FINRA/SEC Social Networking Compliance

Overview

Today financial firms generally fall in one of two camps when it comes to adopting social networking tools like Facebook, LinkedIn and Twitter. They have either blocked access because of the challenges associated with supervisory and data retention requirements or they’ve opened the doors to these sites and address compliance issues with highly manual processes.

Most are aware that FINRA has convened a social media task force to evaluate their compliance requirements for this new channel. On January 25th FINRA released Regulatory Notice 10-06 which provides additional guidance on the use of blogs and social networking sites. In addition, they are holding a webinar on February 3rd and March 17th to review these policies.

With the release of Notice 10-06 FINRA makes it very clear that all communication via the Internet, including the social networks, is treated the same way as in person or written communication. As a result this electronic communication can be considered correspondence, a public appearance, an advertisement or sales literature.

Remember, according to FINRA:

• Publicly available web sites (ex: Twitter) are considered advertisements
• An email or instant message sent to 25 or more prospective customers is considered sales literature
• An email or instant message is considered correspondence if it is sent to a single customer, an unlimited number of existing retail customers and/or less than 25 prospective retail customers (firm-wide) within a 30-day period
• Password-protected web sites (ex: Facebook or LinkedIn) are considered sales literature
• Chat room discussions (ex: Facebook discussions, LinkedIn Q&A) are considered public appearances

Below is a summary of the key FINRA rules that you should be aware of before participating with social networks. In addition, we’ve shared specific social network considerations and recommendations on how to participate with these networks in a compliant fashion.

1. Approval and Recordkeeping (Rule 2210(b))

“The content provisions of FINRA’s communications rules apply to interactive electronic communications that the firm or its personnel send through a social media site. While prior principal approval is not required under Rule 2210 for interactive electronic forums, firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.13” *

Social Network Considerations

• Until the release of 10-06 it was assumed that a status update, tweet or post to a discussion board can easily be viewed by 25 or more customers and is therefore sales literature and requires pre-approval .
• While pre-approval is not required under FINRA’s guidelines they do encourage firms to employ “risk-based principles” to determine the appropriate amount of review.
• Should a firm decide to require manual prior approval this will quickly create a compliance review bottleneck.
• Post-use review is another option which requires the ability to do sampling and /or real-time lexicon-based searches

Compliance Recommendation
Depending on the policy your firm defines, adopt a solution that automatically routes social media messages to a registered principal to accelerate the review process while providing a complete audit trail. Or adopt a solution that provides automatic data retention for post-review as well as the ability to scan posts in real-time based on a lexicon of phrases or constructs.

2. Supervision (Rule 3010)

“Each member shall develop written procedures that are appropriate to its business, size, structure, and customers for the review of incoming and outgoing written (i.e., non-electronic) and electronic correspondence with the public relating to its investment banking or securities business.” *

Social Network Considerations

• Social networks offer multiple ways to communicate with customers from status update, discussion boards, email and/or chat – all are considered electronic communications.
• Policies should account for the unique communication channels available on each social networking site made available.

Compliance Recommendation
Adopt a solution that enables firms to configure their supervisory rules of social network communication based on the FINRA guidelines as well as their own unique procedures and policies appropriate for their business.

3. Books and Records (Rule 3110)

“Advertisements and sales literature must be maintained as part of the firm's records for three years from the date of last use. Correspondence must also be maintained in compliance with applicable FINRA rules and with SEC Rules 17a-3 and 17a-4. An RR's email or instant messaging to the public relating to the firm's business whether generated from the office, home or elsewhere, is subject to these provisions. RRs should know and comply with their firm's policies in this area.” *

Social Network Considerations

• Social networking activity (status updates, tweets, etc) fall under the guidelines of an advertisement and/or sales literature.
• Sending an email using the social networks (Facebook Mail, LinkedIn Mail) or an instant message (Facebook Chat) can also be considered correspondence.
• Social networks can be updated at any time from any location. Firms must educate and provide the tools to capture and retain the content that falls under the advertisement, sales literature or correspondence guidelines.

Compliance Recommendation
Adopt a solution that enables firms to capture and retain all social networking activity, with the associated metadata about the content and archive this content in a structured fashion to enable easy discovery. Additionally firms may choose to block access to certain areas of these social networks to eliminate the need to capture and retain that information.

4. Recommendations / Testimonials (Rule 206(4))

“It shall constitute a fraudulent, deceptive, or manipulative act, practice, or course of business within the meaning of section 206(4) of the Act for any investment adviser registered or required to be registered under section 203 of the Act, directly or indirectly, to publish, circulate, or distribute any advertisement: (1) Which refers, directly or indirectly, to any testimonial of any kind concerning the investment adviser or concerning any advice, analysis, report or other service rendered by such investment adviser” *

Social Network Considerations

• LinkedIn provides a simple mechanism to capture and display recommendations. A recommendation displayed from a client would trigger this rule.
• Recommendations from non-clients may fall out of the SEC guidelines, however given the amount of information that can be discovered through the associated profiles, it's possible it could be perceived as a violation.

Compliance Recommendation
Adopt a solution that enables firms to selectively disable the ability to accept or request LinkedIn recommendations based on their role in their financial organization.

5. Third-Party Posts (Rule 2210 / Notice 10-06)

“As a general matter, FINRA does not treat posts by customers or other third parties as the firm’s communication with the public subject to Rule 2210. Thus, the prior principal approval, content and filing requirements of Rule 2210 do not apply to these posts. Under certain circumstances, however, third-party posts may become attributable to the firm. Whether third-party content is attributable to a firm depends on whether the firm has (1) involved itself in the preparation of the content or (2) explicitly or implicitly endorsed or approved the content.” *

Social Network Considerations

• Republishing a comment from a third-party, such as Retweeting, will likely be considered an endorsement by the firm.
• “Favoriting” a post on Twitter or “Liking” a comment on Facebook can also be seen as an endorsement by the firm.

Compliance Recommendation
Adopt a solution that enables firms to disable the ability to Favorite or Like a Tweet or comment. Retweeting is more complicated as a representative might be retweeting a perfectly acceptable message. Depending on your risk profile you may also want to adopt a solution that provides pre-post moderation for any retweeted messages.

If you are interested in getting started with the social networks we would encourage you to try out Risk Manager for free to protect you and your firm from regulatory fines and issues.

*FINRA’s Guide to the Internet for Registered Representatives, SEC’s Rules Under the Investment Advisers Act of 1940, FINRA Regulatory Notice 10-06