Archive for March, 2011
Just five years ago, stringing the words in this blog title would’ve been complete nonsense. Fast forward to 2011, and they now make perfect sense. Hopping on the social media bandwagon, investors are now turning to new communications channels like Facebook, Twitter, and blogs to get the latest tips on hot stocks, rumored IPOs, and corporate scandals.
A March 2011 study by CMC Markets, Share Trader Insights Survey, hammers home the point: social media is being increasingly used by investors to gather trading information, especially among those of us under the age of 45. The study found that the under-45 demographic had the highest percentage of individuals using social sites like Facebook and Twitter to enhance their investment knowledge. The 25-34 segment was particularly notable, too. A whopping 59% of those under the age of 35 use Twitter to acquire trading information. Interestingly, investors over the age of 45 were more likely to use their iPhone to gather trading information.
In terms of which social media sites were deemed to be most useful, trading websites took the top spot with 57% of investors using this form. Beyond trading websites though, there was no clear social media site that investors preferred. Blogs, webinars, Facebook, Twitter, iPhone apps, and even YouTube were all cited by investors as being sources of trading information.
I won’t bore you with any more gory statistics, but the inside scoop is that social media seriously is a viable source of information for investors. However (deep breath), care must be taken to analyze all this mountain of data objectively (you don’t say…). It’s easy to post information on any of these sites and even easier for it to spread virally. Just think what could happen if someone started a false rumor on a company with the aim of sending the stock price soaring. If written persuasively enough and if that rumor appears on several social media sites, the rumor begins to take on a life of its own. The phrase “buyer beware” becomes that much more important, with due diligence, background checking, and due care assuming more prominent roles.
Along these lines, companies themselves have to be careful of what’s being posted about them in these social media fora. That’s why we’re starting to see organizations turn to technology to help them address this flood of social media content. Protection of the corporate brand and confidential information is top-of-mind for many firms. Add to that the constant threat of malware and viruses piggybacking on tweets and Facebook posts, and it’s easy to see why solutions have begun to sprout up to manage this social media content and ensure that it’s safely used within the organization.
Actiance Unified Security Gateway (USG) is the only secure Web gateway focused on these Web 2.0 and social media applications, on top of the usual security protections (anti-virus, anti-malware, and URL filtering). From allowing and blocking access to over 4,700 Web 2.0 applications to granular content and access controls for Facebook, LinkedIn, and Twitter, USG is the platform for making sure that social media doesn’t commandeer your corporate network and throttle your reputation.
It’s the enabler that lets you use social media productively and safely. Just don’t count on it to tell you whether to buy or sell the 1,500 shares of MSFT you’re sitting on.
In the last couple of weeks we’ve been informed that our products have been shortlisted for not just one, not two, not three, but four leading industry awards (yes really!) – two of them related to Financial Services and two awards covering everyone’s darling, Social Media. This got me thinking about how modern communication tools such as UC, Social Media and Web 2.0 have completely infiltrated our working lives and the breadth and depth of platform required to enable their secure use.
In an average day I use nearly a dozen different mediums to communicate with colleagues, partners and customers including Microsoft OCS, IBM Lotus Sametime, Skype, Twitter, LinkedIn, Facebook, Quora, Blackberry Messenger and Cisco Webex. I use my iPhone, my Blackberry, my iPad, my laptop. In the past month, I’ve connected and communicated at 37,000 feet, on a cruise ship off the coast of Cuba, Costa Rica and (shame on me), even in the office. Face it, if there’s a way of connecting with the internet…I guess I’ll find it. Equally, if I worked directly in a Financial Services organization – like many of our customers – then I would probably also be adding something like Thomson Reuters Messenger or Bloomberg to the list.
You might be wondering how on earth do I find the time to work – but that’s the point, virtually everything I do on these networks helps me to do my job. But it’s also interesting that what I use has changed too. Twelve months ago I wasn’t using Facebook for chat much and I didn’t have an account on Quora, I’d certainly not Skyped at 37,000 feet, nor had I SMS’d while traversing the Panama Canal.
The other weekend I co-hosted a conference workshop for compliance officers in Utilities organizations on how to develop a social media policy. After protracted discussions about how the organizations attending use social media and considering some of the pitfalls – including my question du jour “how do you comply with retention of records on your twitter account?” that always gets the room buzzing – the group split up into teams to draft a social media policy that would work for them.
