What advisors can and cannot say in marketing and other communications is rapidly changing. Hear from industry experts about how they keep their firm communications and social channels on trend, innovative, and, maybe more importantly, up to code. Learn the tricks of the trade for keeping your firm compliant in these areas:
(1) document storage
(2) file sharing
(3) social media compliance
(4) Website Compliance
Transcript :
Panelist (00:08):
So what is a problem? Maria, you want to start?
Maguerita Cheng (00:12):
So sure. I mean it is a problem because we are so used to using all these applications, whether that's Facebook, messenger, WhatsApp, texting and so forth. So I mean, they're everywhere. We can't imagine running our lives with these messaging apps, but it becomes a problem when we are doing this and we are not archiving our messages. I mean, that's just high level, but we're here from Scott, the compliance expert.
Scott (00:39):
Well, yeah, absolutely. Thank you. And from a broader perspective, I mean I think it's a problem because technology moves so much quicker than the regulatory landscape. So if you think about the investment advisors act in 1940, written in 1940, and we're still operating primarily on that guidance and how many things have changed from a technological perspective since 1940. So the introduction of new apps, new ways to communicate, especially social media. We talk about social media in a moment that happens so much more quickly, then regulators can create regulatory guidance. Then firms can adjust policies and procedures, education content. And so it just happens so fast. And then the next thing you know, wake up and you have a problem that you didn't know you have because the source of the problem didn't exist five years ago. So that's a lot of why I think that that happens.
Panelist (01:34):
It's a big issue. Yeah, we are definitely stuck on all the messaging stuff. And I find the problem as a journalist is that there's the email that comes with my corporate system and then there's Slack, which comes with my corporate system. And then there are a million other things that I use which are outside the corporate system. So there isn't really a compliance issue for me, but certainly when I think about where are all my communications, they're everywhere.
Scott (01:59):
And when we start to drill down to a firm policies and procedures perspective, one of the biggest things that I see that's a challenge for firms is in the area of technology, a lot of firms are focused on growth naturally. So if there's no revenue, there's no firm, and having to purchase new technology for the purposes of supervision doesn't directly correlate into increased revenue. So the marketing side of it, going on Facebook, going on social media, gathering new clients, going through the prospecting process, that's what brings in the money. But when you have to spend an extra $5,000 a year on technology to monitor communications, to store communications, that is an expense on the balance sheet that doesn't necessarily translate to positive financial growth for the firm. And so that's one of the biggest things is that it's just kind of insurance. It's a tough pill to swallow.
(02:55)
You know, don't want to get life insurance because you're like, well what if I don't die? Do I get the money back? Well, no. And so it's hard to purchase software and invest in technology when it's like, well, what if my advisors behave themselves? Did I really waste five or $10,000 on this system or that system when we really didn't need it anyway, the reality is perhaps right, but I think that that's one of the biggest challenges that that firms face is just having to swallow the pill of investing is one of the pieces. Did you want to piggyback at all on that or
Maguerita Cheng (03:25):
No, I definitely agree and I have a lot of people. So I have a very active presence on LinkedIn and even before I launched my own firm, I was very careful about what I did on LinkedIn. I didn't really post, the only thing I did was maybe congratulate people on a job because I was connected with my compliance officer. A lot of people, because we had to that back then, we didn't necessarily have archiving tools available. That was about 10 years ago, maybe they were. But my broker dealer was a little bit behind the times. I've had a lot of advisors ask me like, hey Maguerita, you are on LinkedIn. What is your return on investment? How many clients have you gotten not from LinkedIn. I was like, well, I don't really like message or market people on LinkedIn. I'm not using LinkedIn in that way. Now there may be plenty of people who are, and if they are, that's when they have to make those investments that if they're going to use LinkedIn to prospect and markets and all that, and if they have a team of advisors, then it becomes an expense.
Panelist (04:32):
So do you mean marketing archiving the LinkedIn messages within the LinkedIn platform so that they run through the corporate server in some way?
Scott (04:42):
Right. Yeah. I mean what we tell firms is right. There's one of two ways to skin that cat. If you take all of your marketing materials and you put them through a pre-review process where the CCO reviews the material and they approve the material and maintain a marketing and advertising log that shows evidence of that approval, then it doesn't really matter from that point where you disseminate those materials. Because as you don't change them, as long as you don't change them, right? And so you know, put them on LinkedIn, you put them on Facebook, wherever you put them, it's fine for the most part as long as the CCO has reviewed and approved those materials and there is no additional commentary. And that's the trick that is added to the materials after the post. So if you have a infographic and your CCO approves it, great.
