Author Archives: Joanna Belbey

Belbey Blogs: 13 Life Lessons From An Extraordinary Woman, Jane Sherburne, Bank of New York Mellon #SIFMA


By Joanna Belbey,   April 4, 2014

callout-sherburneToday’s blog is by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn. (Photo credit: BNY Mellon website.)

One Women’s Guide to Long Term Career Success.

The SIFMA Compliance and Legal Annual Seminar held March 30-April 2 in Orlando, was packed with relevant and timely educational sessions on topics such as Cybersecurity, SEC priorities, employment law, social media and Anti-Money Laundering updates. Look for my blog on these soon….

However, the highpoint of the event for me, was the first annual SIFMA Women’s Luncheon where Jane Sherburne, Senior Executive Vice President General Counsel and Corporate Secretary, Bank of New York Mellon, shared 13 life lessons gleaned from her prestigious career.

Per the BNY Mellon website, prior to her current role, Sherburne was general counsel for Wachovia Corporation and general counsel for Citigroup’s Global Consumer Group, a partner at Wilmer Cutler & Pickering in Washington, D.C. and special counsel to President Bill Clinton before shifting the focus of her practice to financial services. Sherburne received a B.A. and M.A. from the University of Minnesota, and earned her J.D. from Georgetown University (a fellow Hoya, Hoya Saxa!)

Over lunch, Sherburne shared anecdotes of how she navigated a high-profile career while raising three children. Her stories ranged from assumptions that she wouldn’t take a partner-track assignment because she “had too many babies”. Or after making partner, being told that she looked like a “cocktail waitress” while wearing a carefully selected evening dress to a black tie event. And while working for the Clintons at the “all day and all night house”, being scolded by a teacher that “there is nothing wrong with this child that more time with his mother won’t fix”. Ouch! As Mary Joe White of the SEC noted at another session, “You can’t make this stuff up.”

The theme? She took repeated hits and kept moving. Here’s what she learned along the way:

  1. Be your own master. Don’t attach yourself to someone else’s career decisions.
  2. Be attentive to opportunities and be willing to sacrifice to seize them.
  3. View yourself as a problem solver. Learn about the problem and figure out how to solve it.
  4. Cultivate mentor relationships over time. Protect and support your sponsor, whatever it takes.
  5. While managing work-life balance while in high pressure environments, assert personal needs only after you prove yourself and provide alternative plans.
  6. Do not tolerate bullies. Stand up for yourself and you will earn more respect. And in her case, a well-placed expletive, worked wonders.
  7. Ask for what you want. You don’t ask, you don’t get.
  8. Take the long view on your kids’ well-being and develop and rely on communities to help you.
  9. Strongly intelligent people sometimes need tough minded advisors who won’t pull punches.
  10. When in a crisis, find your Zen spot and lead from there. If you are calm, your team will stay calm and management will trust that you will get the crisis under control.
  11. Embrace change and trust that your strength will emerge.
  12. When negotiating employment contracts, get what the men get.
  13. Be lucky who you wind up in the foxhole with.

Touching, authentic, inspiring, Sherburne challenged us to look back at our own life lessons. To figure out how to use them. And most important, to give back.

What are your life lessons?

 

 

 

 

Belbey Blogs: Attending #SIFMA C&L Annual Seminar? Visit Actiance at booth #204.


By Joanna Belbey,   March 28, 2014

sifma app

Today’s post is by Joanna Belbey, Social Media and Compliance Specialist, for Actiance. You may follow Joanna on Twitter @belbey.

After this harsh winter, I am looking forward to heading to Florida bright and early on Sunday morning to staff the Actiance trade show booth (#204) and to attend some of the sessions of the SIFMA Compliance and Legal Society Annual Seminar. I’m actually assigned to set up the Actiance booth, so don’t laugh if you visit us and it’s upside down. There is also something about using a screw driver to set up a monitor that should be interesting….

You can always count on SIFMA for a great educational and networking experience and I’m sure this conference will be no different. If you are going, I recommend that you download the SIFMA C&L app to make it easy to navigate the sessions and makes connections with your peers.

I am particularly looking forward to hearing the keynote speakers such as Mary Jo White, Chair of the US Securities and Exchange Commission, Richard Ketchum, Chairman and Chief Executive Officer of FINRA, and Preet Bharara, United States Attorney Southern District of New York.

On Monday, I plan to attend the session on Commodities, Futures and Energy Issues to hear about the impact on the energy industry from Dodd Frank, CFTC and FERC from both a regulator and practitioner’s perspective (10:20 – 11:35am).  The session on Cyber Security: What You Need to Know also sounds fascinating and includes a discussion of the US & EU cybersecurity regulations, the Safety Act, and Cyber Insurance and the risks of social media (11:55 – 1:10pm). On a personal note, I have a deep interest in cybersecurity and even produced “The Threat of Cybercrime”, a 7 minute short firm. Of course, I wouldn’t miss the Women’s Luncheon (1:20pm – 2:30pm). Always enjoy connecting with the smart women in this industry.

Actiance is hosting a cocktail party right in the hotel at Primo after the main cocktail reception on Monday evening, so I am hoping you can join us.

Tuesday starts with the “Diversity & Inclusion Breakfast. And then after a bit of “booth duty”, I will be sure to attend (and take notes!) the Social Media Emerging Issues, Innovation and Ongoing Challenges session (12:05 – 1:20). Melissa Callison of Charles Schwab moderates a panel of Stephen Bard of Wells Fargo, Alexander Gavis of Fidelity, Brian Rubin of Sutherland Asbill & Brennon, Melissa MacGregor of SIFMA and Thomas Selman of FINRA.

On Wednesday I am looking forward to hearing the sessions on SEC Developments (8:30 – 9:30am) and Employment Law: High Profile Issues.

Then back to New York on a mid-day flight.  Hopefully it won’t be snowing when I get home….

Again, please stop by the Actiance booth #204 to say hello and join us for cocktails after the main reception on Monday night at Primo. And look forward to my upcoming blog about what I learn at SIFMA Compliance and Legal Society Annual Seminar.

Belbey Blogs: Are You Ready to Comply With The Sunshine Laws?


By Joanna Belbey,   March 26, 2014

sunToday’s post is by Joanna Belbey, Social Media and Compliance Specialist, for Actiance. You may follow Joanna on Twitter @belbey.

