Gohlke on E-mails
Itís okay to delete spam.
SEC examiners want to see all retained e-mails promptly, even if they arenít required records (assuming they arenít privileged).
And e-mail policies and procedures should be within the scope of an adviserís compliance program.
So said Gene Gohlke, associate director in the SECís Office of Compliance Inspections and Examinations, in an August 11 "webinar" sponsored by the National Society of Compliance Professionals. The webinar, which was moderated by Bingham McCutchen partner Jeff Himstreet, was closed to the press. This article is based on conversations with several participants on the call.
Gohlke said that he is "hopeful" that the Commission or SEC staff will issue an interpretative bulletin or other guidance laying out the SECís or staffís expectations with respect to the capture, retention, and production of information on e-mail. Later, however, he couched his optimism, saying that if interpretative guidance is not issued, "prudent" advisers should nonetheless focus on e-mail issues, perhaps by availing themselves of industry conferences to get a sense of what regulators expect.
Itís clear that Gohlke and others in OCIE would like the Commission or Division of Investment Management staff to provide some sort of guidance on advisersí e-mail obligations. As would some in the industry: In May, the ICAA met with Gohlke, along with OCIE director Lori Richards, chief counsel John Walsh, and Division of Investment Management chief counsel Douglas Scheidt to discuss e-mail issues. The group also raised the subject of e-mails in meetings last month with Commissioners Cynthia Glassman, Harvey Goldschmid, Paul Atkins, and Roel Campos.
And there is some movement. A staff attorney in the Divisionís chief counselís office has been assigned to work on the guidance. By one estimate, the guidance might be released as soon as the end of this year.
Or it might not. IM Insight also is hearing that the issue is on somewhat of a back burner within the Division, with matters such as hedge funds, soft dollars, and even the ADV taking precedence. Moreover, the news that a staff attorney has been assigned to the project should be tempered with the knowledge that many staff attorneys are assigned to projects that take years to come to fruition, if at all.
In contrast, e-mails clearly are a front-burner issue in examinations. IM Insight has heard that in a recent exam conducted by the SECís New York office, an examiner spent two full days, out of an eight or nine day exam, reviewing e-mails one by one.
Until any official e-mail guidance makes its way out of the SEC, hereís the latest word from Gohlke.
The golden rule: If information is required to be maintained under the Advisers Act books and records rule, it must be maintained, regardless of the media. This point was emphasized repeatedly by Gohlke during the webinar. The test for whether a particular e-mail must be kept: if it existed in paper, would it be covered by the Advisers Act books and records rule?
Of course, itís not always that simple.
Take, for example, internal communications, which pre-e-mail were rarely memorialized in paper but now are commonly transmitted via e-mail. Himstreet asked Gohlke whether internal e-mails, such as those between a trader and a portfolio manager, must be kept. Gohlkeís response: "The rule doesnít address this specifically." In his view, however, if the communication is material to an investment decision or is addressed in another aspect of the books and records rule, it may need to be maintained. "You can get there under the rule," said Gohlke.
As a best practice, it might make sense to keep internal e-mails. However, if challenged on this point retroactively, keep in mind that there are legal arguments to be made that advisers, unlike their broker-dealer counterparts, are generally not required to keep internal communications under Rule 204-2(a)(7)(although internal e-mails may fall into one of the specified categories in the rule).
Speaking of Rule 204-2(a)(7): the webinar panelists noted that that section requires advisers to keep the following communications, regardless of whether they are "sent" or "received": communications that (1) contain recommendations or advice; (2) discuss any receipt, disbursement or delivery of funds or securities; or (3) discuss the placing or execution of purchase or sell order for any security. The rule states that advisers donít have to keep unsolicited market letters and similar communications of general public distribution not prepared by or for the adviser, and specifies how an adviser should keep information on marketing materials sent to lists.
Gohlke confirmed that communications received by an adviser, such as a complaint e-mailed in by a client or a communication discussing a transaction e-mailed in by a service providers, must be kept if they relate to investment recommendations or transactions, etc.
Another thorny issue: instant messaging. Is it akin to a phone call? An e-mail? Not surprisingly, Gohlke said that in his view, instant messages should be treated like e-mails. Gohlke noted that instant messages are written communications, and did not seem sympathetic to the telephone analogy argument. He urged advisers to make sure their vendors or e-mail retention software capture instant messages (which they increasingly do). Gohlke also expressed the view that if an adviser tape records its conversations or meetings, the staff is entitled to review those records like any other record maintained by the adviser.
Gohlke confirmed that spam does not need to be kept. He warned advisers that use spam filters to be diligent and test to make sure that only spam is being deleted.
Himstreet noted that the burden is on an adviser that deletes e-mails to demonstrate that only non-required information has been purged. As a result, he noted, many advisers find it is more cost effective to save all e-mails.
Gohlke noted that thereís no WORM (write-once, read-many) requirement for advisersí electronic records, as is the case for brokersí records. But, he added, records should be maintained in a way that is suitable for the business. He referenced paragraph (g) of the Advisers Act books and records rule, which requires that advisers establish and maintain procedures to reasonably safeguard electronic records from loss, alteration, or destruction, and to limit access to the records to properly authorized personnel and the SEC staff.
Himstreet noted that unlike broker-dealers, advisers are not specifically required to conduct a pre-use or post-use review of e-mail communications. He added that the SEC staff has indicated that as part of an adviserís supervisory obligations, the adviser would be required to review communications, including e-mail communications, and as such should periodically search and review e-mails.
Turning to the examination context, Gohlke reported that OCIE is approaching e-mails in two ways. First, at the beginning of an exam, the staff will make an upfront request for a "limited number" of senior officersí e-mails, asking for one to two monthsí worth of e-mails for each individual. Gohlke explained that these e-mails allow examiners to assess the firmís compliance culture and understand what types of business relationships (legitimate or not) are being negotiated. He noted that some of these business relationships may not otherwise be memorialized in any other type of requested record. Second, he said, examiners will make subsequent requests later in the exam, as specific focus areas are identified.
But donít take that one to two month lookback to the bank. IM Insight was told of an adviser exam earlier this month where examiners asked for the past yearís worth of e-mails for certain individuals.
What if examiners ask for an e-mail and the adviser has difficulty providing it? Gohlke said that the staff will expect to see the adviser make a good faith effort to produce requested records, regardless of whether the record is a required record or one that was maintained even though not explicitly required. "If you have maintained the record, we do expect it promptly," he said.
Gohlke urged advisers to let the staff know whether a hold up is due to technological difficulties or because e-mails are being reviewed for privilege. Himstreet agreed, emphasizing the importance of managing the staffís expectations and maintaining good communications with the staff. Speaking of privilege, Gohlke said that the staff will expect to see a privilege log when privilege is asserted.
What about accessibility? Can a firmís e-mails be stored in a server in Canada? With a geographically- distant third party vendor? "Thereís no reason why not," said Gohlke, as long as e-mails can be produced promptly. He noted that a "responsible adviser" should be testing their e-mail retention systems to ensure responsiveness. He added that advisers should perform due diligence on their e-mail vendors to make sure they have adequate business continuity procedures of their own and can safeguard retained e-mails.