It’s almost a guarantee that somewhere in the policy specific networks, normally Facebook, will be mentioned. But in just the same way you can’t spare the time to rewrite your policy every time a new social network becomes popular, neither can you afford to update your IT controls either. Not to mention the fact that there are thousands of social networks available that may not be popular, but still have a considerable amount of users that might just be your employees. So looking at the bigger picture isn’t just important, it’s imperative.
Being able to secure, manage and meet compliance duties requires a platform that offers breadth and flexibility in adapting to the changing world we work in. I can’t claim to know what tomorrow’s hot favorite communications tool may be, but I work with a team of people who do know how to spot them and who also know how to manage them . Our Actiance Security Labs live and breathe social networks and Web 2.0 applications and track, monitor and provide management capabilities on a daily, if not hourly basis.
I’m probably not going to meet fellow brit Colin Firth (rats) over the next three weeks and my acceptance speech, should we win (again), certainly won’t be as polished as his, but I will be attending the Oscar equivalent in the IT security world, SC Magazine’s award ceremony. If you’re there, come over and say hi – I promise not to try out my question du jour.
SC Awards – Best security Solution in Financial Services – Vantage
Network Computing – New Product of the Year – Socialite
We all know there’s a glut of information out there, what with all the social media sites, instant messaging (IM) networks, and unified communications platforms (think Microsoft OCS and IBM Sametime) being used to facilitate communications, so it should come as no surprise that making sense out of that mountain of data is no small feat.
This is the quandary many organizations face today. They’re capturing all this data but are having a difficult time organizing it into actionable data (e.g., analyzing customer buying trends, market opportunities, etc.). Many technology solutions today can capture social media content like Facebook Wall posts, LinkedIn status updates, and tweets, but nearly all of them capture only the individual post or tweet itself. When exported out to an archiving platform, such as the popular Symantec Enterprise Vault, there’s nothing but headaches for eDiscovery and legal folks, trying to piece together related tweets and Facebook posts scattered throughout an archive.
What really separates the “men” from the “boys” is not only being able to capture the data in context, but also display that context in full when retrieving content for eDiscovery, regulatory, or legal purposes. Capturing data in context means not just capturing a single “missive,” but capturing the entire stream of messages posted throughout the day in a single, simple, easy–to-read transcript. This simplifies reviewing by leaps and bounds. It also makes for a more fluid eDiscovery process as legal teams, both in-house and law firms, can more easily find the information they’re looking for and, in turn, more quickly determine if a piece of data is relevant or not. At the end of the day, man-hours and legal costs are driven down dramatically, and employee productivity is maximized.
Socialite from Actiance is one such platform that can capture data in context. Capturing content posted to sites like Facebook, LinkedIn, and Twitter and then being able to present it in transcript format makes it not only much easier for end users to find what they need and determine its relevance, but also shows the original message in its true format. You can liken it to the ol’ “quality vs. quantity” debate: what good is archiving a million different Facebook posts if you can’t make sense of it?
As the Web 2.0 and social media train screams along at breakneck speed, the chaos that data can become will only get worse and the need for that “calming” influence becomes more pronounced. Socialite brings order to that chaos.
Just the other day, I saw that my colleague posted his unofficial feature request to Facebook: Add as foe. In the binary world of Facebook, where everyone is either a friend or not or likes what you wrote or not, having this additional dimension to express your complex love-hate relationship seems to be a natural next step. Who knows? This may be the next big idea for a new wave of social networking sites.
I don’t know how realistic it will be to expect a love-hate social dimension to be implemented in Facebook. But, what is clear to me is the power of semantics. When we talk about a new social networking feature, it’s very important to name it right to give it the right meaning.
At the software binary level, a feature does not have any semantics. A software program expects a domain of input, processes the input, and returns a certain range of output. It behaves exactly as the programmer codes it and does not carry any social semantics.
But to users, every feature has its semantics. For example, at the software level, friending somebody on Facebook is nothing but a subscription and access request action. Once you become a friend of someone, it means the new friend’s status update will be shown on your Facebook home page, and you’ll have access to that friend’s personal data.
If you change this “friend” feature to, let’s say, “foe,” then our familiar Facebook “friend” relationship will take on a completely different meaning. People will no longer want to send a subscription request to someone they love because its semantics is deeming the person as an enemy.
Changing the “friend” feature to “foe” is an extreme example, but there are examples that we see today on Facebook and Twitter that underscore this point.