(05:27)
But if you put that infographic out saying, I'm a top 10 advisor with 8% returns over the S&P last year in your comments, now you have added to and materially changed the content that was approved by the CCO, now it's not approved anymore. And so that's kind of one way to look at it. But going back to the technology conversation, understanding the capabilities of the supervision software that you select, right? And making sure that the channels, the marketing channels are adequately connected to that software. A lot of times we'll see where a firm will have a Facebook page and the Facebook page will be being archived by software, but each individual advisor is actually posting things on their personal page that is not connected to the supervision software. And so that's one of the biggest pitfalls. And it's educating the advisors to say, listen, anything firm related has to come through the CCO and we need to make sure that we have set up a journaling rule that archives that information so that we can maintain it for books and record storage. And that's the hard part because advisors just get excited about the business and really want to grow and want to communicate what it is that they do using every channel available. And so there has to be some restriction from the firm's compliance program in order to be able to maintain institutional control.
Panelist (06:49):
So we started out talking about messaging. Now we're kind of talking about social media. Those two things are very much related. So a problem that I see here, let's say I'm an advisor and I come to a conference like this and constantly people are talking about empathy, empathy, empathy. I have to be my authentic self. I have to bring my whole self to work. Clients are interested in knowing who I am, that I'm a person with failings and that will help them to not be afraid to ask me for financial advice. Then I can really help them to do what they want, achieve their goals. That's how I'm going to grow my business. But to do that, I need to post things on my personal social media and connect to clients or prospects. And those things are not going to be approved either. I'm not going to want to take them to the firm for approval or they're not the sort of thing that I would think to approve, but I'm still talking to clients. How does that work?
Scott (07:41):
So I'm sorry, lemme know if I'm holding the mic. No, you go
Maguerita Cheng (07:44):
Ahead and then I'll be able to
Scott (07:45):
Share the, so I look at that almost as an occupational hazard, alright? And we hear this a lot with text message archiving. So when you go to sync a phone into a text message archiving system, the system's going to capture every message on that phone, whether it's a personal message or whether it's a professional message. They're all getting captured. And that's one of the reasons firms are struggling with text message archiving is because you have to either provide the rep with a phone that's only for work purposes, or the rep has to be okay with their personal messages being shared with their firm, right? And so it takes authentic self to a whole nother level. And so if you have a personal Facebook page, then every single thing on that personal Facebook page should be something that presumably you're okay with your employer viewing, right? Because that is your authentic self. But the challenge is that has to be in line with the culture of the company, right? And so you do have to sacrifice your ability to use that system freely if in fact you want to do so compliantly and that's the catch 22.
Maguerita Cheng (08:52):
Absolutely. And I can speak to that. So I mean have two Facebook pages. One is personal, the other one is business. And you'll see my kids will say, my gosh mom, we love you so much. I don't really post a lot on my personal Facebook page whether that's in my personal life or professionally just because that's not really who I am. So I think the takeaway here is if you are going to hold yourself out as being your authentic self, you're going to have to give up a little bit of your privacy. If whatever your struggles are, maybe your struggle is you know, want to be more fit or you want, or your struggling with caregiving for an example, maybe Facebook is not the place for you to post and share your authentic self in this case. Because remember the moment you post on that personal Facebook page, all those message need to be archived a better. It doesn't mean that you shouldn't share, but maybe a better way to share would be on the blog of your website.
Scott (09:53):
That's a really great point. And I also think that, and this is kind of non-electronic communications related, but tangentially create related. I also think that this is why we're seeing such a move to folks that are registered representatives of broker dealers that are breaking off the start their own firm and they're doing so right in order to regain creative control of the content that they put out. And broker dealers just got that no stamp and they're just going to keep stamping. No, because the easy way to do it with your smaller advisors, we're seeing firms that are coming out and saying, hey, I'm the lead advisor. I'm also the CCO, I'm a single advisor firm. That means that I can approve real time my content, whether it's on my personal Facebook and it starts to matter less and less. The fewer people that are involved in the firm, the less risk that I believe regulators view public communications for that firm. I think it's just a real natural progression for regulators to look at a single advisor firm and say, okay, you're the CCO and you're the advisor. We can hold you accountable on both fronts and it's easier for you to supervise versus you being a CCO with 30 different advisors across 15 different states. And your job is to monitor communications across all advisors. I think that's a little bit more challenging.
Panelist (11:06):
You also have the ability to have just a completely personal social media profile. So for instance, Instagram and you make it private and the only people who are allowed to connect to that account are your personal friends. They're not clients, it's not involved with the firm at all. And that's where you have your fitness or caregiving struggles or whatever it's going through.
Scott (11:24):
If you show me an advisor that has no personal friends as a client, right? That's the problem. That's the problem.
Panelist (11:31):
I remember I talked to a book agent about this once who said that she was, when she first started out as a literary agent, after having switched careers, that she was feeling badly about herself because she attracted a number of friends as clients. And then she realized that's the point.
