SEC Enforcement Actions Related to Electronic Communications Recordkeeping Failures

On January 13, 2025 the U.S. Securities and Exchange Commission (SEC) announced settled Administrative Proceedings against three broker/dealers and nine investment advisers related to electronic communications recordkeeping failures.  The following is a list of the investment advisers subject to the actions, and the monetary penalties agreed to by each of the investment advisers:

• Blackstone Alternative Credit Advisors LP, Blackstone Management Partners L.L.C., Blackstone Real Estate Advisors L.P. (combined $12 million);
• Kohlberg Kravis Roberts & Co., L.P. ($11 million);
• Apollo Capital Management, L.P. ($8.5 million);
• Carlyle Investment Management L.L.C., Carlyle Global Credit Investment Management L.L.C., AlpInvest Partners B.V. (combined $8.5 million); and
• TPG Capital Advisors, LLC ($8.5 million).

Rule 204-2 of the Investment Advisers Act of 1940 (the “Advisers Act”) requires investment advisers to maintain certain books and records.  Pursuant to Rule 204-2(a)(7) investment advisers are required to maintain, for at least five years, originals of all written communications received and copies of written communications sent relating to:

• Any recommendation made or proposed to be made, and any advice given or proposed to be given;
• Any receipt, disbursement or delivery of funds or securities;
• The placing or execution of any order to purchase or sell any security; or
• Predecessor performance and the performance or rate of return of any or all managed accounts, portfolios or securities recommendations.

In each of the Administrative Proceedings, personnel of the investments advisers were found to have engaged in electronic communications on unapproved platforms that were not subject to the investment advisers’ retention systems.  Therefore, the investment advisers were determined to have willfully violated the requirements of Rule 204-2(a)(7).

Throughout each of the published SEC Orders, the policies and procedures of the investment advisers are described similarly. Generally, each of the investment advisers were determined to have:

• Adopted compliance policies and procedures designed to ensure the retention of business-related records, including electronic communications;
• Provided repeated training and advice to personnel that the use of unapproved electronic communication methods was not approved and that personnel should not use unapproved personal email, chats or text messaging for business purposes; and
• Messages sent through firm-approved communication methods were monitored, subject to review, and archived.

Even with the above described policies and procedures, personnel of the investment advisers engaged in business communications through unapproved electronic communications platforms. These communications encompassed records required to be maintained pursuant to Rule 204-2(a)(7). In light of the extent of this conduct, the investment advisers were determined to have failed to implement a system reasonably expected to determine whether personnel were following the firm’s policies and procedures regarding electronic communications.   Additionally, in the Blackstone, Carlyle, Kohlberg and TPG Orders, the SEC provided that the investment advisers “failed to implement sufficient monitoring to ensure that its recordkeeping and communications policies were being followed.”  What would have constituted sufficient monitoring is not addressed by the SEC in the Orders.

As part of the settlements, the investment advisers agreed to engage in internal audits.  The internal audits generally consist of the following:

• A comprehensive review of supervisory, compliance and other policies and procedures designed to ensure that electronic communications, including those found on personal electronic devices, are preserved in accordance with the Advisers Act.  The review should include, but not be limited to, a review of policies and procedures to ascertain if they provide for any significant technology and/or behavioral restrictions that help prevent the risk of the use of unapproved communications methods on personal devices in work conditions (e.g. traveling, site visits).
• A comprehensive review of training designed to ensure personnel are complying with the requirements regarding the preservation of electronic communications, including those found on personal devices.  In addition, a review of the requirement that personnel certify in writing, on a periodic basis, that they are complying with preservation requirements.
• An assessment of the surveillance program measures implemented that are designed to ensure compliance, on an ongoing basis, with the requirements to preserve electronic communications, including those found on personal devices.
• An assessment of technological solutions that have been implemented to meet the record retention requirements, including an assessment of the likelihood that personnel will use the technological solutions going forward, and a review of the measures employed to track personal usage of new technological solutions.
• A comprehensive review of the framework adopted to address instances of non-compliance by personnel with the policies and procedures concerning the use of personal devices to engage in business communications. This review shall include a survey of how the investment adviser determined which personnel failed to comply with policies and procedures, the corrective action carried out, an evaluation of who violated the policies and procedures and why, what penalties were imposed and whether the penalties were handed out consistently across business lines and seniority levels.

Here is the link to the Enforcement Actions:  https://www.sec.gov/newsroom/press-releases/2025-6