As investment advisories make their inexorable move to cloud-based communications platforms and applications as part of a larger digital transformation initiative, is it really possible for investment advisories to maintain communications compliance when leveraging cloud technology?
Why investment advisories are embracing cloud communications today
Though the financial services industry, as a whole, has been somewhat slow to embrace cloud technology, the winds of change are gathering strength for investment advisories, driven largely by external forces such as a global pandemic that sidelined in-person interactions and a growing client preference for digital interactions.
That’s a good thing, as cloud technology confers tremendous benefits to investment advisories, including:
- Better client and employee experiences
- Increased operational efficiencies
- Decreased overhead expenses
- Rapid deployment and increased reliability
- Improved business continuity and disaster recovery
- Improved workflows and collaboration
- Improved security and compliance
As a case in point, consider the way in which investment advisors communicate with investors today. According to a 2019 YCharts survey of 650+ investors, investor-preferred communication channels include phone calls, text messages, social media messages, emails, and website content, to name a few.
Research from Spectrem Group indicates that the trend toward more engagement with investors via social media or text messaging grew in 2020 and shows no sign of slowing, with wealthy investors at all age levels using social media or text messaging to communicate with advisors to some extent.
(Source: Spectrem Group)
Commenting on researchers’ findings, Spectrem made this salient observation: “This indicates that financial professionals need to find ways within compliance constraints to interface with clients on these platforms as it is not likely social media will cease to be a key component in the lives of most wealthy investors.”
Security and compliance challenges for investment advisories
Investment advisories must meet stringent requirements in the areas of security, compliance, and governance controls. Advisory firms must ensure the protection of data, identities, devices, and applications, all while abiding by sweeping laws such as GDPR and CCPA.
Beyond this type of constraint, however, investment advisories are also subject to a wide range of compliance requirements and guidelines from regulatory bodies, including the U.S. Securities and Exchange Commission (SEC), the Federal Financial Institutions Examination Council (FFIEC), the Financial Industry Regulatory Authority (FINRA), and the Commodity Futures Trading Commission (CFTC). Add to that a variety of individual laws such as Dodd-Frank and the Sarbanes-Oxley Act of 2002, and the complexity of compliance challenges investment advisories face becomes clear.
In this landscape, it may seem almost counterintuitive to turn to a cloud solution. Many people have the perception that the cloud is inherently less secure than on-premises solutions. However, as is often the case, perception is quite different from the reality.
Why consider cloud communications from a security and compliance standpoint?
Regarding the relative security of cloud vs. on-premises deployments, Gartner notes: “The cloud business model provides huge market incentives for cloud service providers to place a higher priority on security than is typical for end-user organizations. Cloud service providers can afford to hire experienced system and vulnerability managers, and their economies of scale make it practical to provide around-the-clock security monitoring and response.”
Though the ultimate responsibility for compliance and security rests with the investment advisory, working with a reputable cloud provider that is knowledgeable of the regulatory landscape can be a great step toward better compliance.
A well-designed cloud communications platform or app is uniquely suited to the task of maintaining communications compliance. For example, all communications including phone calls, texts, voice messages, video chats, chatbot interactions, and messages sent to social media platforms via a unified communications platform can be recorded, stored securely, and made accessible for audit purposes in the cloud.
A secure, reliable cloud communications solution can ensure that all communications are safeguarded across all endpoints and locations, as well as in transmission. That means that call recordings, call logs, SMS, MMS, audio and web conferencing, and team messaging communications can all be in compliance with SEC and FINRA guidelines.
With a unified communications platform, any required disclosures can be standardized across all communication channels, which also hits the mark for compliance standards.
Finding a cloud communications partner you can trust to ensure compliance
If you are looking for a cloud communications solution for your investment advisory, what factors should you consider regarding compliance issues? Here is a sampling of some of the communications compliance issues your cloud solution should address:
- Investment Advisor Compliance Programs: This SEC rule requires investment advisories to create, maintain, review, and revise formal written compliance policies and procedures. Complying with this requirement is considerably easier when the designated compliance officer in your organization has access to easily auditable records via your cloud communications platform and associated APIs.
- Electronic Messaging: Under the Books and Records Rule (204-2), investment advisors are required to make and keep copies of all written communications regarding recommendations, advice, etc. Look for a cloud communications solution that records, stores, and surveils electronic messages to remain compliant with this regulation.
- Network Storage-Use of Third-Party Security Features: Under Regulation S-P, advisors must adopt written policies that address administration, technical, and physical safeguards for the protection of customer records and information. Under Regulation S-ID, advisors must develop and implement a written identity theft prevention program that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. Under these regulations, advisors must work with their cloud provider to ensure that any network storage solution they are using is configured correctly, that the cloud vendor maintains proper oversight of the storage solution, and that the advisor maintains the appropriate policies and procedures to ensure compliance.
- Privacy and Opt-out Notices: Under Regulation S-P, advisors must provide clear and conspicuous notice to their customers that accurately reflects their privacy policies and practices generally no later than when they establish a customer relationship and annually thereafter and deliver a clear and conspicuous notice to their customers that accurately explains the right to opt out of some disclosures of non-public personal information about the customer to non-affiliated third parties. Cloud communication solutions can facilitate the standardization and automation of all disclosure communications across all channels.
- Multi-Branch Initiative: For investment advisories operating via multiple branch locations, compliance can be more complicated than usual. Every branch must comply with one set of written policies and procedures per the Investment Adviser Compliance Program Rule and must maintain auditable records across the entire multi-branch ecosystem. A common cloud communication solution that spans all branch locations can act as a unifying element, a central source of truth for compliance purposes.
Another way that a cloud communications platform or app may reduce risk, improve security, and result in increased compliance is by integrating with APIs that use advanced technology like AI and machine learning. For example, an open communications platform combined with an AI-powered API that uses multi-factor authentication may enable investment advisories to lessen the incidence of credential stuffing, a growing concern according to a recent OCIE Risk Alert.
Similarly, integration with an AI-enabled API that uses natural language processing for conversational analysis may help the advisor to detect when and how to reach out to clients for more productive engagements.
All these things are possible with the right cloud communications platform. Why not see for yourself what a compliant cloud communications platform can do for your advisory? Request a demo of RingCentral for investment advisors today.
Originally published Apr 22, 2021, updated Dec 30, 2022