Scott (11:49):
I think so, and this is where we see another that firms face when the responsibility is for the advisor to maintain documentation of all client communications. Many advisors have clients that are family members that are friends, and the communications have nothing to do with the advisory business. You're just texting your mom, what time you coming to Thanksgiving dinner? And it seems absolutely ridiculous that that conversation would somehow need to be archived. And so I mean, the only thing that we can do is we focus on policies and procedures that again, are reasonably designed to detect potential violations. And so with each firm, it's going to be a little bit different. With your single advisor firm, we may be able to find a little bit more flexibility and actually put in the policies and procedures. Friends and family communications are made through off channel methods as long as they're not pertaining to the advisory business. We might actually put that in policies and procedures and for a state registered single advisor firm that might fly versus a larger advisory firm with more advisors that are under supervision and may need more institutional controls. But that is the challenge, right? Friends and family, by definition, those communications, if they have signed advisory contracts with the advisor are supposed to be archived. And there is no carve out that I'm aware of that specifically says if you're talking about the basketball game or upcoming vacation, that you're exempted from the rule.
Panelist (13:18):
Which is so funny because if you are going on that vacation with your brother, who is your client, nobody's going to know what you talk about when you're in the kayak.
Scott (13:26):
That is why I tell folks to focus on extemporaneous content, extemporaneous the carve out in the advertising rule that says that extemporaneous content is not included in the definition of advertising. And so just common conversation, verbal word of mouth, there is no requirement to maintain documentation of those conversations.
Panelist (13:48):
So you should kayak with your clients as much as possible.
Scott (13:51):
Well, I'm not going to say that I don't know all the facts and circumstances, but I'm going to say that if you're having conversation that there is an interpretation of the rule that would provide a little bit of a carve out to, you're not required to sit there and type and transcribe every single conversation that you have. It's just not a requirement.
Panelist (14:09):
That would be very creepy.
Maguerita Cheng (14:11):
It'd be very creepy. So if you don't want to kayak, you can play golf, you can go for a run, you can do yoga. Right,
Scott (14:17):
Exactly. Clients.
Panelist (14:18):
Exactly.
Maguerita Cheng (14:19):
With your clients, definitely. And the irony here is if you are a good advisor, you develop meaningful relationships so your clients become your friends or your friends, you become your clients. So that's where it can get kind of tricky. So no, you don't have to kayak, but you can play golf, tennis, pickle ball.
Scott (14:40):
I love it.
Panelist (14:41):
Salsa.
Maguerita Cheng (14:42):
Yeah, restorative yoga.
Panelist (14:44):
Right? Okay. Yeah, I mean, I guess the other side of the social media question is if with an eye towards creating content for that you're deliberately creating for advertising. So this the last session, we were talking about content as a strategy. So if I want to create a thought leadership piece or some sort of infographic or something, and I'm doing this on purpose to use for client prospecting, how do you manage that whole thing so that it can be done quickly? Because on social media things, you want to respond to trends, not necessarily to memes, but to what's going on in the world. You're going to write about the debt ceiling when that was a thing a couple weeks ago. It's very relevant to clients. You want to get it out there now, you don't want to wait six weeks for the chief compliance officer to take a look at it.
Scott (15:36):
Sure. Yeah. So that goes back to kind of the rigid nature of broker dealer compliance and some of the freedoms that you can kind of experience when you go independent as an RIA. The idea here from my perspective is, okay, if you can't implement a 24 to 48 hour turnaround time on your marketing review materials directly from your CCO, then it might be time to take a look at your policies and procedures to see if you can find a little bit more flexibility. And what I mean by that is the reason that marketing pre-review is so critical is because you're operating under the assumption that the advisor doesn't know what is and isn't compliant. And the reason that nine times out of 10 firms operate under that assumption is because they haven't spent enough time educating advisors on what is and isn't compliant.
(16:26)
So if you wanted to find a carve out or a loophole, what you might want to do is focus on advisor education to teach them what is and is not compliant and have more frequent sign off by way of attestation from the advisor that states that they understand what they are and are not allowed to put out on social media. And then increase the frequency and nature of your post review process. So if I say, listen, we're going to lighten up our policies and procedures a little bit, let you start posting a little bit faster, okay, alright. We need you to read this guidance, this regulatory guidance on SEC 2064 dash one, okay. We're going to give you this quiz that shows that you understand what pieces of the puzzle you are and are not allowed to put out disseminate publicly. Alright? And then we are simply going to monitor your page more often than we normally would to make sure that if we identify anything that you've put out that we promptly address it right now. Again, I'm not guaranteeing that the SEC or any regulatory agency is going to come out and say that that's sufficient. But what we have seen with our small to mid-size advisors is that if you put in those types of program requirements and you execute them consistently, then you're still less likely to commit a compliance infraction than a firm who has a more rigid pre-review process.
Panelist (17:48):
Because the advisors are better educated or because more scared of getting caught.
Scott (17:52):
Because both the advisors are better educated, they know, and they'll start to actually say, hey, wait a minute, does this need an extra disclaimer on it? It does kind of reference this. And so that education process is critical in itself, but then also the advisor's aware that their social media pages, their post review processes are happening a lot more frequently. And so they think about it more. And that's just one piece that maybe a small firm could think about trying to implement if that was critical.
