliance system should flag potentially non-compliant words in your communications, words like “guarantee” or “promise.” Schedule semi-annual practice audits so that you are ready for the real event.
Be honest about shortcomings!
SEC Chair Gary Gensler said, “If you mess up – and people do mess up sometimes – come in and talk to us, cooperate with our investigation, and remediate your misconduct.” The SEC has been true to their word, offering reduced fines (or even no fines) for companies that self-report and cooperate with the SEC on investigations.
Compliance Starts at the Top
Compliance is everyone’s responsibility. From interns to senior managers, everyone who is communicating with clients has a responsibility to archive their conversations. When leaders in your firm set a good example, it’s much easier for others to follow. By following compliance rules and admitting when there are shortcomings, you create a culture of honesty and accountability.
Compliance Starts Now
Start now! If you are overwhelmed and not sure how to get started, trust us, it’s much easier to start now and store messages now than it will be 6 months from trying to track down old messages.
To learn more visit, presults.com.
Contributor – Anne Harris, Head of Marketing, Presults