Category Archives: Compliance

Belbey Blogs: FFIEC Issues Supervisory Guidance for Social Media for Retail Banks


By Joanna Belbey,   December 16, 2013

 FFIECToday’s blog is by Joanna Belbey, Social Media and Compliance Specialist at Actiance. Follow her on Twitter @Belbey or connect with her on LinkedIn.

In January of 2013, the Federal Financial Institutions Examination Council (FFIEC) issued preliminary guidance on social media and asked for comments from the banking industry. 81 official comments, and nearly a year later, the Federal Financial Institutions Examination Council (FFIEC) issued Social Media: Consumer Compliance Risk Management Guidance on December 12, 2013. It is effective immediately.

This final Guidance is not significantly different from what we saw last year (see Belbey Blogs: New Guidance on Using Social Media at Retail Banks and Belbey Blogs: Upcoming Guidance for the Use of Social Media for Retail Banking from FFIEC) but does offer some clarifications and includes input from the industry.

The FFIEC acknowledges that banks face unique challenges when allowing their employees to use social media to communicate with prospective and existing customers due to its interactive and more informal nature. Like FINRA, the SEC and IIROC, this guidance from the FFIEC does not create any new rules and regulations, but seeks to help banks interpret existing advertising, supervisory and other requirements. Unlike the other regulators however, this Guidance also focuses on risk management and encourages financial institutions to identify and put processes in place to mitigate risks such harm to consumers; violations of compliance and legal responsibilities; operational risk, and importantly, reputation risk.

Federal regulators of the retail bank industry will use this Guidance to evaluate institutions such as banks, savings institutions, credit unions and other non bank entities they supervise. Regulators include the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB). State regulators are also being encouraged to adopt this Guidance as well.

Below is a summary of key points. You may download the Guidance in its entirety here: FFIEC Issues Supervisory Guidance for Social Media

Risk Management:

The Guidance states that based on usage, banks need to develop a risk management program to control the risks related to social media. Even for those financial institutions that elect not to use social media proactively, they should still put processes in place to monitor and respond to negative comments. Develop the risk management program with input from across the organization. Elicit and include feedback from compliance, technology, information security, legal, human resources, marketing and others. Specific components of the program should include: governance structure with clear roles and responsibilities; policies that address consumer protection laws and regulations; processes for managing third parties; training on employee usage polices; audit processes to ensure ongoing compliance with rules and regulations; reporting to senior management how using social media contributes to the strategic goals of the institution.

The FFIEC Guidance goes on to outline three major areas of risk: Compliance and Legal; Reputational; and Operational.

Compliance and Legal:

Financial institutions want to avoid violating varies rules and regulations and ethical standards. The following is a partial list of laws included in the Guidance and some recommendations to consider before using social media:

Rule

Purpose

Recommendations

Deposit and Lending Products

Truth in Savings Act / Regulation DD and Part 707

Imposes disclosure requirements designed to enable consumers to make informed decisions about deposit accounts. May not be misleading or incomplete.

Customers must receive all required disclosures. Consider a link to additional information for posts that contain trigger words such as “bonus” or “APY)”.

Fair Lending Laws: Equal Credit Opportunity Act/Regulation B and Fair Housing Act 

Prohibits discrimination in any aspect of a credit transaction or in the sale and rental of housing, in mortgage lending, and in appraisals of residential real property.

Banks have same requirements when using social media as other forms of advertising. Although social media sites may request certain information, banks must not improperly request, collect, or use such information such as color, religion, national origin, or sex, in violation of applicable fair lending laws. Supervision is required.

Truth in Lending Act / Regulation Z

Designed to promote informed use of consumer credit by requiring thorough disclosures about terms and costs.

Same advertising rules apply when using social media. Customers must receive all of the required disclosures. Clarifying information may be located on a different page (or link) from the main advertisement. As above, consider including a link within post to additional information.

Real Estate Settlement Procedures Act (RESPA)

Prohibits certain activities in connection with federally related mortgage loans. Includes specific timing for disclosures.

Same disclosures requirements apply to applications taken electronically, including via social media. Customers must receive all required disclosures.

Fair Debt Collection Practices Act (FDCPA)

Restricts how debt collectors collect debts.  

Debt collectors may not use social media to inappropriately contact consumers, their families and friends, or to disclose the existence of a debt, or harass or embarrass consumers about their debts. Supervision required.

 

 

Unfair, Deceptive, or Abusive Acts or Practices (FTC, Dodd Frank)

Prohibits unfair, deceptive, or abusive acts or practices.