Maguerita Cheng (18:24):
I just want to play off of that. There's ways in which you can balance this. You can be 100% compliance because your firm may have access to approved content about the debt ceiling or about Silicon Valley Bank. So you post that exactly how it's do not change it because that's timely. You want to get that out there, but then there's other opportunities where you can create your own content. I create a lot of content around Gen X and being sandwiched and what's that? No one can tell me that talking about my family is not compliant, it's compliant. I talk about what it's like to care for my eight year old and my eight year old dad at the same time. So this is how we can be 100% compliant as well as take the opportunity to share our thought leadership, if you will.
Scott (19:13):
And I think that where we really started to see this come to fruition was with Twitter and kind of the real time nature of the active thumbs. And at first I was very conservative about it and I told firms, I said, look, take a Microsoft Word document, copy, paste your tweet onto it, put it in a file, mark it as something that you have reviewed. And we were really conservative about it. And then over time we started to think about it in a little bit different way. And perhaps the reason regulators have not specifically commented on Twitter as a platform is because of how opinionated some of the commentary might be. And it's my suspicion that regulators probably aren't comfortable with marketing platforms that are designed to display individual opinions because I think that with those opinions come conversation and with those conversations come conflict, and I think that there is a little bit of an open window to introduce risk to your firm's compliance program by participating in platforms that inherently may generate conflict.
Panelist (20:28):
But conflict isn't necessarily non-compliant.
Scott (20:31):
No, it's absolutely not right? But conflict can lead to client complaints and it in itself is not non-compliant, but it does open the door or open the window to having to figure out, and we have this happen all the time where a conversation starts between an advisor and a client and there's an element of disagreement in that conversation that may have nothing to do with portfolio management, but because the conversation turns negative so quickly, now the advisor's questioning whether or not it's a claim complaint and it may or may not be, but now we have to review it as if it is potentially a client complaint because now we just have a conversation that just has a lot of negative tone and connotation.
Panelist (21:16):
Like politics or interpersonal.
Scott (21:17):
Conflict throughout the reason. Tons of things. Clients that go through divorce and the advisors on both sides and has relationship with both parties, right? We see that happen a lot. So it's interesting to think about.
Panelist (21:30):
That makes sense. Yeah. Okay, so let's talk also about document storage, where to keep things, how to keep them there, what to do about stuff like the cloud.
Maguerita Cheng (21:44):
Sure. I mean, I know as far as CFP board is concerned, so I'm a certified financial planner, CFP pro and I do teach the CFP ethics course and here is what CFP board has to say about that certain content. So your financial planning agreements, they must be written, they must be in paper form. It doesn't necessarily mean paper, it just means if you were to be audited, you need to prove that the client is aware, they are engaging for financial planning services and you have paper to back it up. Now it doesn't necessarily mean that it has that you have to have given client the paper. Do you have a DocuSign? Where are you storing that? The other thing that CFP board also really, really cares about as far as storage is concerned is they know that certified financial planners, CFP pros are not technologists, but we have a responsibility to vet our vendors to make sure that our vendors are keeping clients safe.
(22:49)
Now, if there's a breach, Scott and I talked about this on the prep call with Hana, that what policies and procedures did you use to demonstrate that you have done everything you've you and your firm to keep your clients safe as well as vet your vendors? And then Scott can take it from here how he works with firms. But as far as CFP board is concerned for certain things, you do need to have records. It doesn't necessarily have to mean paper, but if you're using a DocuSign, can you pull up those documents and prove that you gave that information to the client?
Scott (23:24):
Yes. Yes, absolutely. So vast majority of firms are using cloud-based or electronic based document storage solutions. Your Dropbox, your Gdrive, your Microsoft Vault 365. And so that's what most firms are using at this point. And to this point, we have not had regulators come and specifically say that for some reason that created some type of issue from a business continuity or cybersecurity perspective. Alright, so that's the most popular thing. We do get the question a lot, well, how do I know if my document storage platform is compliant? And then I always say, well, that's the wrong question. The question isn't, is it compliant? The question is why is it compliant? And so I think that that just goes back to the third party vendor due diligence process that we were talking about earlier. What's the nature of encryption of the documentation of the storage solution?
(24:23)
So how secure is it, right? Who within your firm has access to it? And are those different access levels set up appropriately for the firm? Some people don't need access to everything. Do we have controls for that? We talk about having a data inventory, which is basically a report that we maintain that says, okay, here's what data's located in this system, who has access to that system? And we use that as a process for onboarding and offboarding advisors. And so one of the biggest things we see missing is the firms that will either bring an advisor in or be offboarding an advisor or employee, and the removal of access kind of trickles in and trickles out. There's no definitive point where this person loses access to everything. It's like we wake up one day and say, oh yeah, I need to remove access to CRM for X, Y, Z person.
(25:18)
And there's some inherent risk there as well. And then I think that from a business continuity perspective, when you're talking about document storage, you want to be cognizant of potential catastrophic loss. I think that's why regulators have been by and large with cloud-based storage solutions because they know that there are controls in place that allow you to run daily backups or weekly backups to an external location rather than having that to be the only location the documents are located and probably a less chance that the entire Google facility's going to lose access to document than in one single office with paper files catching on fire. So I think that's one thing. From an operational perspective, I think that firms need to be cognizant of cost, particularly with social media website archiving. The more data you acquire, the more that you're subject to be charged by your service provider when you want to retrieve that data.
