Email Compliance 201

liveofficeLiveOffice presented a webinar on records management issues related to electronic correspondence and archiving. (I missed the Email Compliance 101 session.)

First up was  Christina Rovira, Legal Compliance Advisor at CoreCompliance & Legal Services, Inc. She pointed out that SEC and FINRA require investment advisers and broker-dealers to supervise the business activities of their representatives. There is a fiduciary duty to act in the best interest of the client.

FINRA Rule 3010 requires written supervisory procedures including an annual internal audit. This audit includes a review of correspondence (that means email too). Securities Exchange Act of 1934 Section 17a3 & 17a-4 sets standards for retention. FINRA Rule 07-59 (.pdf) addresses the supervision of electronic communications. Investment Advisers are covered under Rule 204-2 with a laundry list of requirements.

The rules are largely risk-based. So you need to focus on new hires and others under closer supervision. In reviewing the communications you want to develop a search lexicon to try to identify issues in the electronic communication. You also want to make sure you exclude privileged attorney-client documents/correspondence. It may be better to store those is a separate repository. They also emphasized that you need to search the text of the attachments as well as the email itself. Attachments generally have more problems.

What to look for?:

  • discussions of performance without disclosure
  • inclusion of testimonials
  • predictions and projections
  • references to past specific recommendations
  • unbalance discussions of risk/reward
  • disclosure of confidential client information
  • breaches of privacy policy

Archiving functionality is key. You need to be sure that you cannot modify or delete email in the archive.

Privacy is hot button right now. Regulation S-P promulgated under section 504 of the Gramm-Leach-Bliley Act implements notice requirements and restrictions on a financial institution’s ability to disclose nonpublic personal information about consumers. State laws are going further. There is California’s SB1 Financial Information Privacy Act and the Massachusetts has 201 CMR 17.00. That means you need to look for social security numbers, drivers’ license numbers, new account forms and client specific information.

They turned to conflicts of interest and insider trading issues. For example, you should focus on communications between the research desks and trader desks.

The panel also pointed out that you need to look as the communication tools to see whether you can capture the communication. If you can’t capture it, then they cannot use. You must affirmatively prohibit the use of the tool. For example, some social networking sites are a problem. A Blackberry is okay as long as you route it through the company’s email and capture the email in the archive.

R. Anthony Seyboth moved on to give the sales pitch for LiveOffice.