Just last week, news organizations and watchdog groups across the country celebrated “Sunshine Week”, the annual celebration of the public’s right to know what’s going on with its government.

As a result, this may be perfect time to think about how your organization will respond to an incoming request from the public for your business records.

As you may you know, the federal “Government in the Sunshine Act” was enacted in 1976 as part of a number of Freedom of Information Acts, and was designed to so that the public would have greater visibility into government.

In addition, individual states have also enacted legislation designed to guarantee the public’s access to records of all official business by any agency, regardless of the means of transmission.

These laws are also known as open records laws or public records laws, and are customarily referred to as FOIA laws, after the federal Freedom of Information Act. The purpose of these laws is to make elected and other public officials accountable for the decisions that they make and the tax dollars that they spend.

The state laws are evolving, however, but using the Florida’s Government-in-the-Sunshine Law as an example, public records could include election records, voter registration and voter records, financial records, audits, bids, budgets, economic development records such as convention center bookings, tourism promotions, personal financial records, tax payer records, telephone bills, various investigations, litigation, attorney bills and payments, settlements, criminal cases to name a few.

Importantly, the content, not the modality of communication, is determinative.

That means that records of official business may be interpreted to include any type of electronic communications such as email, texts, public instant messages, unified communications, collaboration tools and social media. So, for example, the placement of materials on a city’s Facebook page or tweets in connection with official business could be deemed as “public records” and would be subject to public records retention schedules and would have to be provided upon request.

Interestingly, anyone may request business records at any time without specifying a reason. And although the state laws typically do not define specific response times, governmental agencies should put recordkeeping processes and associated technology in place to capture, and archive electronic business records, across multiple means of transmissions, so that they are retrievable upon demand within reasonable timeframes.

And what are the consequences of improper recordkeeping? Or of not being able to provide the information in a timely manner?

We have all seen newspaper articles by journalists refused access to this public information, or who have waited long times for these requests to be fulfilled. Activists, average citizens, newspapers and journalists may also file law suits that are expensive and time consuming. In some cases, state agencies may actually be prosecuted for alleged criminal violations.

Is your department or public agency ready to comply with the Sunshine Laws in your state?

Belbey Blogs: How Do Regulated Firms Roll Out Social Media?


By Joanna Belbey,   March 20, 2014

belbeyToday’s post is by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna on Twitter @Belbey.

Many regulated firms take a phased approach when launching social media. They may enable their users to use one social media site for several months, and once they have acquired expertise, allow them access to a second or third network. Or they may start off in a “locked down” read-only policy, and evolve to a more flexible policy over time. It is all based on the risk tolerance and culture of compliance. One size does not fit all.

Testing:

Before firms launch, they tend to invite fewer than 20 people to test policies and technology. Participants could include the original Social Media Working Group, key stakeholders, plus one or two end users from each of the businesses who are early adopters. A cooperative, team approach is important. Test scripts for polices and technology are created and systematically tested during a fixed time period, typically two weeks. Some firms gather testers in a conference room for a day or two and run through all the policies together. The key learnings from the Test phase are used to revamp policies and work with technology vendors to tweak any technological issues that may arise.

Pilot:

Pilots vary from firm to firm. The most manageable approach is to invite no more than 50 participants to Pilot one social network based on success criteria of particular lines of businesses. The Pilot continues until everyone is using the network effectively and positive results are measured. Once everyone in the initial Pilot is up to speed, one approach is to continue with the same group and add additional social networks. Or some firms have multiple Pilots with different groups using different social media networks. Firms may also elect to add participants to various groups. As firms gain experience, they refine the initial policies and continue to test larger groups. During this phase, some firms allow posting of pre-approved content, others only allow participants in a read-only mode.

Once all the policies are tested across all the social networks that the firm plans to use, firms begin actual deployment. Firms tend to roll out access to social media in waves, based on training schedules.

Editor’s note: It’s best to not to invite your “Top Producers” at this early stage. Wait until all the wrinkles are ironed out before you invite highly visible, and often very vocal, financial advisors or producers to participate. You want your most valuable resources, with the ear of management, to have a flawless experience from the first day.

Phase I – Read Only:

Firms who are blocking social media now, may elect to allow initial employee access to social media (typically LinkedIn) in a “read-only mode” as a first step. That is, firms may allow employees to log on to social media networks, but, prohibit and block all electronic communications from within the networks. For example, no updates, comments or InMail on LinkedIn. This approach offers many of the benefits of social media, without most of the associated risks. In fact, we have seen this conservative approach yield very positive financial results.

Some real life examples of how Financial Advisors are using LinkedIn in a “read-only” mode include:

  • A senior Financial Advisor noticed that a connection on LinkedIn retires. He reached out by phone and offers his congratulations. In the course of the conversation, he uncovered that his acquaintance has been saving for years without the help of a FA. She has nearly 3 million dollars in a 401K plan, individual stocks, bonds, and annuities. Over the course of several in-person meetings, the FA secured a new client – all because he became aware of a major “money-in-motion event” and acted on it. He leveraged the information from social media and then followed the traditional, firm-approved, sales process.
  • A new FA spent much of his adult life working overseas. Over time, he had lost contact with many of his friends and associates. He established a LinkedIn account and methodically reached out and connected with more than 400 prospective clients in the energy market in less than six months.
  • Financial Advisors and sales people in general, use LinkedIn to tap their fellow colleagues’ connections for warm introductions.
  • And finally, many FAs use LinkedIn to follow their connections’ job status updates. Changing jobs is an ideal opportunity to discuss 401k rollovers. Again, once they see that a connection has changed jobs, they reach out by phone or via firm email and follow their normal sales process.

In summary, registered persons may use social media, especially LinkedIn, in “read only” mode to stay up to date on the “life events” or “money-in-motion” of their clients and prospects. These stories share a common thread of using social media to identify opportunities and then following up using long established sales processes. In other words, using information gathered online to initiate or enhance relationships in person.

In addition to using social media for lead generation and income generation, firms all also anxious to tap news, information and conduct research. Since the Securities and Exchange Commission (SEC) announcement last year that firms can use social media networks to announce key information, more and more firms are taking the first step of using social media in a “read only” mode.

