9037 - NFA COMPLIANCE RULE 2-9: SUPERVISORY PROCEDURES FOR E-MAIL AND THE USE OF WEB SITES
(Board of Directors, August 19, 1999)
NFA Compliance Rule 2-9 requires Members and Associates with supervisory duties to diligently supervise employees and agents in the conduct of their commodity futures activities for or on behalf of the Member. The rule is broadly written to provide Members with flexibility in developing procedures tailored to meet their particular needs. On certain issues, however, NFA has issued Notices to Members to provide more specific guidance on acceptable standards for supervisory procedures. Currently, information technology is changing nearly every aspect of how Members conduct business, including how they communicate with their customers. For example, e-mail and internet-based communications have enabled Members and their employees and agents to communicate with customers more frequently and efficiently. Expanded use of this technology, however, also requires Members to re-examine their methods of supervising their communications with the public.
This Notice addresses the supervisory issues raised by use of e-mail and web sites to conduct futures-related business. Although this Notice does not specifically address every aspect of electronic communication, such as the use of chat rooms to conduct business or after-hours electronic trading activity, this is not intended to suggest that Members have no supervisory obligations regarding these types of activities. Consistent with the approach taken in this Notice, in establishing supervisory procedures for electronic communications, Members may wish to draw from their experience in supervising non-electronic communications.
A Member's duty to supervise the use of futures-related e-mail by its employees and agents is basically the same as its duty to supervise other forms of correspondence. NFA would expect each Member to adopt review procedures that are appropriate in light of its business activities, including the structure, size and nature of its business operations. Like other supervisory procedures, a Member's supervisory procedures with respect to e-mail must:
- be in writing; and
- identify by title or position the person responsible for conducting the review.
In addition, firms may wish to consider whether the following procedures would be appropriate as well:
- specify how and with what frequency e-mails will be reviewed and how that review will be documented; and
- categorize what type of e-mail will be pre-reviewed or post-reviewed.
Each Member is free to adopt the specific procedures that it will use to conduct its review. However, those procedures must take into consideration the nature of the communication, the relative sophistication of the recipient and the training and background of the employees and agents. In some instances, spot-checking or sampling e-mail messages representing routine communications between employees or agents and existing customers may be appropriate and in others it may not. For example, a firm dealing with sophisticated or institutional customers might choose to sample a relatively small but representative amount of the routine electronic correspondence to review. On the other hand, firms dealing with individual, relatively unsophisticated retail customers might consider using a larger sample or even reviewing all the routine e-mail. Similarly, a firm may wish to conduct a comprehensive review of employees' and agents' e-mail if they have a disciplinary history involving problems with customers or came from a firm that has been disciplined for fraud.
Members' procedures should also address whether employees and agents are permitted to use e-mail systems other than the firm's system. If a firm permits them to use other systems for business purposes, whether on their work or home computer, the firm's procedures must treat these off-system e-mails as its own records and must ensure that the firm is capable of adequately reviewing them. Given the supervisory problems which could arise, some firms may choose not to permit their employees and agents to communicate with the public outside of work through an e-mail system that is not linked to the firm's network.
In many instances e-mails may constitute promotional material. E-mail directed to the public soliciting business constitutes advertising and is subject to the same rules as any other form of promotional material. For example, an e-mail message sent to targeted individuals or groups would be considered promotional material if its ultimate purpose was to solicit funds or orders. A Member's e-mail review procedures must be designed to ensure compliance with NFA's promotional material content and review requirements. These requirements, found in NFA Compliance Rule 2-29, provide, among other things, for prior review of this type of e-mail by appropriate supervisory personnel. Additionally, this type of e-mail is subject to the specific recordkeeping requirements of Compliance Rule 2-29.
Members should properly educate and train their employees and agents on the firm's policies regarding e-mail communications - particularly on those communications that are not reviewed by supervisory personnel prior to use. Special attention should be given to those employees and agents with previous compliance or disciplinary problems. Finally, Members must periodically evaluate the effectiveness of their e-mail review procedures and modify them as necessary.
Both Members and their employees and agents can inexpensively and quickly create web sites to attract business. NFA's Compliance Rule 2-29 establishes the standards that web site content must meet. The procedures that Members adopt to supervise the use of web sites must be designed and enforced to ensure that the web sites comply with these standards. These supervisory procedures must:
- be written;
- require prior review and approval of the web site by an appropriate supervisor; and
- require documentation of the review.
Because the substantive content of web sites can change frequently, the Member's procedures should address how it will ensure that each substantively new version of a web page will be subject to the review procedures. Members' review procedures should adequately address features unique to electronic communications, e.g., streaming script containing real-time market news, for which neither prior review nor post-review of each bit of information may be possible.
Unless the web site limits access to a particular target audience, through an acknowledgment by the user or other means, the Member's review procedures should take into consideration the fact that the web site, like other forms of mass media advertising, is available to the public at large. If the firm permits its employees and agents to use personal web sites to attract business for the firm, these web sites will constitute firm promotional material. Consequently, the Member's procedures must be adequate to enable it to properly review the employees' and agents' web sites, including all substantive modifications, according to its procedures. Additionally, to ensure compliance with the recordkeeping requirements, the firm's procedures should provide the means to identify the time frame in which particular versions of the web page are in use. Finally, Members must periodically evaluate and modify as necessary their web site review procedures to ensure their effectiveness.
As is the case with other media, the use of agents' web sites to solicit leads may subject a firm to liability if the agents' leads were generated through deceptive materials posted on a web site. If a firm (either non-Member or Member) maintains a web site which contains deceptive information regarding futures or options trading and a Member pays that firm to provide a hyperlink to the Member's web site, the Member may well be held accountable for the content of the other firm's web site.
The fact that a Member creates a hyperlink from its web site to another web site does not, in and of itself, make the Member firm accountable for the content of the other web site. Member firms should bear in mind, though, that their supervisory obligations under Rule 2-9 and Rule 2-29 require them to diligently supervise their employees and agents who are responsible for creating and maintaining the web sites, including hyperlinks to other web sites. Members should consider whether appropriate supervisory procedures include periodic inquiries as to whether their employees and agents are monitoring the general content of the web site to which the Member links. NFA is not suggesting that firms are necessarily responsible for the virtually infinite chain of links from its web site to others. At the same time, Members who seek to circumvent NFA promotional material and supervision rules by using a chain of hyperlinks to a "remote" web site may be held accountable for that "remote" web site's content.