Alaric Compliance Alert: Electronic Messaging Industry Sweep
The wired world is a virtual wild west when it comes to electronic messaging in the workplace. Registrants can’t corral all messaging all the time, despite rules and regulations requiring them to implement associated controls.1 For instance, SEC Rule 17a-4 requires firms to archive electronic business communications in non-rewriteable and non-erasable formats for at least three years.
If your firm is examined, regulators will look for a clear schema of your firm’s electronic messaging services and platforms, including employee-owned verses company-provided personal computers and mobile devices. They will also evaluate the types of messages conducted through such devices, including instant message (IM), private or chat messages, text/SMS messages and email.
Examiners will assess the aspects of your firm’s compliance program related to electronic messaging, including audit and testing procedures; archival and retention policies; messaging security and privacy of information; as well as reporting of messaging activity, violations and issues being monitored.
Reviews can be extremely time-consuming if regulators and your staff need to spend days or even weeks combing through messages manually. That’s because, by some estimates, there can be tens of thousands of emails between employees each month, depending on job function and firm size.
It is therefore imperative that registrants engage a qualified service provider that specializes and can assist in organizing, monitoring and archiving messaging across platforms. Their advanced systems search on predefined and firm-specified key word combinations that can send up red flags.
Regulators expect to see a thorough communications plan for managing electronic messages, especially among sensitive staff, such as traders. Real strides have been made using such services to monitor email. But even regulators concede there has yet to emerge a failsafe way to capture and monitor electronic messages through external third-party apps, chat rooms, social media platforms and text.
For this reason, part of an effective electronic communications policy is to prohibit these forms of electronic messaging altogether. Updating and regularly testing your firm’s messaging policies on at least an annual basis with ongoing staff training and certifications will further enforce employee compliance with electronic messaging rules and regulations as they evolve.