Phase II: Early Deployment (Preapproved Content from a Library):

The next typical stage is allowing registered or associated persons to post pre-approved content from a central library. This requires that the marketing team develop a Content Strategy and Editorial Calendar designed to drive engagement. Due to regulatory constraints, most firms avoid pitching specific stocks, products, rates, or any type investing recommendations. Instead, firms tend to focus on general, helpful information. In the beginning, marketing communications groups typically conduct an inventory of existing firm content and then make that content “snackable” for use on social media. Firms may also hire writers or third parties to develop content. Some firms also may use third party content, although that may kick off certain regulatory and legal requirements. In any event, once the content has been pre-approved by compliance, it is made available to various groups. By closely tracking the engagement (clicks, likes, shares, comments), firms can tweak their Editorial Calendars and continue to create engaging content.

Phase III: Mature Deployment (“Authentic Voice”):

Over time, once risks are mitigated and processes and systems are working effectively, some firms may allow users to post personal or customized content in addition to content from a central library. Allowing the personality to shine through, or the use of an “Authentic Voice”, enhances engagement, and thus effectiveness, on social media. In this phase, users may post their own personalized updates. Firms typically test this approach by pre-reviewing all content from a small group of users before it is posted. However, this approach is not sustainable. Instead, after initial testing, firms that allow personalized content, use technology (“trigger words” or “lexicons”) to either block in real time, or to alert compliance after the fact, of inappropriate posts. Prohibited language could include investment recommendations (buy, sell, hold), exaggerated promises (guarantee), mentions of specific products and profanity. When allowing an “Authentic Voice”, firms tend to test with a small group, pilot to a slightly larger group, then deploy more widely as appropriate.

In summary, regulated firms tend to take a thoughtful approach to deploying social media. They test policies and technologies, pilot small groups, measure results, share successes, tweak polices, adapt content and add additional users and social media networks over time.

Belbey Blogs: Make Your First Step into Social the Right One


By Joanna Belbey,   March 17, 2014

social media drugsTodays’ post previously appeared in Pharmaceutical Compliance Monitor and is by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna on Twitter @Belbey.

Social media and the pharmaceutical and biotechnology industries are not known to be comfortable bed fellows.

According to a report released by the IMS Institute for Healthcare Informatics, only half of the top 50 pharmaceutical companies worldwide actively participate in social media on Facebook, Twitter or YouTube. And only 10 of these companies utilize all three of these major social networking services for healthcare topics, and then mainly as a unilateral broadcasting channel to physicians and patients, rather than fostering interactions or discussions.

This however, looks set to change. After four years of deliberation, the Food and Drug Administration (FDA) has released much anticipated draft guidelines for the pharmaceuticals and biotech industry around the use of social media for marketing and promotional purposes (Guidance for Industry Fulfilling Regulatory Requirements for Postmarketing Submissions of Interactive Promotional Media for Prescription Human and Animal Drugs and Biologics). The FDA is widely expected to publish the finalized guidelines by July 2014.

Of note is the broad definition of ‘interactive promotional media’ mentioned in the draft guidelines. The FDA defines this medium as that which ‘allow(s) for real-time communications and interactions (e.g. blogs, microblogs, social networking sites, online communities, and live podcasts)’ that firms might use to promote themselves or their products.

The FDA draft guidelines include the proposed reporting obligations for member firms, with firms required to submit a copy of their first post on social media to the FDA. However, realizing that the real-time nature of social media communication makes the submission (and review) of every post impractical to both the firm and the regulator, the FDA will thereafter only require a monthly update with the names and URLs of the social networks used and the date of the firm’s most recent activity.

Another indication that the FDA has researched and analyzed how companies are using the medium, is that, it will be holding member firms accountable for its’ employees’ personal social media accounts if they are being used to promote the firm or the firm’s products.

Having established that the use of social media within the pharmaceutical and biotechnology industry is still in its infancy, what can firms learn from the social media experience of other companies, who also come from heavily regulated industries?

Three of the most common missteps are:

1) One Size Fits all Social Media Policy
While having a corporate social media policy is a key foundation and building block to establishing a credible social media presence, the policy itself will not protect the firm from falling foul of regulatory requirements or sanctions.

Social media is constantly changing – within the space of just a few months last year, Actiance’s Social Media Labs detected 10 major changes that have gone ‘live’ on the main social networks. Some of these changes could have significant impacts on the social media interactions of a firm. A social media policy that does not take a long-term view of social media or have the breadth or the depth to cover the changing social media landscape is only worth the paper it’s printed on. Constant review and revisiting is required, with a view to update both the policy and employees where necessary.

Pharmaceutical and biotechnology firms have different divisions, each of which might want to use social media for very different reasons. Sales and marketing, research and development, right to the top of the organization, to the office of the Chief Executive and Board of Directors all come to mind. A single, overarching corporate social media policy may not fit all. Multiple policies may be needed, to speak specifically to the needs of the different groups within an organization, and to provide the comprehensive guidance needed for compliant use of social media within an organization.

2) Not Planning for Record Keeping
As evidenced from the draft guidelines, the FDA has indicated that they will ‘exercise enforcement discretion regarding the regulatory requirements for postmarketing submissions’. In a footnote, the FDA has also requested that ‘It is preferable for the firm to submit the interactive or real-time communications in an archivable format that allows FDA to view and interact with the submission in the same way as the end user (e.g., working links). Alternatively, firms should submit screen shots or other visual representations.

It is therefore essential for firms to institute good record keeping procedures that make it easy to record, archive and retrieve its social media communications on a regular basis. Not only will this be necessary for the monthly postmarketing submissions to the FDA, firms may also be called upon by the regulator to provide detailed information in the event of an enforcement spot check.

Third party technology providers are already helping firms in the banking and finance industries that also have record keeping requirements from regulators and legislators. These solutions streamline and automate the process of monitoring, archiving and retrieving social media interactions making it possible for firms to comply with the rules and regulations while benefiting from social media.

3) Ignoring Key Learnings from Other Industries and Countries
The finance and banking industry is worth studying – in 2010, the industry regulator issued its first set of social media guidance, FINRA Regulatory Notice 10-06 Guidance on Blogs and Social Media Networks. Since then, more iterations have followed, but social media adoption rates within the industry are high. A 2012 study by Accenture found that 60% of the financial advisers it surveyed had daily contact with clients through social media.

Pharmaceutical and biotechnology industry regulators from UK have already issued guidance for the use of social media. And there are examples of social media campaigns run across multiple social networks.