1. Facebook Share
Facebook used to offer a “share” option for each posted article. Functionally, “share” reposts the article by creating one’s own status update. When you “share” an article, this means you want to pass the article along to your friends.
2. Twitter Favorite
Twitter has been providing the “Favorite” feature for a long time. When you mark a tweet “favorite,” it essentially makes a bookmark of the tweet so that you can easily come back to it. It’s essentially a bookmarking capability.
Because it’s been tagged as a “favorite,” however, it has semantics of personal endorsement. This means even if you see a tweet that you want to bookmark and come back to, people are discouraged from using this bookmark because it’s called a “favorite.” A tweet that you want to come back to may not necessarily be one of your favorite tweets.
3. Twitter - What Are You Doing? What’s happening versus Facebook? What’s on your mind?
When Twitter first started about five years ago, it started out as a simple microblogging tool that enabled easy SMS message updates with a limit of 140 characters. It used to ask “what are you doing?” to solicit status updates from users.
Since its initial launch, Twitter users started using it for many other interesting purposes, such as one-line advertisements, sharing headlines to articles, organizing civilian uprisings, or spawning new breeds of Internet stars. Once these interesting, new use cases were popularized, Twitter took action.
Now, Twitter is trying to become a breaking news channel service, and they are now asking “what’s happening?” because they are interested in events happening around you.
These are subtle yet powerful examples of how language matters a lot when it comes to social media product features. Do you see examples of incorrectly named features in social networking sites today? I would love to hear your examples and views. Please chime in!
March 22, 2011
Amy C. Sochard
Director, Programs & Investigations
9509 Key West Avenue
Rockville, MD 20850
Dear Ms. Sochard:
In light of the recent revisit of FINRA’s social media guidelines, Actiance, Inc., is submitting this letter for the task force’s consideration. We feel that the task force would benefit from having input from a range of sources, including from industry, technology, and others. As such, Actiance speaks from a position of experience and expertise with respect to compliance solutions for the financial services industry.
As the adoption of social media spreads further across the financial services landscape, both industry and technology vendors alike have had more time to digest the implications of social media and what more can be done. It has been over a year since the issuance of Regulatory Notice 10-06, so the level of understanding is unequivocally deeper now than at any time in the past.
Under this backdrop, Actiance would like to offer the following commentary with respect to Notice 10-06:
1. Recordkeeping Responsibilities
SEC and FINRA rules require that for record retention purposes, the content of the communication is determinative.
What 10-06 makes clear is that social media is just another form of “electronic communication.” In addition to social media, there are also public instant messaging networks (e.g., Google Talk, Yahoo!, Windows Live Messenger, AOL Instant Messenger), peer-to-peer networks (e.g. Skype), and enterprise communication platforms such as Microsoft Lync/OCS and IBM Lotus Sametime that fall under the “electronic communications” umbrella. Thus, being able to log and archive a multiplicity of electronic communications channels in one seamless platform facilitates the recordkeeping responsibilities greatly for organizations subject to FINRA guidelines.
A broker-dealer must retain those electronic communications that relate to its “business as such.”
Archiving in context adds a level of detail and comprehensiveness that assists regulators and auditors in determining whether in fact any violation occurred. It’s easy today to take conversations out of context, say, if you’ve only “joined” in the conversation in the middle or at the last minute. Being able to capture all conversations in context, from beginning to end, helps auditors understand the exact nature of a communication taking place between an advisor and a prospect/client.
It’s up to each firm to determine whether any particular technology, system or program provides the retention and retrieval functions necessary to comply with the books and records rules.
Although FINRA does not endorse any one particular technology vendor, it is important for broker-dealer firms to keep in mind that, given the vast number of options available in the marketplace today, choosing a technology partner that has the flexibility to integrate with as many content management and archiving systems as possible is critical. Given the prevalence of litigation in today’ society, this flexibility becomes even more vital since eDiscovery solutions are closely tied to archiving systems. Both law firms and businesses rely on eDiscovery to streamline their litigation processes and reduce cost.
2. Suitability Responsibilities
Firms might consider prohibiting communications that recommend a specific investment product unless the communication conforms to a pre-approved template and the specific recommendation has been approved by a registered principal.
