Today’s blog post is by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn.
2013 was an active year for compliance related to electronic communications in general and social media in particular. We saw guidance, new rules and an increased focus from various federal and international regulators, self-regulatory organizations, and the States in the US. Various regulators also made commitments to focus on the impact of social media on the markets. Additionally, there were also a number enforcement actions and US court cases that pertained to social media. In general, regulators continue to treat social media as just another form of electronic communications with associated recordkeeping, suitability and disclosure requirements.
Starting off the year, in January 2013, the Federal Financial Institutions Examination Council (FFIEC) released proposed social media guidance for financial institutions and requested comments from the industry. The proposed guidance focused on three areas of risk associated with the use of social media: compliance and legal risk, reputational risk, and operational risk. Firms were advised to develop risk management programs to identify, monitor and control risks associated with social media. The final guidance was issued in December 2013 and will be covered in more detail at the end of this blog.
In February 2013, Financial Industry Regulatory Authority (FINRA) adopted FINRA Rule 2210 to govern broker dealers’ communications with the public. The rule provides standards for the content, approval, recordkeeping and filing of communications with FINRA. In general, as with former rule, all communications must be based on principals of fair dealing and good faith, and be fair and balanced. Firms are also prohibited from omitting material facts and must consider the nature of the audience.
Rule 2210 reorganized prior NASD rules into three types of communications: institutional, retail, and correspondence. Let’s take a look at the two that impact social media:
Correspondence includes any type of written (including electronic) communication that is distributed or made available to 25 or fewer retail investors within any 30 calendar-day period. Like email, these communications do not require pre-approval, but, firms need to capture, retain and make business communications e-discoverable as well as demonstrate that they are supervising communications to meet suitability requirements. An example from social media might include an InMail on LinkedIn, a Message on Facebook, or a Direct Message on Twitter. Unlike IAs, testimonials are not prohibited for Registered Representatives, however there are a number of disclosures that are required.
Retail communication includes any written (including electronic) communication that is distributed or made available to more than 25 retail investors within any 30 calendar-day period. A “Retail investor” includes any person other than an institutional investor, regardless of whether the person has an account with the firm. Communications that formerly qualified as advertisements and sales literature generally now fall under the definition of “retail communication.” Communications that include a recommendation of a security must have a reasonable basis and support the recommendation. These communications require pre-approval from a principal of the firm, plus all the record keeping and suitability rules apply. However, the rules specifically exempted pre-review any retail communication that: is posted on an online interactive electronic forum anddoes not make any financial or investment recommendation or otherwise promote a product or service of the firm.
FINRA recognizes that due to the real time nature of social media, pre-review would inhibit interactive communications. Examples from social media include posts such as LinkedIn Updates, Facebook Status Updates, and Tweets on Twitter.
But, what about static portions of social media like profiles and links to content? Tom Pappas, Thomas A. Pappas, Vice President and Director, Advertising Regulation, FINRA, has publically reiterated that the new rule codified existing guidance from 10-06 and 11-39 and that static portions of social media would still require pre-review unless they are exempted as above. In other words, if static content promotes a product or service, it requires pre-approval.
For more information, you may want to watch a free 60 minute FINRA webinar: Communications with the Public: New FINRA Rule 2210.
Also in February, recordkeeping rules for futures went into effect.
Commodities Futures Trading Commission (CFTC)
In late 2012, the CFTC clarified the recordkeeping requirements for futures under Regulation 1.35(a) to apply to all electronic written communications, including emails, chat rooms, mobile device, other digital or electronic media, and instant messages, that are provided or received, concerning quotes, solicitations, bids, offers, instructions, trading, and prices that lead to the execution of a transaction in a commodity interest and related cash or forward transactions. Of course, that would apply to social media as well. Effective February 19, 2013, written communication records must be kept for 5 years and must be identifiable and searchable by transaction. Interestingly, as of December 21, 2013, the CFTC now also requires that certain oral communications, whether by firm-provided, or personal phone, must be recorded and archived for at least one year.