Learning from firms both within and outside of this industry, who have already ventured into the waters of social media, can provide insights and fast track the process of engagement.

Three missteps that are less common are:

1) Not Providing the Tools to Enable Employees to Engage Authentically on Social Media
One of the key elements of successful adoption of social media is training. Firms often educate their employees on what is not allowed and ignore the opportunity of teaching employees the nuances of using social media authentically, engagingly and effectively.

Not every employee within the firm approaches social media with the same level of skill or experience. This can potentially pose more problems for a firm than not having a detailed corporate social media policy.

This is illustrated in the case of a pharmaceutical company in the UK, who in 2011, was ruled in breach of the Association of the British Pharmaceutical Industry (ABPI) Code, for promotion of a prescription-only medicine to the public via Twitter. The firm tried to argue that the tweet in question had been posted by an ‘inexperienced’ Twitter user. However, the firm was ultimately held responsible by the ABPI for the Tweet and sanctioned.

2) Not Working out a Content Strategy
Social media interactions are by their very nature two-way, real-time conversations. The people who use social media are driven by the desire to seek out information and connections that are meaningful to themselves.

The success stories from within the pharmaceutical and biotechnology industry demonstrate that compelling content, such as lifestyle and health information, drives engagement from patients and physicians on social media.

Sharing drug release information on social media platforms should not be the main thrust of any firm’s social media initiative (and indeed, with the Federal Food, Drug, and Cosmetic Act requiring firms to state the name, quantitative ingredients, and clear and neutral information on side effects, contraindications and effectiveness of the drug every time a drug is mentioned, the character limitation of social media may present a challenge).

A solid content strategy that works out not only what to share but when to share and who is doing the sharing is a cornerstone to getting it right on social media. Under the draft FDA guidelines, personal accounts, i.e., employee accounts, fall under the same scrutiny when used to promote the firm. It is therefore crucial that firms provide employees with appropriate content that can be shared quickly and easily, while having peace of mind that they are doing so within the regulatory framework.

3) Sending All Posts to the FDA In Advance
The draft FDA guidelines make it clear that the FDA understands that the real-time nature of social media communication, makes it impractical and indeed, onerous, for firms to submit all its interactions for review before posting.

Aside from the first post, the FDA requires only the ‘postmarketing’ submissions on a monthly basis using an online form provided on the FDA website.

This clears the way for firms to use social media platforms as they are meant to be used – communicating with patients, physicians, and other stakeholders in real-time.

Looking Ahead
The finalized guidelines from the FDA are due in July 2014. So, now is the perfect time for firms to craft social media employee usage policies, select third party vendors for controls and recordkeeping and to develop content strategies to take advantage of social media to build positive relationships with patients, physicians and stakeholders.

 

Face Off Tweetchat #Actiance ROI


By Joanna Belbey,   March 14, 2014

On March 11, 2014, Victor Gaxiola and Joanna Belbey discussed the challenges and opportunities of social media within the financial services industry on Twitter. Below is a summary, or Storify, of that conversation.

http://storify.com/belbey/social-media-compliance

Belbey Blogs: 5 Major Areas of Compliance for Social Media


By Joanna Belbey,   March 7, 2014

brochureTodays’ blog is from Joanna Belbey, Social Media and Compliance Specialist, Actiance. You maybe follow her @Belbey on Twitter.

Yesterday, Victor Gaxiola (@victorgaxiola) my colleague at Actiance, and I attended and live tweeted at BDI Financial Services Social Business Leadership Forum in Boston.

We also presented “Leveraging Social Business Amid the Changing Regulatory Landscape”. We know that staying compliant with regulations continues to be a major source of concern for financial services firms, however, there is now a wealth of guidance we have seen from the regulators. (See the end of this blog for details.) In response, the conversation is slowly shifting from “no!” to “how?”.

Whether your firm is regulated by the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), Investment Industry Regulatory Organization of Canada (IIROC), or Federal Financial Institutions Examination Council (FFIEC), there are five major areas of regulations that firms need consider when crafting social media policies:

1) Recordkeeping
Firms need to preserve and be able to produce records of written business communications for specific time periods. To clarify, if you type it out, it’s “written”. This includes Updates and InMail on LinkedIn; Tweets and Direct Messages on Twitter; Posts and Messages on Facebook. Although regulators only are interested in business communications, firms face challenges in segmenting personal from business communications on social media. Third party content must also be captured. The regulators are indifferent to the source of the communication, so the

recordkeeping requirement includes communications from personal devices, as the content, not the source, is determinative.

Best practices
Work with third parties to capture, archive and make e-discoverable all written communications. Many firms prohibit retweets to avoid appearance of “adoption and entanglement” with resulting recordkeeping and advertising requirements.

2) Testimonials
Client testimonials or endorsements are prohibited for Investment Advisors (IAs) and need to meet certain qualifications to be allowed for Registered Representatives (RRs).

Best practices
Most firms prohibit “Recommendations” and “Skills & Endorsements” on LinkedIn, “Retweets” on Twitter. Some also prohibit “Likes” on Facebook to avoid the appearance of an endorsement.

3) Suitability
Depending on whether financial advisors are registered representatives or investment advisors, they have a varying degree of responsibility for making appropriate investing recommendations to their customers. In other words, they are challenged to “Know Your Customer” and must understand their clients’ investing goals and risk tolerance in order to make recommendations.

Best practices
As it is impossible for recommendations made on social media to be suitable for every investor, most firms prohibit product recommendations and investment strategies unless preapproved by a registered principle of the firm.

4) Advertising
There are well established content standards that now apply to social media. Communications with the public must be accurate, fair, balanced and not misleading. Factors that would impact investment decisions must be disclosed. Firms are also responsible for both suitability of third party content (links, posts).

Best practices
Static content, such as a LinkedIn Profile, that contains more than standard business card information, is considered an advertisement and requires pre-approval by a registered principal of the firm. Interactive communications do not require pre-approval, however firms must demonstrate that they have supervised a pre-determined percentage of electronic communications from registered persons. LinkedIn, Facebook and Twitter have both static and interactive content.

5) Supervision
Firms must “evidence”, or prove, that they are supervising communications. Lack of supervision is a major regulatory risk for firms that create processes that are not followed or polices that are unenforceable. Note, due to new FINRA Supervision rules approved by SEC in December, you can assume that supervision will continue to be priority for the regulators.