A financial institution may not engage in any advertising or other practice via social media that could be deemed “unfair,” “deceptive,” or “abusive.” Information on social media sites must be accurate, consistent and not misleading. Supervision required.

Deposit Insurance or Share Insurance

Advertising requirements regarding FDIC or NCUA membership and deposit insurance or share insurance.

Same advertising rules for notice of membership apply when using social media. Must include “Member FDIC”, “Federally insured by NCUA”; font must be clearly legible.

Payment Systems

Electronic Fund Transfer Act / Regulation E

Specific protections, including disclosures to consumers.

Same disclosures requirements apply social media. Customers must receive all required disclosures. Disclosures must be “clear and conspicuous” and “readily understandable”. As above, consider including a link within post to additional information.

Rules Applicable to Check Transactions

Bank Secrecy Act / Anti-Money Laundering Programs (BSA / AML)

Financial institutions must have compliance program, training, and internal controls to ensure effective risk management and adherence to recordkeeping and reporting requirements.

Same recordkeeping and reporting requirements apply to social media. Applies to all customers, products and services, including customers engaging in electronic banking (e-banking) through the use of social media, and e-banking products and services offered in the context of social media. Additionally, virtual internet games and digital currencies present a higher risk for money laundering and terrorist financing and should be monitored accordingly.

Community Reinvestment Act (CRA)

Recordkeeping requirements for comments made by the public.

Retain records of written communications made on sites run by or on behalf of the institution that specifically relate to the institution’s performance in helping to meet community credit needs.    

Privacy

Gramm-Leach-Bliley Act Privacy Rules and Data Security Guidelines

Requirements relating to privacy and security of consumer information.

Clearly disclose privacy policies and safeguard customer information. Particularly relevant when a financial institution integrates social media components into customers’ online account experience or takes applications via social media networks.

CAN-SPAM Act and Telephone Consumer Protection Act.  

Requirements for sending unsolicited commercial messages.

May be relevant if a financial institution sends unsolicited communications to consumers via social media. Consider caution when using one-to-one private communications on social media.

Children’s Online Privacy Protection Act

Obligations pertaining to commercial websites and online services that collect, use, or disclose personal information from children under 13.

Carefully monitor collection personal information of children under 13. Establish, post, and follow policies restricting access to the sites maintained by the institution to users 13 or older, especially when those sites could attract children (such as virtual worlds and features that resemble video games.)  

Fair Credit Reporting Act

Requirements for making solicitations using eligibility information, responding to direct disputes, and collecting medical information in connection with loan eligibility.

Applies when social media is used for these activities.

Reputational Risk

The Guidance further states that activities that create dissatisfied customers or negative publicity, could present a risk to the reputation of a financial institution, even though the firm may have not actually violated any laws. There are three main areas that firms think about before using social media:

Fraud and Brand Identity:

Some of the risks of using social media include negative comments, spoofs and fraudsters masquerading as the institution. The Guidance suggests the firms use social media monitoring tools and to create and follow communications plans should negative events occur.

Third Parties:

Even though a firm may outsource social media management to a third party, ultimately, negative events will reflect poorly on the institution itself and create reputational damage. Therefore, the Guidance suggests careful due diligence and ongoing monitoring when working with third parties.

Privacy:

The Guidance recommends creating processes to safeguard consumers should they post personal information (such as account and social security numbers) on the financial institution’s social media site to avoid reputational damage to the institution.

Consumer Complaints and Inquiries:

Consumers may post critical or inaccurate statements; make specific complaints about errors or fees on social media. Financial institutions are advised create and execute processes to monitor and respond to these complaints in a timely manner. One suggestion is to set up channels expressly for this purpose. However firms are advised to evaluate their own risk tolerance and be prepared to monitor and respond to complaints on a broader basis.

Employee Use of Social Media Sites

Based on its own risk tolerance, firms need to establish policies and training for employees representing the financial institution on social media.

Operational Risk

<Editor’s Note: Given the increasing threat of cybercrime, we find it surprising that the Cyber Security, although mentioned under Operational Risk,  was not called out as a major risk of using social media in this Guidance. Consumers may over share enough personal information that cyber criminals may hack their accounts. Employees are at risk of clicking on links that introduce malware into the organization, as social media users tend to naïvely trust content from existing connections. Employees may inadvertently (or maliciously) leak firm’s proprietary information or customer account data. The enterprise is also at risk from targeted “phishing attacks” that are carefully crafted emails that have just enough information (possible obtained through social media) to trick staff into giving up passcodes and other information to ultimately gain access to the corporate systems.>

And finally, the Guidance suggests that firms evaluate the supervision of social media through lens of operational risk and mentions several resources:

FFIEC Information Technology Examination Handbook

Supervisory guidance issued by the FFIEC or individual agencies.

