Posted on

SEC alert regarding ESG-related reviews

The Securities and Exchange Commission’s published a Risk Alert last week regarding its review of ESG investing – https://www.sec.gov/files/esg-risk-alert.pdf
They explain how their staff will “evaluate whether they are accurately disclosing their ESG investing approaches and have adopted and implemented policies, procedures, and practices that accord with their ESG-related disclosures.” They will focus on Portfolio Management, Performance Advertising and Marketing as well as Compliance Programs.
MessageWatcher can help with our ability to archive and flag content for websites, social media, email and more. MessageWatcher’s archive then makes it easy to search your client presentations, responses to due diligence questions, proposals, client documents and marketing materials. Plus, your archived emails will provide evidence of policies & procedures and their implementation.
Let us know if we can help your organization – sales@messagewatcher.com.

Posted on

Chief Compliance Officers – in the news for the wrong reasons

Some Chief Compliance Officers in the news over the past few weeks – for the wrong reasons. One is leaving (Credit Suisse) and one is staying (home under house arrest).  Both quotes below are from Aaron Nicodemus articles in Compliance Week.

“Credit Suisse’s chief risk and compliance officer has stepped down from her role and left the company following the bank’s loss of an estimated $4.7 billion due to the meltdown of hedge fund Archegos Capital Management… Brian Chin, CEO of the Investment Bank and Lara Warner, Chief Risk and Compliance Officer will step down from their roles.”  https://www.complianceweek.com/grapevine/credit-suisse-compliance-chief-steps-down-in-archegos-collapse-aftermath/30229.article
“A former Securities and Exchange Commission (SEC) examiner who used insider information about an ongoing fraud investigation to obtain the chief compliance officer job with a private equity firm has been sentenced to nine months of home confinement.”
https://www.complianceweek.com/regulatory-enforcement/ex-gpb-capital-cco-avoids-prison-in-sec-theft-case/30193.article

Posted on

Facebook Data Breach

It makes sense to check if your Facebook data was exposed.  This site seems like a good place for that according to various news sites – https://haveibeenpwned.com/

This article from Forbes mentions that some users’ dates of birth were exposed by the Facebook breach.  “As well as phone numbers and email addresses, the data exposed in the Facebook breach includes dates of birth, relationship statuses and locations.” – https://www.forbes.com/sites/kateoflahertyuk/2021/04/06/facebook-data-breach-heres-what-to-do-now/

A little more information can be found in this Wired article “What Really Caused Facebook’s 500M-User Data Leak?” including this about the data not coming from the 2018 Facebook data breach “the recently public trove of 533 million records is an entirely different data set that attackers created by abusing a flaw in a Facebook address book contacts import feature.” – https://www.wired.com/story/facebook-data-leak-500-million-users-phone-numbers/

Posted on

Drop in calls to company ethics hotlines last year.

This article mentions decreased calls to corporate ethics hotlines –
https://www.wsj.com/articles/reports-on-corporate-ethics-hotlines-fell-in-2020-11617615001
The SEC previously reported record tips to their whistleblower program. So what is going on? Maybe more employees are working remotely so they are not witnessing unethical or policy-violating behavior, or the way companies remind employees about their internal hotlines was focused on physical presence like signs in the break room. The article lays out other possibilities too.

Posted on

Family Offices should expect more regulatory attention after Archegos

Family Offices will most likely see more monitoring after Archegos Capital Management rattled the stock market last week.
Dan Berkovitz, the commissioner on the Commodity Futures Trading Commission, released a statement here about the need for increased regulation of Family Offices. https://www.cftc.gov/PressRoom/SpeechesTestimony/berkovitzstatement040121

Bloomberg had a good article about the Archegos situation at https://www.bloomberg.com/news/articles/2021-03-31/sec-opens-investigation-into-archegos-trades-that-sparked-rout
Including this – “Hwang has been in the SEC’s crosshairs before. In 2012, his former hedge fund, Tiger Asia Management, pleaded guilty and paid more than $60 million in penalties after the SEC and U.S. prosecutors accused it of trading on illegal tips about Chinese banks. Hwang opened Archegos, a family office, following the sanctions, as the SEC kicked him out of the hedge fund industry by banning him from managing money on behalf of clients.”

Posted on

Managing Public Records Requests for Electronic Communications

Public Records Requests, Freedom of Information Act and More

Technology has certainly made communications easier and more mobile than ever across all mediums. This also expands the realm of public records requests from the media, citizens and other organizations.

Reduce ediscovery costs with MessageWatcher

The Technology Opportunity and Challenge

Prior to 2006, the challenge of managing communications and producing records was controlled through email and how digital documents were stored on an organization’s central file server. In the last decade, the combination of cloud-based platforms for business and the proliferation of smartphones and tablets has exacerbated the creation of electronic records – while making the governance of those records a significant headache.