Best Practices
Many firms adapt written supervisory procedures already in place. Rather than block the use of social media, firms are increasingly taking the approach of enabling its compliant use. Firms adapt existing workflow approvals to include pre-approval of static content to be used on social media. Principle-based employee social media polices that are enforceable, demonstrate a thoughtful approach to the regulators. Firms also limit access to social media unless registered persons are supervised and trained in advance.

To take a deeper dive on concepts covered here, please see the links below:

FINRA Regulatory Guidance 10-06: Social Media Web Sites Guidance on Blogs and Social Networking Web Sites
FINRA Regulatory Guidance 11-39: Social Media Websites Use of Personal Devices for Business Communications
FINRA Regulatory Guidance 11-39: Communications With the Public
SEC: National Examination Risk Alert, Investment Adviser Use of Social Media
FFIEC: Consumer Compliance Risk Management Guidance
IIROC: Guidelines for the review, supervision and retention of advertisements, sales literature and correspondence

BDI Healthcare

Today’s bog post is by Joanna Belbey, Social Media and Compliance Specialist, Actiance. You may follow Joanna @Belbey on Twitter.

The Future of Healthcare Communications Summit is being offered by Business Development Institute (BDI) February 25 (tomorrow!) in New York City. Personally, I’m fascinated by the regulatory challenges of using social media in healthcare. My goal is to share what I’ve learned from another highly regulated industry, financial services, to help healthcare firms use social media effectively, while complying with their rules and regulations.

In

light of the challenges and opportunities of the Affordable Healthcare Act, I am looking forward to hearing how pharmaceutical companies, hospital groups, insurers, medical device companies, and healthcare agencies are using social, mobile, and digital technologies in this rapidly changing landscape.

The agenda looks interesting. Topics include:

  • Leading the Change In Healthcare Education and Delivery: How to Surmount the Barriers
  • The Evolving Patient Journey
  • ACA Exchanges: Fallout of the 2013 Budget Agreement and what Pharma Can Do
  • Implications of the Affordable Care Act to the Pharmaceutical Industry
  • Complexity to Simplicity
  • How Hepatitis Outcomes Are Being Improved Via Modern Communication Methods

And also I’m pleased to be introducing Carissa Caramanis O’Brien, Social Media Community and Content Director, Aetna and Matt Wiggin, Head of Business Communications and Public Affairs, Aetna as they discuss:

  • How Communications and Community Are Evolving in a Changing Healthcare Environment

If you are interested in joining me for free, I have a couple of free tickets. Tweet @Belbey for the promo code. First come, first serve. Hope to see you there!

Belbey Blogs: Observations From Legal Tech, FinanceConnect14 and Social Media Week


By Joanna Belbey,   February 21, 2014

snowToday’s blog is from Joanna Belbey, Social Media Compliance Specialist at Actiance. You can follow Joanna @Belbey on Twitter.

Although we’ve been slammed with snowstorms, the conference season is in full swing in New York. I’ve been putting on my boots to trudge out into the snow to attend some old favorites, such as Social Media Week New York and LinkedIn FinanceConnect14, plus a new one for me, LegalTech.

LegalTech is held at the New York Hilton every year and attracts thousands of attorneys from firms large and small. Actiance was an exhibitor and Doug Kaminski (@DougTwit), VP Western Regional Sales, Actiance, spoke on “Social Governance: From Cradle to Grave”. Kaminski reminded the audience that 10-15 years ago, when it came to e-discovery, firms only had to worry about email for electronic communications. Nowadays, firms have a greater challenge. For example, traders may start a conversation on email, then “channel hop” to instant messages, or perhaps engage with a group on IBM Connections. They may even send messages through Bloomberg, or direct messages via Twitter or text each other over time. As you can imagine, it’s time consuming (and therefore expensive), to recreate the conversation across all those different forms of electronic communications for a regulator or in response to civil litigation during an e-discovery process. Context is key to understanding “who knew what when”. It is therefore essential for firms to institute good record keeping procedures and deploy technology that makes it easy to record, archive and retrieve its electronic communications in context when required.

In keeping with the e-discovery focus, predictive coding was an important theme at LegalTech and the topic of many of the educational sessions. In short, predictive coding is a method that combines human judgment with software to automate the identification of relevant (or “responsive”) documents among countless documents under review. For those new to the subject, “Predictive Coding for Dummies” by Matthew Nelson, Esq, (@infogovlawyer) is a great place to start.

The other event I recently attended was LinkedIn FinanceConnect14. This one- and a half-day event drew hundreds of marketing, communications and compliance professionals out into a blizzard to hear about the latest tools on LinkedIn and industry success stories. In short, we learned that financial services firms are making slow and steady progress leveraging social media throughout pockets of the organization. Early concerns about compliance are offset by RIO. From pinpoint targeting and reduction of costs of recruitment, to attracting multimillion dollar new deals, social media is slowly transforming the enterprise. Read more in our blog Themes and Observations from LinkedIn Connect..

And finally, this is Social Media Week (SMW), an event that is held twice a year in cities across the globe. Every year in February, here in New York, there are hundreds of events all over the city. There is one “main stage” of curated sessions that requires a paid pass to attend, however, many of the sessions are offered via Livestream, so you can watch right from your desk for free. Many of the sessions are designed for advertising agencies and corporate communications personnel and I was pleased to see a few events specifically for regulated industries.

I attended “Rules of the Road – Four Areas of Law Every Social Media Marketer Should Know” in person (out again into a snow storm!). Seth Rogin (@TheSethRogin) of Mashable, Jake Feldman of Johnson & Johnson, Ellie Boragine, Jet Blue (@JetBlue) and S. Gregory Boyd, Terri Seligman and Edward Rosenthal of Frankfurt Kurnit Klein & Selz walked the audience through some of the legal risks of social media for the brand.

Protect your brand by being appropriate.