(26:24)
So if you have a website and the archive is taking periodic pictures of changes to that website over time, you've got that website for two years, three years, four years now you've compiled a lot more gigs of data than you originally had. And so that's an operational piece that I think that that need to be aware of as well. But yeah, I mean from a storage perspective, I think just having policies and procedures that state what document storage solution you're using and maintaining some type of data inventory that shows what information is housed where, and then executing the due diligence. We always start our third party due diligence process with the vendors that we know maintain client material, non-public information. So if one of our vendors has a client social, a client account number, those are the vendors that we start and we're the harshest on in terms of how we do our third party vendor due diligence.
Panelist (27:20):
Yeah. Oh, sorry. I was going to ask also, this is another thing that always comes up at our wealth tech conferences is there are a lot of interesting startups and startups tend to pitch themselves as we are better than the big guy in this particular vertical that we're in. We don't have that many customers yet, but try us and you'll like us. How do you do diligence on a new company in terms of compliance.
Scott (27:42):
Right? Yeah. So the reality is your third party vendor due diligence processes need to be pretty much the same across the board because that's going to help you maintain consistency of documentation. So if you have a due diligence questionnaire, for instance, that you're going to, you know have, you're using Orion and you're going to do an Orion diligence questionnaire, then hey, that third party startup needs to be able to answer that, those same questions. And if they can't, then that's going to show in the same questionnaire. And so you know, may have some NAS or some empty spaces on that questionnaire due to industry type or due to product type. But for the most part, anything that regulators are going to ask for service provider A, they're going to ask for a service provider B, whether or not they're a startup or they've been in the industry for 30 or 40 years. The core of the regulatory guidance that requires that third party due diligence is the same across all those organizations. Did you have any?
Maguerita Cheng (28:41):
I really like this question because actually with the new rules for CFP board ethics, they've actually expanded in the rules I printed out, just in case someone asked me a question, there is clarity about conflicts of interest and compensation. They've also expanded CFP PRO certified financial planners responsibilities with regard to client privacy, protecting non-public personal information. And so if a startup comes along and they cannot answer the question of what they're doing to keep your client's data safe, as I'm wearing my CFP pro hat here, you may not want to engage with them because the risk is just two grades.
Scott (29:24):
Exactly. And that's where they'll learn. They'll learn it from you, you tell them they need to be able to do it, and they say, well, if it comes out in the process that they can't, and you tell them, I'm sorry, we can't work with you. That gives them the fuel that they need in order to make a more compliant platform.
Maguerita Cheng (29:39):
Absolutely. You're not being mean the risk because have to think about this, we cannot avoid all risk. It's about being risk aware and managing risk. And you could just say them, Hey, I'd love to sign up. But the reality is for those who are certified financial planners, not just about being a CFP group, but a lot of these rules do overlap. So if it's good enough for CFP, most likely it's probably good enough for the SEC. So it could be a situation, well, we just got to get some people on board so we can scale and then we'll add it. This is a situation where you do need to hold their feet to the fire that the only way they are going to scale and get more people onboard is if they do this.
Panelist (30:20):
Can't really take risks with client data. It doesn't matter how big the company is. No, no. Okay. So the next thing on my list of the keys to success was file sharing. So I assume we're talking about if you provide some sort of presentation or a document for a client and then how do you share it with them? How do they pass it along to their friends, which you of course want them to do. How does that work from a compliance standpoint?
Maguerita Cheng (30:46):
So I have a client vault, but I understand that I may not want to give the client's advisors access to their vault. A lot of material, and sometimes this is a real example, it's tax season. The client's in Hawaii, they forgot to bring their stuff or they got locked out. I can upload their tax documents and put it in the client vault for them. I'm not going to give their other advisors access to that client, but to those files. But what I can do is I can take those client, those files. I do have a letter that the client has signed that I'm allowed to give them to their advisors, it's on file, and I can send those tax documents via secure email, not regular email. So I think that this is a case where if you wanted to, with the client's permission, you could give them access to maybe a shared drive. But for me, I will put the tax documents in their vaults and I will, if they need me to send it to their tax advisor or whoever their other advisor is, I'll send it via secure email, not regular email, and I will CC the clients.
Panelist (32:01):
I like that. Not regular email.
