6 MIN READ
Compliance. Of all the hats you wear as the owner of an RIA, Chief Compliance Officer (CCO) is probably your least favorite. Keeping track of what you need to do on a yearly, monthly, weekly, and daily basis can be a little overwhelming, to say the least. And, on top of other compliance activities you need to complete and track, you also need to archive all your communications. Sigh.
This archiving, or books and records, requirement comes from SEC 17a-4, which lays out recordkeeping requirements. (For some fun weekend reading, dive into the rule yourself.) In summary, you are required to preserve and retain any records related to your investment advisory business. The storage of those items must be in a non-rewritable format to avoid tampering on behalf of an advisor, and preserved for a period of 3-6 years (depending on the subsection).
But even with SEC Rule 17a-4 in place, each state's individual regulator may place differing importance or focus on some aspects of the admittedly long and at times confusing rule. This can lead to further confusion and questions from advisors. What do I need to archive? What do I use to do it? Why is archiving software so dang expensive? And why do I have to do this in the first place?
The importance of archiving and the complexity and confusion around it is exactly why XYPN's Tech Team built and released XY Archive, a compliance archiving technology solution designed specifically for and available only to XYPN members. We wanted to create a solution that was easy to set up and simple to use, while also meeting all the necessary regulatory requirements. Plus, with the high price of archiving software, including XY Archive in membership is a nice bonus for XYPN advisors.
Since assisting 1,000+ members with onboarding to the new software after it was released in April, I’ve had hundreds of one-on-one conversations with XYPN members about compliance and archiving. Throughout that process, I’ve also seen my fair share of archiving mistakes. Here are the three most common.
Mistake #1. Not Archiving at All
There are so many things you need to do in the course of starting and running your RIA that it can be daunting to know where to start, or what’s most important. Not only do you have to create and follow a marketing and business plan, onboard and service your clients, set and stick to your budget, and set up your technology stack, but you also have to navigate your new Chief Compliance Officer duties.
Some advisors who started their firms before joining the Network (without included technology like XY Archive and a compliance team at their disposal) have never used an archiving solution for their communications. Maybe the need to archive communications wasn’t clear or finding an archiving solution just never made it to the top of the mile-long to-do list. Whatever the case may be, they simple weren't archiving their communications, period.
This can lead to problems during a regulatory examination if you’re asked to produce communications over a certain period of time. The biggest problem is proving that the record of communications you produce hasn’t been modified; how can you ensure that no emails, tweets, or Facebook messages were deleted? And if they were, what did those communications say?
This need for immutability of your communication archive is one of the biggest advantages of leveraging technology for archiving. XY Archive captures communications in close to real-time, and stores them with AWS’s WORM (write once, read many) protocols. That means in an audit, it’s easy to prove you haven’t tampered with your archived communications.
If you haven’t been archiving any communications, it’s not the end of the world. But you should start ASAP. Getting set up with XY Archive as an XYPN member only takes a matter of minutes, and from then on your archiving will be automatic.
Mistake #2. Archiving Only Email Communications
Do you have Facebook, Twitter, and Instagram for your firms, but only have archiving enabled for email communications? You may only post about your firm once in a while on those platforms, but exclusively communicate with clients over email. So that’s all you need to archive, right?
Unfortunately, the answer is no. While in the past archiving technology focused singularly on email correspondence (SEC Rule 17a-4 was released in 1997, after all), with the changing landscape of emerging technology and new ways to communicate about your firm and with clients, the regulatory landscape and requirements associated with archiving are also changing. Although you may primarily communicate with clients over email, any account or channel you use to communicate with clients or about your RIA to the public needs to be archived.
This is another advantage of using technology to archive your social media communications. XY Archive can capture communications where the clients you’re trying to reach are, such as Instagram, Facebook, and Twitter.
Speaking of where your clients are, let's now turn our attention to text message archiving. There are specific solutions to capture text messages, like MyRepChat, in XYPN’s tech stack, if you choose to communicate about financial planning and your work with your clients over text. This may be common when you’re first starting your RIA, when some of your first clients may be family members or close friends with whom you communicate via text message often. Do you need to archive every single text message you send to a client, even if it’s not planning or work-related? Rest easy. As long as you confine any conversation about your work with clients and their investments or financial plan to a source that is being archived, additional irrelevant text communications do not need to be archived.
But even if you don't use social media or text messaging at all to communicate about your firm and/or with clients, email archiving alone can prove confusing for advisors. Travis Johnson, XYPN’s Director of Compliance, noted another layer of complexity many advisors miss when it comes to email archiving—the types of emails sent.
“During a regulatory examination, regulators are allowed to review all communications retained by the firm, including personal communication if it is retained in the firm’s records. If the firm is not archiving or otherwise retaining ALL communication sent & received by email, they must have policies and procedures in place to ensure that all 'required' emails and communications are being archived.”
My point in sharing this? Compliance is complex—we're here to help.
Mistake #3. Failing to Review Communications
While Rule 17a-4 lays out the requirements for communication archiving, Rule 204(7) details the compliance requirements as a Registered Investment Advisor.
The rule states:
“If you are an investment adviser registered or required to be registered under section 203 of the Investment Advisers Act of 1940 (15 U.S.C. 80b-3), it shall be unlawful within the meaning of section 206 of the Act (15 U.S.C. 80b-6) for you to provide investment advice to clients unless you:
(a) Policies and procedures. Adopt and implement written policies and procedures reasonably designed to prevent violation, by you and your supervised persons, of the Act and the rules that the Commission has adopted under the Act;
(b) Annual review. Review, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation; and
(c) Chief compliance officer. Designate an individual (who is a supervised person) responsible for administering the policies and procedures that you adopt under paragraph (a) of this section.”
This rule is why you list your name as CCO on your ADV if you’re a solo-advisor, and the reason our compliance team emphasizes repeatedly the importance of having a compliance manual or Written Supervisory Procedures (WSPs). In a nutshell, your compliance manual states what you will do on an ongoing basis to remain compliant and how often you will conduct those activities.
Many RIAs create their compliance manual during or right after their registration period but fail to follow through with actually implementing it. XYPN makes compliance oversight and maintenance easier with another item included in our technology stack, SmartRIA, through which you can follow a compliance calendar and document compliance actions like reviewing archived email. However, many advisors still fail to follow through on successful implementation.
So, what does this have to do with archiving? Whether you’re a team of one or a team of twenty, you need a compliance manual that details how often you will be reviewing your firm’s communications.
Once you know how often you’re supposed to be reviewing your communications, how do you actually do it? And when you’re a solo-advisor, how can you review your own emails or tweets?
This is where technology can be your friend. Archiving solutions like XY Archive have built in lexicon-based data monitoring and communication flagging so reviewing communications doesn’t have to be manual. The software looks for terms and phrases for both client privacy violations (sending an account number or Social Security Number insecurely) and marketing violations. After reviewing that communication, you can download a report of the reviews you conducted.
Running your own RIA is no small feat; serving the role of CCO on top of business owner is a whole other challenge. That’s why XYPN has an entire team dedicated to helping advisors navigate the nuances of compliance. From novel technology solutions like XY Archive to personalized services like ongoing compliance coaching, we can lessen the uncertainty and stress associated with compliance and help make you the competent, confident, and capable CCO your firm needs to succeed.
About the Author
As a Product Owner, Taylor leads XYPN's Technology Department. She's passionate about leveraging technology to make the lives of financial advisors easier (and her own!), and driving new technology solutions in the financial services industry.