The panel conveyed that one of the core challenges of social media is that firms are using a marketing tool that was designed for personal use. It’s an ongoing challenge to remind corporate marketers that, although something may be appropriate in “social”, it may not be in the best interest of the brand. The attorneys on the panel relayed that it can be a fine line between what’s commercial and what’s not. Firms need to interpret and apply traditional rules to new world of social media, just as they were challenged 20 years ago by the legal issues of linking and copying copywrited images to servers. Be Wary of Celebrities In general, the unauthorized use of a likeness, picture or worse, a celebrity, for advertising purposes presents huge risks to firms. There are times when firms get lucky, such as a recent playful interchange between musical artist Pharell Williams and Arby’s during the Grammys. However, in most cases, an attempt (whether intended or not) to convey an implied endorsement by a celebrity, usually results in letter writing, apologies, legal fees and a big check. Although firms may argue “right of use” if something is newsworthy, brands should define in advance whether they really want to be journalists. Firms walk a fine line between talking about current events and risking a “cease and desist” letter by using trademarked names, like the Super Bowl, the Olympics and the Grammy’s. So what if a celebrity mentions your brand in a favorable way on social media? The consensus of the panel was to err on the side of caution. Yes, you can reply publically to the celebrity, but, keep it neutral and be careful not to put words in his or her mouth.

What About Photos?

Every photo has two rightful owners: the photographer and the subject. Photographers are becoming increasingly aggressive about stopping brands from using their photos for commercial purposes. The least risky approach is to simply reach out to the photographer and ask permission to use the image. As for user generated content, and particularly contests, prominent disclosures and terms and conditions for the use of the photographs and videos on your sites are a must. Even better, if the users must click to agree to terms and conditions.

Native Advertising is a new name, but, not a new concept.

Publisher-produced brand content, or native advertising, is similar in concept to a traditional advertorial, which is a paid placement attempting to look like an article. The concept harkens back to the early Texaco Star Theatre and soap operas. Federal Trade Association (FTC) guidelines remind us that “clear and conspicuous” disclosures are key to making sure readers understand that they are reading sponsored content, regardless of the channel. The more control you have over the content, the more regulatory obligations your firm has. How far does the notification have to go? How much does the consumer need to see? When? The lines are blurry. Proceed with caution.

Don’t Trash the Enemy

Comparative advertising is tried and true in the United States. However, comparisons must be truthful and fully substantiated. Social media is just a new forum with new problems. An interesting challenge arises when your fans make claims that your brand cannot make as the claims can’t be proven.The panel suggested that brands create and disclose policies around clarifying incorrect information and the type of content they will delete off their sites. Deleting offensive posts are obvious, but firms also should consider the other types of content that should be deleted, such off label use of pharmaceutical products, for example. Also, although “puffery” is tolerated, be careful of anything that hints of false advertising.

And finally,

We Aren’t All The Same

When rolling out social media campaigns globally, be mindful that you can’t just translate US content and use it everywhere. Social mores can vary by region, so it’s best to do your research to avoid offending your target audience. The panel suggested working with local experts to guide you through cultural differences and regional rules and regulations.  In summary, there is an ongoing push and pull between the marketers and the attorneys. Or in short, this informative and entertaining session could have also been called, “Will this get me into trouble?”

Are you pushing the boundaries?

Belbey Blogs: 2013 Social Media Compliance Roundup


By Joanna Belbey,   January 6, 2014

policyToday’s blog post is by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn.

2013 was an active year for compliance related to electronic communications in general and social media in particular. We saw guidance, new rules and an increased focus from various federal and international regulators, self-regulatory organizations, and the States in the US. Various regulators also made commitments to focus on the impact of social media on the markets. Additionally, there were also a number enforcement actions and US court cases that pertained to social media. In general, regulators continue to treat social media as just another form of electronic communications with associated recordkeeping, suitability and disclosure requirements.

January 2013

Starting off the year, in January 2013, the Federal Financial Institutions Examination Council (FFIEC) released proposed social media guidance for financial institutions and requested comments from the industry. The proposed guidance focused on three areas of risk associated with the use of social media: compliance and legal risk, reputational risk, and operational risk. Firms were advised to develop risk management programs to identify, monitor and control risks associated with social media. The final guidance was issued in December 2013 and will be covered in more detail at the end of this blog.

February 2013

In February 2013, Financial Industry Regulatory Authority (FINRA) adopted FINRA Rule 2210 to govern broker dealers’ communications with the public. The rule provides standards for the content, approval, recordkeeping and filing of communications with FINRA. In general, as with former rule, all communications must be based on principals of fair dealing and good faith, and be fair and balanced. Firms are also prohibited from omitting material facts and must consider the nature of the audience.

Rule 2210 reorganized prior NASD rules into three types of communications: institutional, retail, and correspondence. Let’s take a look at the two that impact social media:

Correspondence includes any type of written (including electronic) communication that is distributed or made available to 25 or fewer retail investors within any 30 calendar-day period. Like email, these communications do not require pre-approval, but, firms need to capture, retain and make business communications e-discoverable as well as demonstrate that they are supervising communications to meet suitability requirements. An example from social media might include an InMail on LinkedIn, a Message on Facebook, or a Direct Message on Twitter. Unlike IAs, testimonials are not prohibited for Registered Representatives, however there are a number of disclosures that are required.

Retail communication includes any written (including electronic) communication that is distributed or made available to more than 25 retail investors within any 30 calendar-day period. A “Retail investor” includes any person other than an institutional investor, regardless of whether the person has an account with the firm. Communications that formerly qualified as advertisements and sales literature generally now fall under the definition of “retail communication.” Communications that include a recommendation of a security must have a reasonable basis and support the recommendation. These communications require pre-approval from a principal of the firm, plus all the record keeping and suitability rules apply. However, the rules specifically exempted pre-review any retail communication that: is posted on an online interactive electronic forum anddoes not make any financial or investment recommendation or otherwise promote a product or service of the firm.

FINRA recognizes that due to the real time nature of social media, pre-review would inhibit interactive communications. Examples from social media include posts such as LinkedIn Updates, Facebook Status Updates, and Tweets on Twitter.

But, what about static portions of social media like profiles and links to content? Tom Pappas, Thomas A. Pappas, Vice President and Director, Advertising Regulation, FINRA, has publically reiterated that the new rule codified existing guidance from 10-06 and 11-39 and that static portions of social media would still require pre-review unless they are exempted as above. In other words, if static content promotes a product or service, it requires pre-approval.

For more information, you may want to watch a free 60 minute FINRA webinar: Communications with the Public: New FINRA Rule 2210.

Also in February, recordkeeping rules for futures went into effect.

