I read about a new red flag in the Securities and Exchange Commission’s exam process for investment advisers. Examiners are looking for Chief Compliance Officers with web-based email addresses. So, if your CCO uses a gmail, or yahoo.com email address on your Form ADV filing, the SEC will treat that as a red flag.
This comes from a story in IA Watch. According to the story, a senior person in the SEC’s Office of Compliance Inspections and Examinations mentioned the email address as part of the red flags for cybersecurity sweeps.
I would guess the alternate address for a contact on the Form ADV is subject to this same red flag.
Personally, I’m not sure I completely understand why this is a red flag. Some of the web-based email are just as secure as firm-run email server. For smaller shops, it may be even more secure. I feel certain that Gmail has better tech than a small IA shop.
I can see the web-based email as indicator of an outsourced CCO. Of course, the Form ADV now requires a firm to flag that it has an outsourced CCO. Perhaps it’s a red flag to see web-based email and not state that the firm has outsourced CCO. I can also see searches of “compliance” in the email address as another way to potentially find firms that did not state their CCO role was outsourced.
Sources:
- OCIE to launch another cybersecurity sweep exam within a year in IA Watch (subscription required)
The problem is the fact that Google terms for consumer @gmail puts information at risk – its reading your email to serve ads – as compared to using Google for business where @advisordomain is used and you are likely correct about it being a good small business option. Also, use of non @advisordomain *could* indicate that a variety of addresses are used to skirt compliance. I don’t trust advisors or my attorney colleagues with free email addresses.
I’m not sold on the Google AdWords as being a problem. I agree that it’s not 100%. But I believe a few bar associations have concluded that it doesn’t break attorney-client confidentiality.
As for the free email address, I was chastised by many small firm and solo lawyers for making the same claim as you. Many were pioneers of the legal use of technology and starting using those email addresses before they were free or widely available.