Maguerita Cheng (32:02):
That's how I handle this. This is regular email. So what I'll do is just to make sure that I am being timely and responsible. Believe me, I've had some people who've been really mean to me. My daughter's in the audience here and in 2020 there was a older advisor who decided that he wanted me to have his clients. His son was supposed to be his successor, but his son didn't want to be a successor. His son wanted to be a golf pro. And so here I am, I'm not even kidding, it's like April, 2020, we know it was happening. I'm calling his clients and his clients are like, why are you calling me? Bob used to just do this for me. I said, I can't speak for Bob, can you just send me my tax forms? No, I can't. Some of these people, they did leave. I think I was a little bit too regimented for him. So how I handle this is I will email the client, I just want to acknowledge your email due to privacy or security. I want to keep you safe online and offline. I'm acknowledging this email be on lookout for a secure email. And I'm seriously your tax advisor. So I would say that I do excel at client communication, but what's really important is just keeping people safe and secure.
Scott (33:14):
Absolutely. I agree a hundred percent. The thing that comes to mind when we have that portion of the discussion is the email review. So the next question is, right, we know our firm's policies and procedures are that any material non-public information must be sent securely. How are we making sure that that happens on an ongoing basis? And so this ties very closely in with what we're talking about in terms of technology. So when you are selecting the service that you're going to use for your archiving, you make sure that that service also is able to capture emails because you can use the same system to execute reviews along all of those multiple platforms. All right? And what we do with our programs is we go in, we pull a reasonable sample of emails, we take a very close look at the attachments. For this reason, we know that it's easier for advisors to just attach things to emails than it is to make sure that things are sent securely.
(34:13)
And then we create a report and we identify any instances in which non-public information may have been sent via email, reach out to the advisor, reach out to the compliance officer, let them know. And we include this also in our annual compliance meeting. So every year when we have our annual compliance meeting, we go over the statistics and we talk about that subject. So I mean, I think that on the front end, absolutely you have to have a secure file sharing system. Again, the SEC's not going to tell you which one you can and can't use. They're just going to ask you why it was compliant. A lot of the financial planning software that we see now has vaults that you can use to secure transfer documents. But then having those ongoing policies and procedures to show that you're monitoring to make sure that that's actually what's happening is equally important.
Panelist (35:02):
Great, great. Okay. And then we were going to talk about website compliance. I assume this is very similar to social media compliance, right?
Maguerita Cheng (35:11):
Absolutely. So as Scott mentioned, it can be really expensive. So you really want to be intentional, think about where you want to be. So I'm here to say my Twitter, my Facebook and LinkedIn are all archived as well as my website every night before I go to sleep. My website is archived and I know I pay a lot for that, but it is my insurance.
Scott (35:37):
I like that. Absolutely. From a compliance perspective, there's a couple of things that we always see with website compliance. The first thing is disclaimers and disclosures, making sure that you've got adequate disclaimers on the website. We always advise clients if you can at all stomach it, stay away from any discussion regarding performance data, either hypothetical or actual. As soon as you introduce performance data to your website, you are opening up almost Pandora's box of scrutiny from the regulators because at the end of the day, any statistical claims that are made on a website, there has to be documentation supporting those claims. And so if you are saying, Hey, we've even seen instances in a regulatory exam where advisor just said, Hey, we charge 1% of assets under management, which is less than 75% of other advisors on the market. Well, where'd you get that number?
(36:31)
Where did that 75% come from? What type of research did you execute in order to establish that your fees are lower than 75% of other advisors? And what we usually find when we dig a little bit deeper is that maybe we didn't research it as much as we want to also sample fee calculations. So if there is a fee schedule that is not a traditional assets under management fee schedule or very easy to understand fixed fee schedule, and when you provide sample fee calculations on your website, you are adding the additional responsibility to ensure that every single client's calculation matches what it is that you've advertised. And that removes in a lot of ways your ability to negotiate your fees. The easiest way to do it is simply of course to have the traditional AUM fee schedule and then a fixed fee schedule If you're a financial planning advisor, we also do cross checks to make sure that the fees that are disclosed on form ADV part two a item five, match the fees that are being disclosed on the website.
(37:29)
And we will see this kind of from time to time where regulators will say, well, your website says that your fees are starting at 1% of assets under management, but they don't say where they end at. Your ADV on the other hand will have a fee schedule that shows your highest fee is 1.75. And so the regulator has the opportunity to determine whether or not they feel that it's misleading to list the 1% number without including what the highest potential fee could be. And so there's two primary concepts that we use when we do our marketing reviews, materially misleading, fraudulent, and deceptive. And both of those concepts come directly from SEC 2064 dash one. And basically regulators have a lot of leeway to determine if they feel like something on your website is materially misleading. They don't have to have proof of their theory.
(38:19)
They can just say, Hey, listen, this is why we feel like this is misleading. Ratings is another big piece you want to look out for. If you say that your top five advisor in your local region or rated number 40 on Investopedia, you have to have documentation that shows the methodology of the process, which you received that particular rating. And if there were any conflicts of interest regarding that rating. A lot of advisors have the opportunity to join professional organizations and then they pay a fee to that professional organization and then a year later they get a top five rating. And so from a regulatory perspective can be seen as a conflict of interest. Would you have received that rating if you did not pay that professional organization? And then another thing to really look out for is a lot of small to mid-size advisors are growing and are excited about the growth.