Now public records can include:

  • Email,
  • Documents stored anywhere from a file server to any cloud platform (e.g. Box, Dropbox, Google Drive, One Drive),
  • Social media messaging and posts,
  • Text messaging,
  • Websites and blogs.

This can make satisfying a public records request quite a challenge if you have to navigate numerous systems, accounts and technology mediums to acquire the data necessary.

Determining Archiving Needs for Public Records Requests

The most critical components of archiving in light of potential public records requests are communications between employees and officials and the public (from constituents to other private sector individuals and organizations). By looking at the possible segements of electronic communications – this can help you identify your requirements and build your list of questions for potential providers.

Mediums of Communications for Archiving

Email – email remains the core messaging tool for business of any kind, from government to private sector. The volume remains extremely high due to the solutions put in place for organizations – from Google for Work to Office 365 from Microsoft. Email also generally contains the most data, from longer form messages and conversations to attachments of all kinds (including potentially sensitive information)

Documents – these span all possible types of files created in day to day operations, from letters and memos to reports, spreadsheets, drafts of legal work, schedules, task lists and more. It is essential to standardize on one platform (be it cloud or offline) so as to make certain all files are in a central repository for backup and supervision and retrieval of data for requests.

Social Media – while not a medium for full conversations like email, social channels continue to expand to incorporate engagement that includes questions and answers and other conversations as well as private messaging. It is absolutely now a channel to archive and supervise in conjunction with your email archiving.

Text Messaging – relatively new to public records requests, however, now should be treated just like email. Insure you can capture text messages from your organization-owned mobile devices if employees and officials can send and receive text messages (including pictures).

Websites and Blogs – don’t overlook this area of your communications. The publication of schedules for meetings, articles and commentary from your organization as well as the sharing of documents created are found here. If they pertain to an issue within a public records request, you may need to be able to “go back in time” as to how a website looked on a certain date.

Take this list to your archiver and review how you can capture data in these areas. The convenience of having one central dashboard for retaining, supervising and retrieving electronic communications for public records requests could save days or even weeks of time in the traditional research and assembly for these requests.

Posted on

Avoiding Archiving Fines: Review of Policies & Tech

Avoiding Archiving Fines for Email and More

Archiving and supervision as a process have been in the lexicon of most businesses since at least the late 1990s. However, avoiding archiving fines seems to continue to elude some organizations. Capturing electronic communication – be they for regulatory purposes or just good record keeping – should be in the “DNA” of any organization as good governance.

Of course in many industry segments – financial services, government and healthcare to name a few – it is mandatory. However, for the vast majority of organizations, having a record of what has been “said and done” allows you to manage and defend yourself, your organization and the brand.

Email Archiving WORM Storage and Policy Reporting

Year over year, the fines and penalties continue to mount, even for something as mainstream (now) as email archiving. Even in the last six months we have seen fines both large and small, for failure to supervise email communications as well as for failure to properly design secure storage for retention of email messages.

Consider the addition of social media, blogs as well as text messaging as now largely normal daily activities, and the job of oversight, storage, reporting and exporting data becomes overwhelming. Avoiding archiving fines does not have to overly complicated.

Email, Social Media, Text Messages and More

There are key steps you can take to insure you not only have the right policies and procedures – but that they are evolving with your organization and the technology you use.

Review Consistently and Often

The days of just a cursory annual glance at your handbooks, policies and procedures are long gone. Not only does technology change at a breakneck pace – but so likely is your business and customers. Often this may be more subtle than you might imagine.

For example, the combination of smart phones (iPhone, Android, et al) the mass popularity of Facebook and YouTube have pushed even the most tech averse individuals to heavy daily use of their mobile devices. This has resulted in more than 50% of ALL Internet traffic being mobile. This means a higher proclivity to:

use a mobile device for business and personal apps throughout the work day,
message more informally across email. social media and text channels,
and visit web sites in mobile browser versus returning to laptop or desktop.
Just that simple shift has implications on your policies and procedures for:

general electronic communications use,
accessing the Internet from organization devices and networks,
email and social media policies,
mobile device policies.
Beyond that – are you archiving and managing all of those various communication types?

Building electronic communications policies and procedures into a quarterly review process will help keep you prepared. Likewise, speak with your vendor(s) providing archiving and automated reporting to insure your keyword and phrase policies are accurate and automated. Perhaps most critical, make certain your storage is non-delete and secured – as fines and legal damages can be most painful around inappropriate storage that leads to lost or deleted data.