Commodities Futures Trading Commission (CFTC)

In late 2012, the CFTC clarified the recordkeeping requirements for futures under Regulation 1.35(a) to apply to all electronic written communications, including emails, chat rooms, mobile device, other digital or electronic media, and instant messages, that are provided or received, concerning quotes, solicitations, bids, offers, instructions, trading, and prices that lead to the execution of a transaction in a commodity interest and related cash or forward transactions. Of course, that would apply to social media as well. Effective February 19, 2013, written communication records must be kept for 5 years and must be identifiable and searchable by transaction. Interestingly, as of December 21, 2013, the CFTC now also requires that certain oral communications, whether by firm-provided, or personal phone, must be recorded and archived for at least one year.

National Futures Association (NFA)

The NFA is a self-regulatory organization created in 1976 under Section 17 of the Commodity Exchange Act (CEA) of the Commodity Futures Trading Commission (CFTC). NFA’s programs are for Futures Commission Merchants (FCMs), Introducing Brokers (IBs) Commodity Trading Advisors (CTAs), Commodity Pool Operators (CPOs) and Retail Foreign Exchange Dealers (RFEDs).  NFA Compliance Rule 2-10(a) provides, in part, that each member shall maintain adequate books and records necessary to conduct its business including, without limitation, the records required under CFTC Regulation 1.35(a). See above.

March 2013

Securities and Exchange Commission (SEC)

In March of 2013, the SEC’s Division of Investment Management staff issued Guidance Update on Social Media Filings by Investment Companies.

This Guidance was in response to “an abundance of caution” resulting in unnecessary filings with FINRA, and clarified the types of advertising communications that should be filed. In short, the SEC provided examples of what and what not to file.

Generally not required to file:

  • Incidental mentions of a fund or the word “performance”
  • Factual introductory statement to  a fund prospectus
  • General financial and investment information
  • Responses to social media inquiry that provides factual information

Generally required to file:

  • Discussion of fund performance
  • Communication from issuers that discusses investment merits of a fund

Federal Trade Commission (FTC)

Also in March 2013, the FTC staff issued revisions to the May 2000 Dot Com Disclosures Guidance. The updated guidance acknowledged increasing access of the internet on mobile devices and advertisements on social media sites. It reminded us that existing consumer protection laws apply to other online media platforms, including online advertising, marketing, sales, and activities within the mobile marketplace. As such, advertisements must be truthful and not misleading and disclosures must be clear and conspicuous. For disclosures, firms should consider:

  • Proximity and placement
  • The various devices and platforms used by consumers
  • Including prominent disclosures on social media, even though they may be space-constrained
  • Judiciously using links when necessary
  • Designing ads that do not require scrolling to see a disclosure
  • Providing enough time for consumers to view and read disclosures
  • Display disclosures before consumers make decision to buy
  • Using plain language

In summary, due to the very nature of mobile and social media, disclosures can be a challenge and require a thoughtful approach.

There also was a FINRA disciplinary action  in March that pertained to Social Media:

Ralph Williams Hicks Jr. AWC No. 2010023789701 (March 28), Hicks was charged with disseminating advertising and sales literature to the public, including via YouTube, that omitted material information in violation of FINRA Rule 2210. The respondent settled charges paid a fine of $10,000 and was suspended for 20 days.

April 2013

Securities and Exchange Commission:

In April of 2013, the SEC released a report that that stated that that companies can use social media networks to announce key information in compliance with Regulation Fair Disclosure (Regulation FD). Regulation FD requires that companies distribute information so that the general public receives the information at the same time. The SEC concluded that firms may use social media to communicate with investors, just as long as investors know that social media will be used to disseminate such information. The SEC’s report was as result of a post made by Netflix CEO Reed Hastings in 2012 relating to Netflix earnings. Interestingly, this ruling gave firms that had been sitting on the fence an incentive to allow their employees to use social media, if only as a “read only” research tool.

There also was a SEC Enforcement action in April:

In SEC v. Inter Reef, Ltd, et al.,No 13-cv-1104 (N.D. Ga) on April 8, the SEC filed an enforcement action against Inter Reef, Ltd and several other defendants for using a website and social media to operate a fraudulent securities offering.Inter Reef is located in the UK, but, they were targeted US investors.

Commodities Futures Trading Commission (CFTC)

Also in April, social media became a focus of the meeting of the federal regulatory agency, CFTC Technology Advisory Committee. This was the result of the market response to a Twitter hack of the Associated Press that announced that the White House had been attacked and that President Obama was injured. Quoting CFTC Commissioner Scott D. O’Malia, “The social media genie is out of the bottle and rather than attempt the impossible in trying to put the genie back in the bottle, we need to begin figuring out how markets and regulators will respond to this new market force.”

May 2013

FINRA

In May, FINRA held its Annual Conference. The FINRA Annual Conference and FINRA Advertising Conference are great opportunities to receive further guidance on interpreting the rules and regulations impacting the use of social media. For a summary of many of the sessions at the FINRA Annual Conference, you may want to read several blogs:

Belbey Blogs: FINRA Annual Conference 2013 – Part 1 of 3 (Suitability, Elisse Walter, Fraud)

Belbey Blogs: FINRA Annual Conference 2013 – Part 2 of 3 (Cyber Security, Using Social Media Tools)

Belbey Blogs: FINRA Annual Conference 2013 – Part 3 of 3 (Ask FINRA Senior Staff, Social Media Considerations and Communications with the Public)

June 2013

FINRA Spot Checks

FINRA Rule 2210(c)(6) states that each FINRA firm’s written (including electronic) communications are subject to a periodic spot-check procedure. In June 2013, FINRA sent an examination letter to 22 firms requesting that each firm provide information about the usage of social media that included:

  • An explanation of social media is used
  • The URL of each of the social media sites used by the firm
  • Explanation how registered persons use social media
  • Copy of written supervisory procedures concerning production, approval, and distribution of social media communications
  • Description of how firm monitors adherence to social media policies
  • List of the top 20 producing RR using social media to conduct business

When asked at the FINRA Advertising Conference, FINRA staff noted that they had found very problems with registered persons using social media, aside from some salty language. FINRA staff also said that all the firms had been able to produce the requested information. FINRA plans to use this experience to help create further guidance for exam preparation.

