ICAA Asks SEC For E-Mail Guidance
The SEC needs to provide advisers with clear guidance on e-mail retention, production, and surveillance. Ideally, that guidance should be crafted through the rulemaking process, with opportunity for notice and comment, rather than by allowing e-mail policy to be made by SEC examiners. And any policy changes should be applied prospectively, not retroactively.
Those were the major themes of a November 19 letter from the Investment Counsel Association of America to Division of Investment Management director Paul Roye and Office of Compliance Inspections and Examinations director Lori Richards. The letter may be welcomed by many in the industry as providing a needed counterpoint to statements made by SEC staff in recent speeches, as well as offering a valuable perspective to advisers faced with e-mail requests during SEC examinations. "The letter simply reiterates concerns that we’ve been talking about with the SEC — both the Commissioners and the staff — for months," said ICAA executive director David Tittsworth.
In the letter, the ICAA noted that while "the vast majority" of advisers have a genuine desire to be cooperative and compliant regarding e-mails, as a matter of "fundamental fairness" advisers need to be told ahead of time what the ground rules are. Advisers are receiving "unprecedented" inspection requests related to e-mails, and SEC staff even have suggested that advisers have an obligation to surveil e-mails, said the group. "We believe it is unfair to ask investment advisory firms to make major decisions resulting in substantial investments in time and money based on anecdotal reports of SEC staff inspections request and comments," it said. The ICAA noted that one of its larger members reported spending nearly $350,000 in the past year to capture and search e-mails, representing hardware, software, and some labor costs.
Monitoring and surveillance.
The ICAA noted that OCIE staff have suggested that advisers must monitor or review employee e-mail as part of their compliance programs (see "The Latest on E-mails: Part 1 of 2," IM Insight, October 25, 2004). The group took issue with that position, asking the SEC to confirm that advisers are not required by the compliance program rule "or any other law" to monitor or review employees’ e-mails. In fact, the ICAA noted that the rule’s adopting release expressly provides flexibility for advisers to tailor their compliance programs to their firm, and that the compliance program’s policies and procedures must be "reasonably" designed to prevent and detect violations. The ICAA asserted that it may not be "reasonable" for an adviser to rely on e-mail surveillance as a control in the firm’s program. Most advisers, said the group, would be able to sample only a small portion of e-mails, and "the likelihood of detecting violations through e-mail sampling that could not be detected through other means is relatively small and, for many firms, would likely be outweighed by the costs." The ICAA acknowledged, however, that advisers may wish to consider e-mail surveillance as one appropriate way to detect violations.
Does Rule 204-2(a)(7) pick up internal e-mails? Some OCIE staff take the position that it does, whereas many investment management practitioners take the view that it does not. The ICAA noted that the scope of that provision of the Advisers Act books and records rule "remains somewhat murky" and suggested that it "be interpreted consistently with how it has been reasonably construed historically" by practitioners — namely, as not covering internal communications.
Deletion of non-required e-mails.
The ICAA asked the SEC to confirm that as long as an adviser has a reasonable process in place to capture and separate its required e-mails, it may delete non-required e-mails. Put another way, the group asked the SEC to confirm that there are a number of different ways that a firm can ensure that required e-mails are retained, such as requiring employees to undergo "robust, periodic training" on record retention, and that a "gatekeeper system" is not required to review all e-mails before deletion. "[I]t is virtually impossible to prove conclusively that no records have ever been discarded or destroyed," said the ICAA. "We request the staff to provide reassurance that reasonable procedures and processes for record maintenance, if appropriately implemented, are sufficient."
. "Until specifically required by a rule or other formal Commission action," said the ICAA, "advisers should be permitted to produce records to inspection staff in any format or medium." The group noted that some advisers maintain all e-mail on back-up disks, which are not searchable. The ICAA also asked the SEC to clarify that advisers may print out
e-mails and delete the electronic copy in accordance with a systematic destruction policy: "No existing rule has been understood to require that [required e-mails] be maintained electronically rather than on paper."
Overbroad examination requests.
The group noted that the SEC takes the position that it may request any record during an examination (per the authority granted in Advisers Act Section 204). That, they said, does not translate into a right to require that all e-mails must be maintained. The group pointed to a recent deficiency letter that stated that since, under Advisers Act Section 204, all records of an adviser are subject to inspection, advisers are required to maintain all e-mails of their employees. "This," said the ICAA, "is simply an incorrect statement of the law and rules."