National Futures Association (NFA)
The NFA is a self-regulatory organization created in 1976 under Section 17 of the Commodity Exchange Act (CEA) of the Commodity Futures Trading Commission (CFTC). NFA’s programs are for Futures Commission Merchants (FCMs), Introducing Brokers (IBs) Commodity Trading Advisors (CTAs), Commodity Pool Operators (CPOs) and Retail Foreign Exchange Dealers (RFEDs). NFA Compliance Rule 2-10(a) provides, in part, that each member shall maintain adequate books and records necessary to conduct its business including, without limitation, the records required under CFTC Regulation 1.35(a). See above.
Securities and Exchange Commission (SEC)
In March of 2013, the SEC’s Division of Investment Management staff issued Guidance Update on Social Media Filings by Investment Companies.
This Guidance was in response to “an abundance of caution” resulting in unnecessary filings with FINRA, and clarified the types of advertising communications that should be filed. In short, the SEC provided examples of what and what not to file.
Generally not required to file:
- Incidental mentions of a fund or the word “performance”
- Factual introductory statement to a fund prospectus
- General financial and investment information
- Responses to social media inquiry that provides factual information
Generally required to file:
- Discussion of fund performance
- Communication from issuers that discusses investment merits of a fund
Federal Trade Commission (FTC)
Also in March 2013, the FTC staff issued revisions to the May 2000 Dot Com Disclosures Guidance. The updated guidance acknowledged increasing access of the internet on mobile devices and advertisements on social media sites. It reminded us that existing consumer protection laws apply to other online media platforms, including online advertising, marketing, sales, and activities within the mobile marketplace. As such, advertisements must be truthful and not misleading and disclosures must be clear and conspicuous. For disclosures, firms should consider:
- Proximity and placement
- The various devices and platforms used by consumers
- Including prominent disclosures on social media, even though they may be space-constrained
- Judiciously using links when necessary
- Designing ads that do not require scrolling to see a disclosure
- Providing enough time for consumers to view and read disclosures
- Display disclosures before consumers make decision to buy
- Using plain language
In summary, due to the very nature of mobile and social media, disclosures can be a challenge and require a thoughtful approach.
There also was a FINRA disciplinary action in March that pertained to Social Media:
Ralph Williams Hicks Jr. AWC No. 2010023789701 (March 28), Hicks was charged with disseminating advertising and sales literature to the public, including via YouTube, that omitted material information in violation of FINRA Rule 2210. The respondent settled charges paid a fine of $10,000 and was suspended for 20 days.
Securities and Exchange Commission:
In April of 2013, the SEC released a report that that stated that that companies can use social media networks to announce key information in compliance with Regulation Fair Disclosure (Regulation FD). Regulation FD requires that companies distribute information so that the general public receives the information at the same time. The SEC concluded that firms may use social media to communicate with investors, just as long as investors know that social media will be used to disseminate such information. The SEC’s report was as result of a post made by Netflix CEO Reed Hastings in 2012 relating to Netflix earnings. Interestingly, this ruling gave firms that had been sitting on the fence an incentive to allow their employees to use social media, if only as a “read only” research tool.
There also was a SEC Enforcement action in April:
In SEC v. Inter Reef, Ltd, et al.,No 13-cv-1104 (N.D. Ga) on April 8, the SEC filed an enforcement action against Inter Reef, Ltd and several other defendants for using a website and social media to operate a fraudulent securities offering.Inter Reef is located in the UK, but, they were targeted US investors.
Commodities Futures Trading Commission (CFTC)
Also in April, social media became a focus of the meeting of the federal regulatory agency, CFTC Technology Advisory Committee. This was the result of the market response to a Twitter hack of the Associated Press that announced that the White House had been attacked and that President Obama was injured. Quoting CFTC Commissioner Scott D. O’Malia, “The social media genie is out of the bottle and rather than attempt the impossible in trying to put the genie back in the bottle, we need to begin figuring out how markets and regulators will respond to this new market force.”