Because so many broker-dealer firms have their representatives scattered all over the country, it simplifies the pre-approval process greatly to have mechanisms in place to expedite matters. This includes having a lexicon library that a firm can utilize for whatever technology solution they choose to deploy. In this way, already swamped compliance officers need only look at content that hits a word or phrase that is part of the lexicon library. Technology vendors are already aware of this trend and are beginning to provide pre-defined and pre-screened templates that are in compliance with FINRA regulations. In this way, registered representatives can get advertising materials out more quickly to prospects and clients.
Equally important is the ability of compliance systems to adapt to ever-changing social media feature sets. To date, LinkedIn profiles have generally been considered prime examples of static content. As functionality evolves, however, LinkedIn profiles may in the future include additional features like recommendations and blogs. The key here is that these new features need to be blocked until they have been incorporated into the pre-approval workflow.
3. Types of Interactive Electronic Forums
Social networking sites typically contain both static and interactive content.
Regarding static content, having the ability to assess content before it hits the Internet would make compliance officers sleep better at night. If registered principals are worried about the publication of static content without pre-approval, then the broker-dealer should consider adopting solutions or measures that enable them to hold content for pre-review.
Even for sites that have both static and interactive content, it does not hurt to be overly cautious with respect to pre-review, especially if lexicons can be utilized. Either way, whether it’s static or interactive content, archiving all content related to the business is required.
4. Supervision of Social Media Sites
Firms must adopt policies and procedures reasonably designed to ensure that their associated persons who participate in social media sites for business purposes are appropriately supervised, have the necessary training….
We’ve found that companies that have crafted a social media policy and disseminated it to the whole organization are better off than those which have not. Having a social media policy in place shows that a company has thought seriously about the issue, done some research, and introduced some processes to address it.
Firms that have demonstrated an understanding of the power of social media and how to leverage it are the ones that have created a social media policy already. Some types of issues typically covered in a policy include, but is not limited to, the acceptable/inappropriate uses of social media, access rights, and ramifications for breach.
As firms develop their policies, they should consider prohibiting or placing restrictions on any associated person who has presented compliance risks in the past…
Since not all representatives are created equal, it may be necessary for firms to apply different policies to different people. For instance, a firm might give Human Resources only read-only access to LinkedIn but give unfettered access to Marketing individuals. Or, drilling down even further, limiting LinkedIn access to just a portion of the Marketing team is another option, if the firm is worried about the behavior of specific individuals. Technology solutions today usually enable firms to set policies at the firm, group, or individual level.
Each firm must monitor the extent to which associated persons are complying with the firm’s policies and procedures governing the use of these sites.
Although monitoring is necessary, being able to bundle monitoring with logging and archiving adds a further level of confidence for compliance officers. To really gauge a firm’s progress on the compliance front, firms should log and archive all representatives’ activities on these social media sites. Which sites are they accessing? How long are they on there for? What are they doing exactly? Only until a firm is able to gather and analyze this data will it begin to feel more at ease with respect to compliance.
In addition, the rapid adoption of mobile and smartphone devices such as iPhones and iPads requires more vigilant and intensive monitoring of social media sites as well as robust alerting capabilities. Employees accessing social media sites and editing content during non-business hours are becoming the norm rather than the exception. A compliance solution should be able to address this type of user behavior as part of its monitoring feature set.
5. Third-Party Posts
FINRA does not consider a third-party post to be a firm communication with the public unless the firm or its personnel either is entangled with the preparation of the third-party post or has adopted its content.
Facebook “Like” and LinkedIn “Recommendations” are two popular features that fall squarely within the scope of the entanglement theory. “Liking” a comment or recommending a friend could be construed as an endorsement, which would require pre-approval by a supervisor. Hence, it is critical for broker-dealers to have the proper monitoring mechanisms in place to ensure that intentional or inadvertent endorsements do not occur.
The above comments are our thoughts on technology’s role in addressing 10-06’s requirements. Should the task force have any additional concerns or questions, Actiance is available to assist FINRA without reservation.
President and CEO
You are currently browsing the archives for March, 2011
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- June 2010
- May 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- July 2009
- June 2009
- April 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- Application Filtering
- Electronically Stored Information (ESI)
- Employee Behavior
- Enterprise 2.0
- Enterprise IM
- Financial Services
- Guest Post
- New Internet
- personal v professional
- Product Announcements
- Public IM
- Retail banking
- RSA Conference
- Securities and Exchange Commission
- Social Networking
- Unified Communications
- Web 2.0
- Web Security