In the current regulatory landscape, institutions face heightened scrutiny over text message compliance, especially in light of recent SEC penalties.
A pragmatic first step is to thoroughly assess specific communication needs, review existing channels, and establish robust text messaging policies, including annual employee attestations.
The complexity of compliance escalates with varied devices, apps, and the blending of personal and professional usage. Drawing on our consultancy experience with multiple financial clients, we recommend a structured approach to determine the necessity of additional technological investments.
A well-considered strategy involves crafting precise text messaging policies tailored to different departmental roles and client interaction preferences. These policies should not only receive annual approval during the firm’s Compliance Review but also require digital acknowledgment by all employees, underscored by clear penalties for non-compliance.
To continuously refine these policies, firms should conduct regular assessments through employee questionnaires that cover device usage, preference for self-hosted messaging apps like Rocket.Chat, Chipper or Mattermost, and the potential use of dedicated business lines. For situations where text messages are not automatically captured—such as when a client uses an employee’s personal number—the policy should clearly mandate that texts be forwarded to a work email for archiving and reply via email to ensure compliance and oversight.
Ultimately, it’s essential for employees to understand that all business-related text communications must be documented and retrievable, reinforcing the institution’s commitment to rigorous regulatory compliance and operational integrity.
For law firms seeking to comply with SEC Rule 17a-4 regarding the management and archiving of electronic communications, including text messages, here are the top five considerations:
Preservation of Records #
Ensure that all text communications related to business transactions are preserved in a non-rewriteable, non-erasable format. This typically requires the use of software or services that can capture and store these communications in compliance with the rule’s requirement for a retention period of at least six years.
Accessible and Readable Format #
Maintain all text communications in a format that is easily accessible for examination by regulators. This means that the records should be easily searchable and provided in a format that can be read and reviewed without the need for proprietary technology.
Comprehensive Archiving System #
Implement an archiving system that captures all forms of text communication, including SMS, MMS, and encrypted messaging apps that are used for business communications. This system should ensure that metadata, such as the date, time, and participants in the communication, is also captured and preserved.
Third-Party Downloader Compliance #
If using third-party apps for text communications, it’s crucial to verify that these apps are capable of complying with SEC Rule 17a-4. This includes ensuring that the app can archive communications in the required format and within the necessary time frame.
Regular Audits and Employee Training #
Conduct regular audits to ensure ongoing compliance with the rule, and provide training for all employees on the importance of adhering to the firm’s policies regarding text communications. This includes educating them about the legal implications of non-compliance and the proper procedures for communicating via text in a compliant manner.
By adhering to these points, law firms can help ensure that their use of text messaging complies with SEC Rule 17a-4, mitigating risks and maintaining the integrity of their communications.