In May, FINRA held its Annual Conference. The FINRA Annual Conference and FINRA Advertising Conference are great opportunities to receive further guidance on interpreting the rules and regulations impacting the use of social media. For a summary of many of the sessions at the FINRA Annual Conference, you may want to read several blogs:
Belbey Blogs: FINRA Annual Conference 2013 – Part 1 of 3 (Suitability, Elisse Walter, Fraud)
Belbey Blogs: FINRA Annual Conference 2013 – Part 2 of 3 (Cyber Security, Using Social Media Tools)
Belbey Blogs: FINRA Annual Conference 2013 – Part 3 of 3 (Ask FINRA Senior Staff, Social Media Considerations and Communications with the Public)
FINRA Spot Checks
FINRA Rule 2210(c)(6) states that each FINRA firm’s written (including electronic) communications are subject to a periodic spot-check procedure. In June 2013, FINRA sent an examination letter to 22 firms requesting that each firm provide information about the usage of social media that included:
- An explanation of social media is used
- The URL of each of the social media sites used by the firm
- Explanation how registered persons use social media
- Copy of written supervisory procedures concerning production, approval, and distribution of social media communications
- Description of how firm monitors adherence to social media policies
- List of the top 20 producing RR using social media to conduct business
When asked at the FINRA Advertising Conference, FINRA staff noted that they had found very problems with registered persons using social media, aside from some salty language. FINRA staff also said that all the firms had been able to produce the requested information. FINRA plans to use this experience to help create further guidance for exam preparation.
International Organisation of Securities Commissions (IOSCO),
Also in June 2013, the International Organisation of Securities Commissions (IOSCO), conveyed that it is focusing on social media. IOSCO is the global grouping of capital market regulators whose members regulate over 95 per cent of the world’s securities markets. IOSCO sees social media as a vehicle to influence investors’ behavior, gather market intelligence and identify trends.
National Labor Relations Board (NLRB)
A NLRB memo in July reminds companies that enforcing highly restrictive social media rules in the workplace may be a violation of federal labor laws. The memo was in response to a lawsuit involving a supermarket chain, which implemented a ban on employees making posts on social media that included the store’s logo or any information about the workplace. However, in invalidating the supermarket’s policy, the NLRB found that the policy was overly broad, vague and violated employees’ rights to “concerted activity” under Section 7 of the National Labor Relations Act (NLRA). In general, concerted activity refers to anything between employees that’s related to improving the terms, conditions, and details of their employment. This includes factors like their working conditions and even wages
To preserve confidentiality and privacy, and to adhere to securities regulatory requirements, many employers have adopted social media policies limiting what employees may post on social media sites about their employer or co-workers. However, with rulings from the NLRB, we have seen that the more expansive the social media policy’s prohibitions, the more likely the policy will be found to violate the NLRA. The NLRB also stated that social media guidelines are a subject of bargaining, as they may result in the basis of discipline. Therefore firms with unions must seek approval before implementing social media policies. In short, employee social media use policies should not be so sweeping that they prohibit the kinds of activity protected by federal labor law.
There was a US court case pertaining to social media in September:
In Bland v Roberts , No 12-1671 (4th Cir), on September 18, 2013, the Fourth Circuit Court of Appeals found that an employee clicking a Facebook “like” button qualified as speech covered under the First Amendment. This was the result of a case where an employee had been fired for “liking” the Facebook pages of his manager’s political opponent.
There was also a FINRA disciplinary proceeding:
Charles Matisi, Letter of Acceptance Waiver and Consent (“AWC” No 2012033158601) on September 11, 2013 Matisi settled charges that he violated FINRA Rules 2210 and 2010. He posted communications that were exaggerated, not fair and balanced and omitted that he owned shares on Facebook about a drug company. Matisi was fined $5,000 and suspended from association with any FINRA member in any capacity for 10 business days.