Outsourcing Technology Services

Information Security

 

Belbey Blogs: 14 Components of a Social Media Employee User Policy for Registered Persons


By Joanna Belbey,   December 10, 2013

pic_joannaToday’s post is by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow her on Twitter at @Belbey or connect with her on Linkedin.

One of the barriers of firm-wide deployment of social media is the process around crafting of a social media employee policy. Drafting policy from scratch is daunting to most people. Where to begin? Rather than start with a blank screen, consider these 14 components:

1)      Overview of program

Provide an overview of the goal of the program and who is participating. Convey the purpose and value of using social media for the firm. Reinforce your firm’s mission and values. Remind users that social media is a public forum and that they are representing your firm and reinforcing the brand. This is also an opportunity for Senior Management to demonstrate that they support a social media initiative.

2)      Approval process

Outline requirements for participation in social media for business. For example, describe specific approval processes with user’s Manager and Compliance department and / or Human Resources. Provide details on training / attestations that may be required. Detail exclusions such as Registered Persons who may have had compliance issues in last 12 months.

3)      Network access

List the social media networks permitted now and plans for future. Define how users access social media sites. Some firms allow users to access native social media sites directly; other firms instruct users to log unto a third party vendor’s site that aggregates the networks. In some cases, users may do both. Be clear.

4)      Ownership

A new and growing area of the law is ownership pertaining to social media. Define in advance, and get in writing, who owns what (profiles, access information, content, followers) in the event of voluntary or involuntary termination.

5)      Disclosures

Many firms have disclosures that appear on each user’s profile that link back to the corporate website. Define specific language for each social network and respective link.

6)      Prohibited Language

Users should be reminded that social media is just another, albeit more public, form of electronic communications. Existing communications and workplace policies apply. Profane, defamatory, disrespectful, harassing, sexual statements are expressly forbidden. If using a third party vendor, create and apply a lexicon (or “trigger words”) of forbidden words. Use technology to block inappropriate language on the corporate network (just as you may do for email now) and to send an alert if prohibited language is used off the network.

7)      Negative interactions

Direct users how to respond to negative comments, customer complaints, or if your users are being harassed or subjected to inappropriate language themselves.

8)      Protect customer and firm proprietary  information

Remind users that they are responsible for protecting their customer personal information such as social security numbers, account numbers, date of birth, addresses, etc. Personally Identifiable Information (PSI) should never be shared on social media networks. Firm information should be also protected. Be cautious not to reveal trade secrets, special projects, propriety information, or earnings. Also be mindful of copywrites, posting third party content, the appropriate use of firm’s logos and trademarks. When in doubt, ask for guidance.

9)      Incoming threats

Remind users of your existing IT guidance to prevent malware from coming into the enterprise. Like email, they should be very careful about clicking on links on social media.

10)   Prohibited Activities

Outline specific activities prohibited on each network and the reason they are prohibited. Below are some examples by network. For example, many firms within financial services prohibit certain activities as they may be interpreted as testimonials or create additional recordkeeping requirements.

LinkedIn:

  • Writing recommendations
  • Endorsing products
  • Endorsing sills
  • Displaying skills endorsements
  • Accepting recommendations
  • Asking for a business-related endorsement of recommendations

Twitter:

  • Retweet
  • Like
  • Favorite
  • Create list

Facebook:

  • Like
  • Share

Additionally, if firms are not working with an outside vendor to capture and archive private communications on social media, they may instruct their users to use corporate email for all private communications rather than use InMail (LinkedIn), Direct Message (Twitter) and Messages (Facebook).

11)   Directions for setting up professional profiles

Most firms provide specific directions on how to set up a profile on LinkedIn, Twitter and Facebook. Typically, users are instructed to use business card information, a professional photo, include a pre-approved description of the firm, special disclosures and corporate contact information. In many cases, profiles are pre-approved by Compliance before users are permitted to use social networks for business. If that’s the case at your firm, detail the process and anticipated turn-around time required for pre-approval.

12)   Guidance for professional use of social media

Provide an overview of how social media is to be used for business for the firm. Be as specific as possible and provide examples whenever possible.

Appropriate Content

  • Many firms’ marketing departments create a centralized library of content that has been pre-approved by compliance that is to be posted “as is”. Content is typically is accessed through a third party platform.
  • Other firms allow users to add their own personal introduction to the pre-approved content.
  • A few firms allow their users to create their own content. If your firm allows user-generated content, provide specific guidance on what is appropriate and the process for approval. For example, you may advise users to post content that is “ever green” that that their followers may find interesting over time.

