By Cory Roberson, Principal at RIA Review and RIA Consults
Industry shift
towards Electronic storage (ESIGN Act)
Transitions
in cloud data storage and electronic recordkeeping formatting was a dominant technology
trend that influenced the practices of investment firms in the early 2000s. With the passing of the ESIGN Act in 2000, the
SEC created a series of rule amendments to determine its application for
investment advisors, broker-dealers, mutual funds, and business development
companies.
What is electronic
recordkeeping?
According
to Rule 204-2 and similar state rules, electronic recordkeeping is defined as
books and records that are converted into the following:
Formats: Micrographic media, including microfilm,
microfiche, or any similar medium; or electronic storage media, including any
digital storage medium or system that meets the terms of this section.
Types: Micrographic and electronic storage (e.g. cloud,
servers, etc.).
SEC Rulemaking
Below
is a summary of electronic recordkeeping policies based on firm types.
Rules 31a-2 (investment company
act) – applies to mutual funds and business development companies - https://www.sec.gov/rules/final/ic-24991.htm
Rule 204-2 amendment (investment
advisory act) – applies to advisors -
https://www.sec.gov/rules/final/ic-24991.htm
Rule
17a-4(f) (securities exchange act) – applies to broker-dealers -
https://www.sec.gov/rules/interp/34-44238.htm
NASAA and State Securities
interpretations
On
many occasions, there is a lag time between rules passed down from SEC to state
level. Many states will either choose to
adopt broad sweeping SEC rules at time of its enactment or wait a period of
time. We encourage firms to check with
their applicable state securities jurisdictions for guidance into electronic
recordkeeping policies.
NASAA weighs in---On May 2017, the
NASAA recently issued a general policy on the use of electronic recordkeeping
and offering documents. http://nasaa.cdn.s3.amazonaws.com/wp-content/uploads/2017/05/Electronic-Offering-Documents-and-Electronic-Signatures-Statement-of-Policy.pdf
Using electronic
storage to solve gaps and prevent fines
Simply
put, electronic recordkeeping is designed to mitigates the regulatory risks of
lost paper trails amongst firms. In
2006, U.S. investment bank Morgan Stanley was fined $15 million to resolve an
investigation by U.S. regulators into its failure to retain e-mail messages,
according to a regulatory filing.
For
Rule 17a-4 compliance, there are a
number of email-archiving compliance providers that provide automated retention
and maintenance of outside of traditional electronic storage capabilities.
Our
compliance software, RIA Review provides paid users with secure cloud storage
capabilities powered by Google Cloud Platform.
Click Here if interested in our Compliance Management software
Trends towards moving
from paper to electronic formats
Six
years ago, we noticed that many of our state-registered advisory clients
continued to store their records in paper format. Since then, we’ve seen a positive shift
towards electronic recordkeeping as either a firm’s primary or alternative
method for storing sensitive documentation.
Converting
from paper to electronic format can be a laborious process. Typically, the process involves going through
a lot of client files, scanning documentation, and sorting out records onto a
cloud-based storage solution. Amongst
our client base, we witnessed the process taking anywhere from a few months to
over a year to complete. Outsourced services are available to assist with
scanning or sorting of paperwork, but this method can be cost prohibitive for
smaller firms.
Types of Books and
Records that can be converted to electronic formats includes:
Cash
Journals
(i.e. a journal or journals, including cash receipts and disbursement records)
General and subsidiary ledgers (or other comparable records) reflecting asset, liability, reserve,
capital, income and expense accounts.Check books, bank statements, cancelled checks and cash reconciliations of the investment adviser.
Bills or statements (or copies thereof), paid or unpaid, relating to the business of the investment adviser as such.
Trade Blotter (i.e. for the purchase or sale of any security, instructions from any client concerning the purchase, sale, receipt or delivery of a particular security, and modifications/cancellations).
Trial balances, financial statements that are prepared in accordance with generally accepted accounting principles.
Written communications (original/copies) received and sent by such investment adviser relating to
Copies all written agreements (or copies thereof) entered into by the investment adviser with any client or otherwise relating to the business of such investment adviser as such (i.e. discretionary, non-discretionary authority).
Copies of notices, circular, advertisement, newspaper article, investment letter, bulletin or other communication, including those transmitted by electronic media, recommending the purchase or sale of a specific security, which the investment adviser circulates or distributes, directly or indirectly, to 10 or more persons and if such notice, circular, advertisement, newspaper article, investment letter, bulletin or other communication does not state the reasons for such recommendation, a memorandum of the investment adviser indicating the reasons.
A record of every transaction in a security in which the investment adviser or any advisory representative (as hereinafter defined) of such investment adviser has, or by reason of such transaction acquires a covered security (personal securities transactions report quarterly).
Best Practices, Security
& Risks
With
the recent series of disasters from hurricanes in Texas, Florida, and Puerto
Rico to fires in North and Southern California, we highlight the importance of
maintaining an electronic storage system for recordkeeping.
Lastly,
firms should note that electronic recordkeeping is not a solution to all
risks. Data Hacks, stolen laptops, compromised
passwords, or social media are a few additional issues that can occur when
using electronic recordkeeping methods.
Firms
can check out our blog on IT/cybersecurity best practices here: http://www.mycomplianceblog.com/2017/11/advisor-prep-for-data-hacks-and.html
Email us at:
cory@riareview.com or call us at: 650-305-2688.
Compliance and Business Management
FIN Compliance (FINCompliance.io) is a
consortium of compliance services including: RIA Consults-Roberson Consults
Group, a compliance consulting firm, RIA Review, a compliance-management
software tool (SaaS), B-D Review, a RIA/Broker-Dealer compliance management
software tool, and FINLancer is a business
management portal featuring: E-signature tools; Invoicing integration,
Vendor Directory, continuity directory*, business client document portal, and
more (available by Q3 2019). Access all services
on one site: FINCompliance.io.
Impact
FIN Missions (FINmissions.com) provides business support group
sessions for other entrepreneurs. In addition, Cory has volunteered
for more than fifteen youth programs in locations such as like S. Korea, China,
S. Africa, Thailand, and India.
No comments:
Post a Comment