With the holiday period upon us, you’re likely to be fidgeting with your mobile device, catching up on news, sending text messages and checking in on LinkedIn or email. You may even be posting in the family WhatsApp group.
Before sending out that missive on social media or replying to that email, read the Securities and Exchange Commission’s latest risk alert about electronic messaging.
The December 14 alert focuses on registered investment advisors’ use of electronic messaging, excluding work email, for business-related communications. It reminds advisors of their obligations when employees use electronic devices for messaging and suggests ways firms can improve their systems, policies and procedures. Based on the Office of Compliance, Inspections and Examinations’ work, examples of best practice included prohibiting the use of personal social media for business purposes, setting up automated alerts when either the name of an employee or the advisor appears on a website, and ensuring access to work email servers is protected by virtual private networks (VPNs).
The use of third-party apps could also be a cyber-risk, putting confidential information in the hands of criminals who would exploit that to their financial advantage, be it by blackmailing employees or profiting from trading the information. Compliance officers, take note.
In private, compliance officers tell us this is already on their radar screen. One executive at a mid-market firm told me that for official work-related duties, his firm’s employees are asked to keep correspondence limited to the firm’s email system, which he can monitor. That means avoiding the use of text messaging services like WhatsApp to discuss deals, or posting personal information about other employees on Facebook or Instagram.
With the proliferation of social media and mobile devices, it can be challenging to monitor every employee’s use of social media or instant messaging. But it’s a message that the SEC wants to get across. One of the more draconian measures suggested by the OCIE was for firms to establish an internal program that allows employees to report concerns about colleagues’ use of electronic messaging or social media for business communications.
Law firm Fried Frank wrote in a note that the alert “could serve to signal the industry that the SEC is unlikely to be lenient in future enforcement cases regarding compliance with these rules with respect to electronic messaging.”
Message received and understood.
Write to the author: firstname.lastname@example.org.