Inappropriate Content

  • Certain language is prohibited outright (profanity, overtly sexual, discriminatory, etc).
  • Remind users of their suitability and / or fiduciary responsibilities regarding making investment recommendations. Specifically, Financial Advisors may only make an investing or product recommendation if it meets the needs and risk tolerance of the investor. As no one cannot possibly “Know Your Customer” on social media, firms tend to prohibit the mention of products of specific investing strategies. In short, inform, don’t pitch.
  • Outline specific restrictions about posting about your firm or your competitors.

Monitoring

Clearly articulate that business communications on social media sites are monitored, captured and archived across corporate and personal devices. Note that communications are actively supervised and that the user has no expectation of privacy on social media accounts monitored by firm.

Consequences

Describe the consequences of not adhering to social media polices. Note that users are be asked to remove inappropriate communications and are subject to disciplinary actions, including termination.

13)   Guidance for personal use of social media

As a service to their employees, some firms provide guidance on the personal versus professional use of social media. To avoid legal action, firms are careful not to prohibit any specific type of communications, such as disparaging remarks about the firm or management.  However, firms often remind users of the permanence of social media. Like email, although posts may be deleted, they never truly go away. Communications on social media have been used as evidence in criminal and civil trials. Social media is used by insurance companies to conduct fraud investigations and by Human resource departments to  conduct background checks of prospective employees. Some firms also remind their users of the importance of privacy settings and to be careful about revealing their own Personally Identifiable Information.

14)   Contact information

Include the contact information for questions on policies and use of social media networks.

 

Shutting down is NOT the answer. You’re addressing the wrong problem.


By nleong,   November 12, 2013

Yesterday’s Wall Street Journal article, “Big Banks May Block Traders from Chat Rooms,” highlights the perils of open communication between traders at different banks.  Collusion.  Interest-rate rigging.  Market manipulation.  All things that would make Gordon Gekko proud.

But, as we all know, technology can be a good thing.  It creates efficiencies, saves time and money (if you’re not engaged in illegal activities), and, more often than not, makes everyone’s life a lil easier.  Yes, the Libor scandal that has already resulted in five banks getting slapped with a collective $3.5 billion in penalties was facilitated by technology, but it needn’t have ended up that way.

The actions that a few take should NOT dictate what happens for the many.  Closing down the chat and group rooms that enable and facilitate communications, efficiencies, and the ability to do business isn’t the way to deal with rogue situations.

Instead, deal with them head-on.  There are some really simple ways to do this:

Actiance Vantage could’ve mitigated the effects of interbank chat room activities.  In particular, Vantage offers very granular chat room controls, including the ability to prevent certain individuals from communicating with their counterparts at other institutions.  Even if communications were permitted, an institution could set up Vantage to be on the lookout for certain codenames or sensitive words and send alerts to the relevant stakeholders when a match is hit.

So, instead of completely closing down chat rooms, it would be more efficacious to allow chat room access but to have better monitoring and enforcement controls in place.  Certainly, in a world flush with iPhones and Androids, the alternative scenario of traders using unsupervised or unsanctioned communications channels to do what they used to do in chat rooms is even scarier.

Additionally, not letting traders use chat rooms could have the unintended consequence of introducing delays in the flow of information so crucial to the financial industry.  Or, well, heck, if they can’t use chat rooms, they’ll go to the local bar and speak their mind.   And you know you can’t moderate that!

More important are the policies and procedures that banks rely on to meet their regulatory requirements.  Technology is the corollary to the story to make sure those policies and procedures are enforced.

As sad as it is to say, there will always be Gordon Gekkos in the world.  Greed has been around since the dawn of time and will continue to occasionally rear its head in the lucrative trading world.  However, let’s not retreat into a cave.  Technology should be embraced, especially if it can prevent the next Libor scandal from happening.

Belbey Blogs: Thoughts from #BDI1 Insurance Social Business Leadership Forum


By Joanna Belbey,   October 14, 2013

Joanna Belbey

Joanna Belbey

It’s always a pleasure to attend a Business Development Institute (BDI) event. The half-day format makes it easy to attend, content is targeted and the in-person networking is excellent. BDI is also an early adopter of social media, and supports participants “getting social” before, during and after the event. In fact, I’ve “met” some great people by following the live tweeting both in person and remotely.

