A New York state law that takes effect next year will make it more difficult for registered investment advisers (RIAs) in the state to conduct proactive testing for violations of their firms’ off-channel communication policies.
The law, A836, signed by Gov. Kathy Hochul on Sept. 14, prohibits an employer “from requesting or requiring that an employee or applicant disclose any username, password, or other means for accessing a personal account through specified electronic communications devices.” The law takes effect 180 days after passage, in March.
The law contains a carve-out for entities that are required to monitor or retain employee communications “under federal law or by a self-regulatory organization,” and there lies the rub for RIAs. While all communications by broker-dealers are required to be monitored and retained by federal securities law, only communications that specifically deal with investment advice are required to be monitored and retained by RIAs.
The law also contains an exception that allows for an employer to request access to an employee’s personal phone if the employer is investigating potential misconduct.
In the aftermath of the off-channel communications enforcement sweep by the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission that has resulted in fines of more than $2.5 billion on about 40 firms since December 2021, compliance teams at registered entities have taken proactive measures to monitor compliance with their firm’s off-channel communications policies.
One of those measures is to spot-check employees’ personal phones for evidence of potential use of off-channel communications to conduct company business in violation of firm policies. For broker-dealers, the off-channel use would also violate federal securities law for all communications; for RIAs, the recordkeeping requirements are narrower.
“This law is going to conflict with RIA’s best practices. This type of testing is consistent with the investigatory practices of the SEC, but it would be against this New York law as of next March.”
Suzan Rose, Senior Advisor for the Alternative Investment Management Association
Suzan Rose, senior advisor for the Alternative Investment Management Association and a longtime former chief compliance officer, said the law could prevent compliance officers at New York-based RIAs from conducting the type of proactive compliance testing for off-channel communications violations that the SEC is likely to expect going forward.
“This law is going to conflict with RIA’s best practices,” she said. “This type of testing is consistent with the investigatory practices of the SEC, but it would be against this New York law as of next March.”
New York State Assemblyman Jeffrey Dinowitz, the lead sponsor of the bill, said the intent of the law is to prevent employers from conducting searches of their employees’ personal devices without cause.
“I’m very optimistic this law will be very good for employees,” he said. “It will protect a lot of people.”
Asked whether the issue of the law’s effect on the compliance efforts of RIAs came up when the bill was being drafted and debated, Dinowitz said no.
“I don’t recall them reaching out,” he said.
“Really, the time to discuss that was before the law was passed,” he said. “The time to do your homework is before you hand it in. It’s been signed, it’s done.”