In October, FINRA held its annual Advertising Regulation Conference. This and the FINRA Annual Conference are great opportunities to receive further guidance on interpreting the rules and regulations impacting the use of social media.
In short, for social media, firms were reminded to look to recent Guidance when faced with the challenges of deploying social media effectively while complying with the regulations:
FINRA Regulatory Notice 10-06 Guidance and Blogs and Social Networking Sites (January 2010)
- Recordkeeping responsibilities
- Suitability responsibilities
- Types of Interactive forums
- Supervision of Social Media sites
- Third party posts
FINRA Regulatory Notice 11-39 Social Media Websites and the Use of Personal Devices for Business Communications (August 2011)
- Links to Third Party Sites
- Data feeds
FINRA Regulatory Notice 12-29 Communications with the Public (June 2012)
- Approval exceptions
- Filing exceptions
Federal Financial Institutions Examination Council (FFIEC)
After nearly a year after issuing preliminary guidance, The Federal Financial Institutions Examination Council (FFIEC) released its final Guidance for Social Media at the end of 2013. The FFIEC acknowledges that banks face unique challenges when allowing their employees to use social media to communicate with prospective and existing customers due to its interactive and more informal nature. Like FINRA, the SEC and IIROC, this guidance from the FFIEC does not create any new rules and regulations, but seeks to help banks interpret existing advertising, supervisory and other requirements. Unlike the other regulators however, this Guidance also focuses on risk management and encourages financial institutions to identify and put processes in place to mitigate risks such harm to consumers; violations of compliance and legal responsibilities; operational risk, and importantly, reputation risk.
Federal regulators of the retail bank industry will use this Guidance to evaluate institutions such as banks, savings institutions, credit unions and other non-bank entities they supervise. Regulators include the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB). State regulators are also being encouraged to adopt this Guidance as well.
For more details, including a chart of rules and regulations their relevance to social media, you may want to read Belbey Blogs: FFIEC Issues Supervisory Guidance for Social Media for Retail Banks.
And for our Canadian friends, on December 9, 2013, the Investment Industry Regulatory Organization of Canada (IIROC) mentioned social media in its Annual Consolidated Compliance Report. Based on IIROC Rule 29.7 and Rules Notice 11-0349, IIROC’s expectation is that Dealers have robust polices and procedures for social media in place. IIROC plans to include this in the next examination cycle. Like FINRA Spot Checks, the results of that cycle will inform future policy development in this area.
Beginning in 2012, several state legislatures proposed new laws to restrict employers from requesting or requiring employees or applicants to provide their social media user names, passwords and account information. Employers also cannot retaliate against an employee for refusing to disclose this information. Certain of these state laws, as enacted or proposed, could potentially be in conflict with the monitoring and recordkeeping requirements for broker-dealers under FINRA regulations and other regulated entities, which require supervision any social media site that an associated person intends to use for a business purpose to ensure that associated persons comply with all applicable regulatory rules and securities laws. Securities firms are placed in a difficult situation: complying with the state law may violate Financial Industry Regulatory Agency (FINRA) rules, but complying with FINRA’s rules might be deemed to violate the state law. FINRA and the Securities Industry and Financial Markets Association (SIFMA) have jointly been reaching out to all 50 states to ask for an exemption:
“This act shall not apply to the personal social media accounts or devices of a financial services employee who uses such accounts or devices to carry out the business of the employer that is subject to the content, supervision, and retention requirements imposed by federal securities laws and regulations or a self-regulatory organization as defined in section 3(a)(26) of the Securities Exchange Act of 1934, as amended.”
To date, at least 35 states have proposed legislation. Several states (including Arkansas, Delaware, Illinois, Michigan, New York, New Jersey, Utah) have included specific exemptions to allow the monitoring and retention of social media in order for it to comply with either insurance laws, federal law or by a self-regulatory organization.
This is an evolving area. For the most up to date status, The National Conference of State Regulators maintains information on social media legislation.