I found this event very interesting. The primary focus was on internal social media, which I view as a great opportunity that firms have yet to fully embrace. For those who missed the BDI Insurance Social Business Forum, here’s a short recap:

Social Business, From the Inside Out

Andy Jankowski ( @AndyJankowski ) Founder of Enterprise Strategies, started off with a definition:

Social Business = External (Social Media) + Internal (Social Enterprise)

In short, Andy’s premise is that insurance firms have the opportunity to transform their business “From the Inside Out”, or through the integration of social media across the enterprise. He described how when departments work together, firms can increase brand awareness, reduce loss exposure, drive recruitment, enable sales, increase customer satisfaction, improve risk segmentation, investigate fraud, increase collaboration, enable knowledge sharing, and drive innovation. The keys to successfully transforming the business? Business objectives-driven strategy, executive mentorship, and integration with existing business process.

Because that is Where the Money Is

Jon Bidwell (@joncbidwell), Chief Innovation Officer, Chubb & Son (and Captain of his local Fire Department!), discussed how using internal social media drives the next wave of innovation, increases revenues and productivity. To date, about 50% of Chubb uses Jive (internal collaboration tool). Access is use case driven and departments must specifically justify how they plan to use the tool. Not surprisingly, Jon demonstrated that junior level staff generates the most innovation and interaction, often to the chagrin of established managers.The next challenge? Applying key learnings to field sales force to create bespoke messages to Producers. And finally, Jon suggested that John Stepper ( @johnstepper ) has the right idea when he blogs about “Working Out Loud”.

Going Social with Millennials: Setting the Foundation for Marketing Success

Lori Feldman ( @LBFeldman ), Global Head of Social Media, Cigna International, conveyed that Millennials disrupt how marketers traditionally work. Defined as 18-30 year olds, they are the most hopeful and optimistic of all the demographics and assume that their opinions are valued and will influence change. Millennials demand transparency and are eager to engage in conversations directly with the brand.The challenge for insurance firms is to be willing to engage in a dialog and to remember that a conversation goes two ways.

Terry Golesworthy Interview

For this session, I was asked by Steve Etzler of BDI ( @BDIonline) to interview Terry Golesworthy ( @TerryCRG ), President, The Customer Respect Group. I first became aware of Terry through SocialEyes, an informative monthly newsletter about how the insurance industry is using social media. Like the other speakers at this event, Terry stressed that social media has the opportunity to transform the business by using it across the enterprise, instead of solely as a corporate marketing channel. Some firms within the insurance industry are also using social media for internal communications, research, crisis communications, and customer service. Insurance firms are even using social media to investigate claims and disability case.Terry warned that these activities could backfire should taken with great care as not to harm the brand. Terry told the group that social media even eliminated the need for Producers to make cold calls. When asked for a specific example of how Producers are increasing revenues by using social media, I was able to share a recent success at an Actiance client. A Producer profiled his existing clients, selected 200 of his LinkedIn connections that fit the profile, sent them InMails, received 156 responses and ultimately sold 33 life insurance policies. The audience agreed that those are amazing response rates. Terry concluded that to leverage these benefits, firms need a social media champion who can gain buy-in from senior executives, break silos, tap the expertise of legal, compliance, and HR to develop usage policies, pull together training and oversee the activities to deploy technology, like Actiance’s Socialite platform, to reinforce the polices and allow the compliant use of social media.

How GEICO Users Social Media to Attract Talent

Shannon Smedstad ( @shannonsmedstad ) HR Branding and Social Media Leader, GEICO, relayed that 90% of companies plan to use social media in their recruiting strategy (Jobvite 2013). Shannon discussed how GEICO uses social media to listen to what people are saying about the brand, including on rating and review sites such as Glassdoor, Yahoo! Answers and Indeed. When people interested in working for GIECO are identified, they are proactively contacted.  Social media is also used to increase the visibility of job listings and as a means to source candidates. She stated that recruiters use LinkedIn 93% of the time to search (Jobvite 2013). Interestingly, Shannon also discussed that job seekers are also consumers and a good experience with HR can lead to a new customer.  She concluded that these things take time, firms need strong social media policies in place, rewards often outweigh the risk, and my personal favorite “sometimes you just have to try.”

How Social Media Changed Our Business

Mike Smith ( @axisins ), Principal / CEO, Axis Insurance Services wrapped up the speaker portion of the event and discussed how integrating social media into a traditional direct marketing campaigns (including email) created brand awareness and produced double digit sales increases. His suggestions were straight forward: go where you customers are, be willing to push outside your comfort zone and use social media to target and impact clients to generate ROI.

Today’s post is from Joanna Belbey ( @belbey ), Social Media and Compliance Specialist for Actiance.

To Err is Human, to Delete is Futile


By Jeff Zacuto,   August 19, 2013

deletebuttonWe’ve all felt it: That cold, tingly sensation that runs up your spine when you realize you’ve done something you know you probably shouldn’t have done.