(39:09)
And so they like to include third party service providers as team members on their website. And so for instance, we have a couple of our clients that, you know, might see my face on their website as their compliance consultant, and that's fine. However, what you always have to remember is that as a part of your regulatory exam, the regulators are going to go to your website and they may ask you questions about how you're adequately supervising everyone on your website. So, and it can be a situation where you're not required to supervise someone, but since they're on your website, the regulators open up a line of questioning and start to question your supervisory practices on that front as well. So that's that. I won't go into the testimonial disclaimers unless somebody has a specific question on that, but I think that's kind of the biggest piece of the puzzle there.
Panelist (39:56):
Oh, that's so interesting. So they want a lot of people on their website, so it makes it look like it's a bigger company than!
Panelist (40:03):
Yes. But they're opening themselves up to the idea that they might actually have to come to your office and supervise you.
Scott (40:10):
Correct. Which they can't do. Correct. And it doesn't work for that. Exactly. Exactly. And they open up questions in terms of how often the website gets updated. Perhaps there's someone who, a third party service provider the firm's no longer working with and still featured on their website, and is that materially misleading as it pertains to the size and operation of the firm? Right. So we will see that sometimes.
Maguerita Cheng (40:32):
Okay. So absolutely. I mean, I love what you said about it being misleading. So as far as CFP board is concerned, we have to think about the mission of CFP board and that is to serve the public by granting CFP certification and upholding it as the standard of excellence in personal financial planning. Yes, I got that right. Any ambiguity will be interpreted in favor of the client. So the burden is on the advisor CFP Pro to demonstrate that they did not mean to mislead the client. The same thing here with conflicts. I know what you mean. I have seen this as a duly registered. I see a lot of people, our investment team, and it's basically linking to the home office personnel that really, as far as CFP board is concerned can backfire. Because if you are holding these individuals out as an extension of your team, what process are you using to supervise their work? That's what we call third party advisors. How have you vetted them? How are they being compensated? Is it consistent with your firm? Because the issue isn't that you cannot use professional advisors, but if these professional advisors are being held out as being affiliated with your firm and they receive different types of compensation other than your firm. So if you're holding yourself out as fee and you have these professional advisors on your firm and they are not fee you have intentionally or not misled the public regarding your method of compensation,
Panelist (42:18):
That's tricky.
Scott (42:19):
It's possible, absolutely.
Panelist (42:22):
Not. Awesome.
Scott (42:24):
And just one more quick tidbit. A lot of times we'll see firms that are changing their fees and the first idea of course is to change the ADV, and that's exactly what we need to do then the contracts. But we can't forget to change the website. And so that's what gets missing a lot of times. And sometimes we'll notice we've made fee changes and three months later the website's still on. The old still has old fee schedules updated.
Panelist (42:50):
So you need a change management practice.
Scott (42:51):
It needs to kind of flow through. We also see where advisors that post the link to their ADV, okay, if that link that goes to your ADV from your website is a PDF, then you have to remember to update that each year as you do your annual updating amendment as opposed to just linking directly to the IAPD website, which works just as well. But then that way you don't have to constantly update the PDF every time you change your ADV. And that's a piece there. And then we also see folks that want to do frequently asked questions on their website just to provide clients that kind of basis. And so whenever you're framing those frequently asked questions, there's certain verbiage that you can use. You want to, going back to the previous point, try to remove any ambiguity and just be very straightforward in your frequently asked questions.
(43:48)
I remember at one point in time we were doing a regulatory examination and the SEC commented that the firm had the word may in their ADV 96 times. And so for them that was too much ambiguity in terms of the disclosures. If you may do this and may do that, well what do you do? And so we try under keeping our options open. Yeah, yeah, exactly. Just keeping our options open so we understand that there's the need to be somewhat conversational in marketing materials, but trying to be definitive as much as possible can kind of help remove that ambiguity.
Panelist (44:25):
Great. Okay. If there are questions we have time for a question or two.
Maguerita Cheng (44:30):
I saw Shauna, did you have a question?
Audience Member (44:33):
Well, okay, so we're talking about the off the record so far when I go to marketing or advertising larger firms for what they're saying. So how do you approach that or what would your best practice help? Are they similar to combat?
Scott (45:26):
Sure, absolutely. Thank you for the question, and I hope so extemporaneous. I hope I didn't say contemporaneous. Sometimes I do that you said.
Audience Member (45:33):
Except I just have?
Scott (45:35):
Okay, extemporaneous. We do that all the time. No, one of our team members always says that, and we looked it up one day. I think contemporaneous means happening at the same time. Extemporaneous means happening randomly. But what we always tell firms, so there is currently no requirement to record video conversations. However, if you choose to record the video conversation, it does become a part of your firm's books and records. So the requirement to maintain the record of that conversation is introduced upon the recording. Right. And we're seeing this a lot with a lot of the AI transcribing software. A lot of folks are now starting to transcribe their video calls. If you want to stand under that shield of extemporaneous, extemporaneous content, then you do not want to record or transcribe any of your client calls.
