Forum: Email monitoring a compliance necessity

Regularly scanning employees’ emails to detect rule violations is a sensitive, albeit necessary, exercise for compliance officers, delegates heard at the PEI Private Fund Compliance Forum in New York.

There may be no specific requirement or rule for registered investment advisers to monitor employees’ and partners’ email activity, but not doing so would likely result in a deficiency mark during an exam from the US Securities and Exchange Commission, one private funds lawyer told delegates at the fourth annual PEI Private Fund Compliance Forum in New York City on Wednesday. 

Throughout the two day conference delegates shared guidance on how to handle the sensitive issues that can arise from reading their colleagues’ emails. 

“New hires are specifically told email monitoring is part of the firm’s policy, but that doesn’t always lead them to be diligent about what they write or who they send it to,” said one chief compliance officer in attendance. “It isn’t until I have to bring the individual in my office to discuss one of their emails that triggered a compliance issue that it sinks in.” 

It isn’t until I have to bring the individual in my office to discuss one of their emails that triggered a compliance issue that it sinks in

The compliance officer noted that the reprimanded employee is usually quick to share the experience with others at the firm, leading to a greater awareness that email activity is an area subject to compliance oversight.

A second compliance officer told delegates that emails should be monitored on a regular basis, with her firm conducting a search for specific key words once every two weeks, as well as conducting targeted reviews on a more as needed basis. 

“We search ‘tickets’ for example to conjure any emails that might raise issues related to our rules on giving gifts and entertainment.”

During sideline conversations multiple compliance officers noted they do not allow staff to use personal emails (such as a Google managed Gmail account) while at work. “And if they do, I remind them that it opens their personal emails to my review, which they wouldn’t want for privacy reasons,” said one chief compliance officer in attendance. 

One challenge stemming from email monitoring is how to determine which issues should be brought to the attention of senior management, delegates heard during an onstage panel touching on the issue. During the panel, one compliance chief said she discovered an employee circulating his resume, but preserved his privacy on the matter as it was not a compliance-related issue. 

“It’s important employees know that emails are only being seen by a small circle of compliance staff, and not by senior management for whatever purpose,” the compliance chief said. However certain gray areas exist, such as when an employee regularly uses profane language or other offensive communication. The compliance chief said senior management asked her to include a list of profane words and phrases to include as part of her regular keyword search of emails, and flag any obscene behavior that could be a reputational risk for the firm.