Getting called to the principal’s office. Flashing lights in the rear view mirror. Texting at 2AM.

Nobody needs to know those things happened because you can keep them to yourself. But that’s not the case for the stuff you do online.

You can’t un-do a Reply All. You can’t take back a comment. You can’t hide the things you’ve liked. You can’t delete a tweet.

Take for example Silicon Valley entrepreneur and Celery founder Peter Shih. His now self-described “satirical” post on Medium went viral late last week. Even after he successfully deleted the post, and although he’s apologized (profusely) for his knock at San Francisco’s socio-economic issues, the damage had already done and eventually made the leap into real life.

So what now? Will posting first and thinking later damage Shih’s reputation? Will it damage Celery’s brand? In a world where social flows inside and outside of a business, being able to stop the bleeding as soon as it starts is critical in order to heal the wound. And nobody can say just how bad things could get.

But one thing’s for sure, this should serve as a lesson to anyone who lives life online: The Internet is everywhere, and it lives forever.

Jeff Zacuto is a product marketing manager at Actiance. 

Social Identity in Business: Use of Personal versus Professional in Social Media


By Joanna Belbey,   July 27, 2013

Sarah Carter

Sarah Carter

Today’s post is by Sarah Carter, General Manager of Social Business, Actiance. You may connect with Sarah on Twitter @sarahactiance or via LinkedIn.

Businesses are moving towards enabling their distributed teams to use social media for business purposes. It’s no wonder that one of the more common questions that gets asked of my team is how to separate the personal from the professional.  To a certain extent a lot of the answers here are generational and I firmly believe that in a few years time we’ll wonder what all the fuss was about.  But right now, there are clear concerns within business about what identity individuals should be using when on social.

Questions are raised on privacy, on the capture of content that is personal in nature, when the regulators and ediscovery experts are clear that they don’t want that – the nature of the content is what they’re concerned about.  So lets take a look at some clear steps that simplify this.

Clear guidance should be provided to the business and social users about the benefits and drawbacks of separating personal and professional identities. At the most basic level, firms should ensure that they do not work counter to the end user terms of use of the individual social networks to which they are providing access. Here at Actiance, we regularly monitor changes in the end user and third party developer’s agreements for the approved use of social networks. Each social network may need to be dealt with differently and terms and conditions may evolve over time.

LinkedIn

The account belongs to the end user, and the firm or organization that they work for is simply an element of their LinkedIn profile. If an end user has a current LinkedIn account, he or she should use that ‐ while adhering to the guidelines of the firm.  Creating a new LinkedIn profile for each position or organization you work for is NOT the way to go.

Facebook

Facebook recently relaxed its rules which previously stated that a “personal profile” could not be used for business. They have now inserted the word “primarily” into clause 4.4 of the end user terms of use. (You will not use your personal timeline primarily for your own commercial gain, and will use a Facebook Page for such purposes.)

Facebook does not provide any further guidance on the definition of “primarily.” While I believe engagement is far more effective on the personal profile, most firms are concerned about the capture and retention of personal content, and therefore, most firms utilize Facebook pages for their employee engagement. Because of this privacy concern that is shared by virtually every firm, we recommend that the individual sets up a Facebook page for business purposes.

Twitter

Create as many Twitter accounts as you want. Just remember which account you’re posting from!  Most engagement is received when the content shared is a mix of personal and business related content. That said, most firms advocate a clean account, branded as the firm is branded and that includes relevant disclaimers where the firm is clearly represented.

This is today…

In summary, these are the current trends and best practices at the present time. However, in social media, change is constant. Best practices change quickly (Facebook’s terms of use for instance), although LinkedIn’s policy in support of the end user is highly unlikely to change. The distinction between personal/professional will continue to evolve as we all become more socially mature, and will also be impacted also by the demographics of the individual users.  Clearly this is our best practice advice and advice gleaned from our work with clients, industry regulators and experience – what’s your view?  Personal, Professional or Is there no difference?

A Social Project Starts with the Business – Sample Stakeholder Questions


By Joanna Belbey,   July 25, 2013

consultantsToday’s post is by Sarah Carter, General Manager of Social Business, Actiance. You may connect with Sarah on Twitter @sarahactiance or via LinkedIn.

As the General Manger of Social Business, my team and I work with many firms across the United States, Canada and Europe while they are making the decision to use social media for their business. Naturally, each firm is different, but they all share the common need to determine how they plan to use social media effectively within their organizations. Here at Actiance, we’ve learned that fully defining those needs and requirements helps support a successful launch of a social business.