 International Organisation of Securities Commissions (IOSCO),

Also in June 2013, the International Organisation of Securities Commissions (IOSCO), conveyed that it is focusing on social media. IOSCO is the global grouping of capital market regulators whose members regulate over 95 per cent of the world’s securities markets. IOSCO sees social media as a vehicle to influence investors’ behavior, gather market intelligence and identify trends.

 July 2013

National Labor Relations Board (NLRB)

A NLRB memo in July reminds companies that enforcing highly restrictive social media rules in the workplace may be a violation of federal labor laws. The memo was in response to a lawsuit involving a supermarket chain, which implemented a ban on employees making posts on social media that included the store’s logo or any information about the workplace. However, in invalidating the supermarket’s policy, the NLRB found that the policy was overly broad, vague and violated employees’ rights to “concerted activity” under Section 7 of the National Labor Relations Act (NLRA). In general, concerted activity refers to anything between employees that’s related to improving the terms, conditions, and details of their employment. This includes factors like their working conditions and even wages

To preserve confidentiality and privacy, and to adhere to securities regulatory requirements, many employers have adopted social media policies limiting what employees may post on social media sites about their employer or co-workers. However, with rulings from the NLRB, we have seen that the more expansive the social media policy’s prohibitions, the more likely the policy will be found to violate the NLRA. The NLRB also stated that social media guidelines are a subject of bargaining, as they may result in the basis of discipline. Therefore firms with unions must seek approval before implementing social media policies. In short, employee social media use policies should not be so sweeping that they prohibit the kinds of activity protected by federal labor law.

September 2013:

There was a US court case pertaining to social media in September:

In Bland v Roberts , No 12-1671 (4th Cir), on September 18, 2013, the Fourth Circuit Court of Appeals found that an employee clicking a Facebook “like” button qualified as speech covered under the First Amendment. This was the result of a case where an employee had been fired for “liking” the Facebook pages of his manager’s political opponent.

There was also a FINRA disciplinary proceeding:

Charles Matisi, Letter of Acceptance Waiver and Consent (“AWC” No 2012033158601) on September 11, 2013 Matisi settled charges that he violated FINRA Rules 2210 and 2010. He posted communications that were exaggerated, not fair and balanced and omitted that he owned shares on Facebook about a drug company. Matisi was fined $5,000 and suspended from association with any FINRA member in any capacity for 10 business days.

October 2013

In October, FINRA held its annual Advertising Regulation Conference. This and the FINRA Annual Conference are great opportunities to receive further guidance on interpreting the rules and regulations impacting the use of social media.

In short, for social media, firms were reminded to look to recent Guidance when faced with the challenges of deploying social media effectively while complying with the regulations:

FINRA Regulatory Notice 10-06 Guidance and Blogs and Social Networking Sites (January 2010)

  • Recordkeeping responsibilities
  • Suitability responsibilities
  • Types of Interactive forums
  • Supervision of Social Media sites
  • Third party posts

FINRA Regulatory Notice 11-39 Social Media Websites and the Use of Personal Devices for Business Communications (August 2011)

  • Recordkeeping
  • Supervision
  • Links to Third Party Sites
  • Data feeds

FINRA Regulatory Notice 12-29 Communications with the Public (June 2012)

  • Approval exceptions
  • Supervision
  • Filing exceptions

December 2013

Federal Financial Institutions Examination Council (FFIEC)

After nearly a year after issuing preliminary guidance, The Federal Financial Institutions Examination Council (FFIEC) released its final Guidance for Social Media at the end of 2013. The FFIEC acknowledges that banks face unique challenges when allowing their employees to use social media to communicate with prospective and existing customers due to its interactive and more informal nature. Like FINRA, the SEC and IIROC, this guidance from the FFIEC does not create any new rules and regulations, but seeks to help banks interpret existing advertising, supervisory and other requirements. Unlike the other regulators however, this Guidance also focuses on risk management and encourages financial institutions to identify and put processes in place to mitigate risks such harm to consumers; violations of compliance and legal responsibilities; operational risk, and importantly, reputation risk.

Federal regulators of the retail bank industry will use this Guidance to evaluate institutions such as banks, savings institutions, credit unions and other non-bank entities they supervise. Regulators include the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB). State regulators are also being encouraged to adopt this Guidance as well.

For more details, including a chart of rules and regulations their relevance to social media, you may want to read Belbey Blogs: FFIEC Issues Supervisory Guidance for Social Media for Retail Banks.

And for our Canadian friends, on December 9, 2013, the Investment Industry Regulatory Organization of Canada (IIROC) mentioned social media in its Annual Consolidated Compliance Report. Based on IIROC Rule 29.7 and Rules Notice 11-0349, IIROC’s expectation is that Dealers have robust polices and procedures for social media in place. IIROC plans to include this in the next examination cycle. Like FINRA Spot Checks, the results of that cycle will inform future policy development in this area.

The States

Beginning in 2012, several state legislatures proposed new laws to restrict employers from requesting or requiring employees or applicants to provide their social media user names, passwords and account information. Employers also cannot retaliate against an employee for refusing to disclose this information. Certain of these state laws, as enacted or proposed, could potentially be in conflict with the monitoring and recordkeeping requirements for broker-dealers under FINRA regulations and other regulated entities, which require supervision any social media site that an associated person intends to use for a business purpose to ensure that associated persons comply with all applicable regulatory rules and securities laws. Securities firms are placed in a difficult situation: complying with the state law may violate Financial Industry Regulatory Agency (FINRA) rules, but complying with FINRA’s rules might be deemed to violate the state law. FINRA and the Securities Industry and Financial Markets Association (SIFMA) have jointly been reaching out to all 50 states to ask for an exemption:

“This act shall not apply to the personal social media accounts or devices of a financial services employee who uses such accounts or devices to carry out the business of the employer that is subject to the content, supervision, and retention requirements imposed by federal securities laws and regulations or a self-regulatory organization as defined in section 3(a)(26) of the Securities Exchange Act of 1934, as amended.”

To date, at least 35 states have proposed legislation. Several states (including Arkansas, Delaware, Illinois, Michigan, New York, New Jersey, Utah) have included specific exemptions to allow the monitoring and retention of social media in order for it to comply with either insurance laws, federal law or by a self-regulatory organization.

This is an evolving area. For the most up to date status, The National Conference of State Regulators maintains information on social media legislation.