Aug 28, 2008
for your information
FYI Home
Morgan Lewis Home
Investment Management
Securities Industry
December 13, 2007         Securities Industry Group

FINRA Issues Guidance Regarding Review and Supervision of Electronic Communications

PDF version   Last week, the Financial Industry Regulatory Authority (FINRA) issued guidance regarding the review and supervision of electronic communications. The guidance sets forth principles for member firms to consider when developing supervisory systems and procedures for electronic communications that are reasonably designed to achieve compliance with applicable federal securities laws and self-regulatory organization (SRO) rules. FINRA’s guidance is in substantially the same form set forth in a proposal issued in June 2007.

In issuing the guidance, FINRA addressed a number of issues raised by commenters. In particular, FINRA stated that member firms’ obligations to supervise electronic communications are based on the content and audience of the message, rather than the electronic form of the communication. Additionally, FINRA stated that the guidance neither creates new supervisory requirements nor requires the review of every communication, and instead sets forth principles that member firms should consider in developing supervisory systems and procedures for electronic communications. FINRA also stated that, with the exception of specific areas requiring review by a supervisor (e.g., communications regarding customer complaints and regarding the content of a research report) member firms may use risk-based principles to determine the extent to which review of any internal communications is necessary.

FINRA’s guidance also addresses a number of specific issues relating to the supervision and review of electronic communications:

Written Policies and Procedures

The guidance states generally that an effective supervisory system starts with clear policies and procedures for the general use and supervision of electronic communications, which should be updated to address new technologies. As an example, the guidance notes that a general electronic communications policy written five years ago might not include policies governing employees’ use of technologies such as weblogs and podcasting to communicate with the public.

Types of Electronic Communications Requiring Review

The guidance states that member firms are required to establish policies and procedures regarding the forms of electronic communications that they permit employees to use when conducting business with the public and to take reasonable steps to monitor such communications for compliance with such policies and procedures. In addition, the guidance states that, to the extent member firms prohibit certain types of communication media, consideration should be given to taking technological steps to block or otherwise regulate their external and internal use. With respect to internal communications, the guidance states that, in reaching a risk-based assessment regarding the review of internal communications, member firms should give consideration to, for instance:

  • Detecting when a member firm’s information barriers are not working to protect customer or issuer information
  • Protecting against undue influence on research personnel contrary to SRO rules
  • Segregating the member firm’s proprietary trading desk activity from all or part of the other operating areas of the member firm

Identification of the Person(s) Responsible for the Review of Electronic Communications

The guidance states generally that member firms’ procedures should clearly identify the person(s) responsible for performing the reviews of electronic communications. In addition, the guidance states that, in the course of supervising electronic communications, a supervisor/principal may delegate certain functions to persons who need not be registered, but that the supervisor/principal remains ultimately responsible for the performance of all necessary supervisory reviews. In this regard, the guidance states that, where review functions are delegated, the procedures must provide a protocol to escalate regulatory issues to the designated supervisor or other appropriate department.

Method Used to Review Correspondence

The guidance states that member firms should develop review procedures that are both reasonably designed to achieve compliance with applicable securities laws, regulations, and SRO rules and appropriate for their business and structure, consistent with the principles set forth in the guidance. In addition, the guidance states that member firms should monitor for compliance with their supervisory procedures’ prescribed frequency, timeliness, and quantity parameters. The guidance also provides that, regardless of the method used, member firms should alert their reviewers as to the issues to be raised and material to be examined, including acceptable content.

Additionally, the guidance states that the manner and extent to which review tools are used is a determination to be made by each member firm based on its business model. The guidance also states that member firms may consider the following methods of review:

  • Lexicon-based review of electronic correspondence (i.e., reviews based on sensitive words or phrases, the presence of which may signal problematic communications)
  • Random review of electronic correspondence (i.e., reviews using a reasonable percentage sampling technique, whereby some percentage of the electronic communications generated by the member firm is reviewed)
  • Combination of lexicon-based and random reviews of electronic correspondence

Frequency of Correspondence Review

The guidance states that the frequency of correspondence review may vary depending on the member firm’s business and that, for instance, the frequency of review should be related to the type of business conducted (i.e., the market sensitivity of the activity), the type of customers involved, the scope of the activities, the geographical location of the activities, the disciplinary record of covered persons, and the volume of the communications subject to review. In addition, the guidance states that member firms should prescribe reasonable timeframes within which supervisors are expected to complete their reviews of correspondence—taking into consideration the type of review being conducted and the method of review being used—and that member firms should carefully consider the type of business their firm is conducting and the extent to which a review’s usefulness, in the context of that business, is diminished by the passage of time.

Documentation of Correspondence Review

The guidance states that member firms must evidence their reviews, whether electronically or on paper, and be able to reasonably demonstrate that such reviews were conducted.

To view the guidance, please visit http://www.finra.org/web/groups/rules_regs/documents/notice_to_members/p037553.pdf.

Securities Industry FYI is a service of the Broker-Dealer Practice of Morgan Lewis. If you have any questions concerning these important legal developments, please contact any of the following Morgan Lewis attorneys:

New York
Ben A. Indek    
212.309.6109  
bindek@morganlewis.com

Jennifer L. Klass   
212.309.7105  
jklass@morganlewis.com

Washington, D.C.
John V. Ayanian   
202.739.5946  
jayanian@morganlewis.com

Mark D. Fitterman   
202.739.5019  
mfitterman@morganlewis.com

Beth D. Kiesewetter   
202.739.5127  
bkiesewetter@morganlewis.com

Posted in Broker-Dealer Regulation, Securities Markets

Copyright © 2007-2008 by Morgan, Lewis & Bockius, LLP. All Rights Reserved.
This communication is provided as a general informational service to clients and friends of Morgan Lewis. It should not be construed as, and does not constitute, legal advice on any specific matter, nor does it create an attorney-client relationship.
Terms of Use