Actiance begins each social media engagement and compliance project with a series of stakeholder interviews. These interviews draw out the business objectives for the project, in order that social is not viewed as a separate or an adjunct to the business. These questions are tailored specifically for the business – whether that business is wealth management, business or retail banking, a mortgage or an insurance business. We believe that by including all the relevant stakeholders for the business – from the financial adviser, insurance agent, mortgage broker, social media team, compliance representatives and technology liaisons the business and project will benefit right from the start.

  • Who are your primary competitors? (names of companies)
  • Is there anything that your primary competitors do significantly differently than you?
  • Are they on social?
  • What are your Business Priorities for the next 6 ‐12 months? (Maintain clients? Grow existing clients? Attract new clients?)
  • What is your sales and marketing plan? Who is executing that?
  • What marketing materials are used? (Brochures? Promotions? What about outreach or inbound?)
  • What are the major challenges with the business? (Churn? Attracting new clients?)
  • Are any of your users currently “social”?
  • How “social” are your users now? For example, for users currently using LinkedIn, how would you rank their social media presence on a scale of 1‐4 (where 4 = socially mature)? What about other networks such as Twitter, or a websites, a blogs?)
  • What initial thoughts do you have on which networks might be used for a pilot, and why?
  • What time commitment are the end users likely to give to social per week? (30 minutes? 60 minutes 90 minutes?)
  • How many clients are your users currently connected to?
  • What type of content do you currently share with clients?
  • What medium is used?
  • How often is content shared?
  • Can existing content be leveraged?
  • Does your firm share non business content, such as your philanthropic works? Local events and news?
  • Who creates the content?
  • What does a successful social launch look like?
  • What are your goals? Metrics? ROI?

Of course interpretation of the answers, and building that into a full business plan is what takes experience, but by uncovering the needs of each group, defining metrics for success, and developing a plan that meets the unique needs of your organization, we’ve found that firms are more successful when they launch social business. Is it time consuming? Absolutely. But is it worth it? You bet!

Belbey Blogs: FINRA Spot Checks Call for Social Planning


By Joanna Belbey,   June 24, 2013

pic_JoannaJoanna Belbey is a social media and compliance specialist with Actiance. You can follow her on Twitter @Belbey

The FINRA notification last week — that the regulator will spot-check social media communications of its members — shouldn’t come as a terrible surprise to the industry.

FINRA and other regulators within the U.S. and worldwide, have consistently conveyed that social media is just another form of written communications and ought to be treated as such. For the last three years the regulator has also provided increasingly specific guidance to help firms interpret existing rules and regulations both in Regulatory Notices (10-06, 11-39, 12-29) and at multiple conferences.

The announcement that social media would be included in examinations is further validation of the growing use of social within the financial sector to communicate with clients. It also underscores the need for firms to thoughtfully develop clear policies on the use and methodology to supervise and manage usage, content and engagement.

Firms need to demonstrate they have identified and mitigated risks that include data leakage, incoming threats, legal and compliance and user behavior, before they tap the opportunity of social media. Firms will require detailed usage policies, effective user training and technology to enforce both.

The good news for firms is that FINRA’s June Targeted Examination Letter outlines the information firms should be prepared to show an examiner. Information includes the rationale of why the firm is using social media, details about the sites the firm is using, how the sites are being used, supervisory, monitoring and training procedures, and a list of the top 20 producing registered representatives using social media to interact with retail customers, including which networks they are using, their full names, CRD number, and dollar amount of sales and commissions.

The first step in creating effective policies is to leverage the following industry best practices:

  • Spark a conversation, don’t pitch a product. Just as pitching products or making investment recommendations is problematic for the regulators due to suitability requirements for a registered person, it’s also the fastest way to turn off your followers on social media. A better approach is to create compelling content that attracts your audience’s interest, is useful and promotes engagement.
  • Educate and train advisors. The regulators agree that training on appropriate use of social media is essential. This requires training that includes compliance and regulatory requirements, but training shouldn’t stop there. Education should also show users how to share their own insights, in their own voice.
  • Be authentic. Authenticity is a key to social media success. Your financial advisors are taught how to speak effectively, how to sell over the telephone and work with email. Similarly, they need to learn how to use social effectively.

By creating a solid social media policy, putting technology controls in place and carefully training employees to be social, you will not only develop a winning social media program, you will be ready for FINRA’s spot checks.

Today’s blog post previously appeared in Financial Planning and Bank Investment Consultant on June 24, 2013.

Belbey Blogs: FINRA Annual Conference 2013 – Part III of III (Ask FINRA Senior Staff, Social Media Considerations, and Communications with the Public)


By Joanna Belbey,   June 7, 2013

Today’s blog is authored by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn.