Panelist (46:27):
But you won't necessarily know if your client is recording.
Scott (46:30):
You won't know journalism!
Audience Member (46:37):
Maybe they want to.
Scott (46:40):
Yeah, no, and that's a great point. And I'd say fortunately for the advisor, client actions are not covered under the investment advisors act. So the Investment advisors act mandates that the firm have certain policies and procedures. It doesn't say that your client's behavior must conform in any way with your prior policies and procedures. Now, from a legal standpoint, of course, I'm not an attorney, so nothing should be misconstrued as legal advice from me anyway, but I can understand why, right. There would be some concerns of clients recording conversations, especially without the advisor's knowledge. But the regulations simply do not require that an advisor maintain or actively ask a client if they have recorded something for the purposes of maintaining that conversation. Not to my knowledge. I've never seen that.
Maguerita Cheng (47:32):
And I have heard how some large firms actually do not allow their advisors to be on Zoom. They have to use teams because it is archived or WebEx. The other thing that I've also heard is some firms, they actually disable the chat feature. I think if you have more than one client, well, I mean I should do one client group because you could have the parents, they might be your clients, and then the adult children that want to join. I'd say if you have more than one client group, then that becomes a webinar. And that's exposing you and making sure that you have a whole different set of rules, making sure your content is approved by the CCO, and that's marketing as opposed to a one-on-one meeting.
Scott (48:22):
And also, just to clarify that the portion of the advertising rule that specifically excludes extemporaneous content that's advertising, which isn't exactly the exact same as a client communication. So the way I look at it is advertising, of course is dissemination to the public. Your client conversations are generally viewed to be one-on-one for the most part. The way that I look at it is if you were sitting down with a client at a lunch break or something like that and you were to have a meeting with the client, whatever notes you would take from that meeting and place in your CRM are the exact same notes you would want to take from a Zoom conversation and put that in your CRM. The only difference is the medium of communication. And I think that firms that do it that way find that they are able to control the nature of the documentation that they're submitting into their books and records. Alright. A lot more effectively.
Maguerita Cheng (49:17):
And that's exactly what I do when I have a meeting, whether that's Zoom or in person, I put it right in my CRM.
Panelist (49:25):
It is kind of fun that we also use video calls with transcription software as everyone does now, and a standard part of our practice is to go back through the transcript and you know, want to take your notes separately, but then go back through the transcript and just correct it for things like spellings of names. And often the AI will get the small words wrong or the inflection wrong, or they won't be able to tell who's talking, especially if the two people in the room are in the same gender. So you get some very hilarious things that you have.
Scott (49:55):
Yeah, correct.
Panelist (49:56):
Be careful with that.
Audience Member (49:59):
I feel like performance golf course, talking about you might any problems conversation.
Scott (50:15):
Right? Yeah. So yeah, a couple of things. I think if an advisor verbally quotes performance to a buddy while on the golf course, the reality is that's not going to become a regulatory issue unless the client complains, right? Because subsequently, at some point there would need to be a performance report that's provided to the client and that information should line up. Right now if the golf buddy says, wait a minute, you told me we did 12%, this performance report says negative 2% or what have you, right? Then it's the golf. But at that point, the proper course of action would be for the golf buddy to log a complaint with the firm, or if it's just a close friend, maybe he just forgives them and lets it go. And either way, the risk is going to be the same for the firm. Whether or not performance is quoted on a golf course or at a dinner or anywhere, the inability to match up in documentation with anything that's been said verbally, okay, can be seen as materially misleading by the regulators. And if in fact that situation were to occur, okay, the burden of proof would be on the advisor to prove that they did not say that on the golf course, which would be very difficult to do. Regulators are usually going to side with the client in any, he said, she said circumstances. And so it's wise for the advisor not to do that because it's going to be a lot more difficult for the advisor to prove that they did not do that than it is for the client to be granted the benefit of the doubt.
(51:53)
And that's the double-edged sword. So especially with the group coaching, which we have, a lot of firms are starting to do some group coaching and we talk about whether or not they want to record the sessions and what the protocols would be for that. And we've actually discussed having all of their participants actually sign acknowledgement. It's a group session signing acknowledgements that, hey, this is a group session. If you share something that is outside of our firm's privacy policy, what can we do about it if you haul off and do that? But at the end of the day, right, there is as much of a case for and against recording in that scenario. If the advisor's in the right, then it'd be nice to have the recording. If the advisor's in the wrong, it's very damning, right? So the question again, and it goes back to what we were talking about earlier with the advisor education piece. If the advisor knows how to conduct themselves in a way that's consistent with the firm policies and procedures, you can do a lot more, right, because you can feel confident that those bases are being covered.
Panelist (52:55):
That's a good wrap up. We're the only thing that stands between you and the wine. So we're going to call it here and come find us in the cocktail hour if you have any more questions. But thank you very much.
Scott (53:06):
Thank you.
Track 3: 5 Keys to success for compliant communications
June 23, 2023 2:31 PM
53:14