To continue with my prior blogs Belbey Blogs: FINRA Annual Conference 2013 – Part I of III (Suitability, Elisse Walter, Fraud) and Belbey Blogs: FINRA Annual Conference 2013 – Part II of III (Cyber Security, Using Social Media Tools), this is the third in a three part series that highlights the sessions that I attended:

FINRA Annual Conference (Part III of III)

Ask FINRA Senior Staff session

This is a popular session where the live and virtual audiences pose questions to a stage full of regulators.  Topics are varied, but there was some discussion regarding social media.

Tom Selman, EVP FINRA Regulatory Policy, explained that some states have recently enacted legislation that limits how a firm may monitor employees’ personal use of social media. In response, FINRA is working with the states to explain the importance of allowing supervision of social media used for business purposes by regulated persons. As a result, a number of states have added an exemption for financial services. However, at the end of the day, if certain states prohibit firms from supervising regulated persons using social media, than employees in those states should be prohibited from using social media.

Social Media Considerations session

At this point, it’s been three years since FINRA has provided guidance of the use of social media by regulated persons. This panel provided an overview of regulatory guidance (FINRA Regulatory Notice 10-06, 11-39, 11-29) and then focused on four reoccurring questions impacting social media: Recordkeeping, Supervision, Third Party Content, and Training.

One topic included additional guidance on regulatory requirements for third party content.  Joseph Price, SVP and Counsel FINRA Corporate Financing / Advertising Regulation stated that hyperlinks to a third party site require advance due diligence, as by drawing attention to third party content, you have “adopted” it and therefore record keeping and suitability requirements apply. (Editor’s Note: “Adoption” and “Engagement” is a SEC concept defining the relationship and associated responsibility when sharing content from a third party. Without going into legal details here, adoption is akin to using someone else’s content “as is” and “entanglement” refers to when you participated in the creation of the content.) Price continued, if your firm links to a specific article, you are only responsible for that article, not the entire site. (Editor’s Note: That being said, caution is advised. Best to stick with reputable websites.)

Debbi Corej, Specialist Leader, Deloitte& Touche LLP, noted that adoption of social media was still low and stressed the importance of developing plans in advance. Corey suggested that compliance departments draw the line between personal and professional usage for their employees and registered persons, develop processes, training, and attestations, include social media in annual meetings and focus on red flags.

Another topic was the handling of videos. FINRA gave an example that if a public appearance is recorded and the reused for marketing, it become sales literature and preapproval and supervision apply.

The panel also discussed endorsements on LinkedIn. It was suggested that as a best practice it is best to hide skills endorsements entirely to avoid the impression of a testimonial (Editor’s Note: Testimonials are prohibited for Investment Advisors and the difficult to justify for Registered Representatives.  Broker Dealers typically outright prohibit or are very careful when allowing testimonials). As per Amy Sochard, Director FINRA Advertising Regulation, if you “groom” endorsements, you’ve “adopted” the ones you’ve left on the site. Alexander Gavis, Vice President and Associate General Counsel, Fidelity Investments added when it comes to social media “Use policy or technology, preferably both”.

Finally, Price reminded the audience that interpretation of the rules and regulations is based on the risk tolerance and culture of compliance at each firm, and concluded that “It’s ok for firms to have policies more conservative than the Guidance to protect their reputation”.

For those of you who are just getting started, here are some of the resources that were provided at this session:

FINRA Regulatory Notices:

FINRA Regulatory Notice 11-39, Guidance on Social Networking Communications (August 2011)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p124186.pdf

FINRA Regulatory Notice 10-06, Guidance on Blogs and Social Networking (January 2010)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf

SEC Resources

Securities Exchange Act Release No. 69279 (April 2, 2013) (Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: Netflix, Inc., and Reed Hastings)

http://www.sec.gov/litigation/investreport/34-69279.pdf

IM Guidance Update: Filing Requirements for Certain Electronic Communications (March 2013)

http://www.sec.gov/divisions/investment/guidance/im-guidance-update-filing-requirements-for-certain-electronic-communications.pdf

Communications with the Public session

This session addressed some of the specific questions around the communications rules that became effective in February. As it was covered at other sessions, social media was mostly excluded. See Belbey Blog: New FINRA Communications Rule 2210  for more information. In general, the audience learned that leading communications volitions were failure to disclose a firm name, not fair or unbalanced communications, information that was misleading or exaggerated, material information in the footnotes and various SEC Rule 482 violations. The panel stated that supervision of communications should be flexible and risk-based and that proper training, surveillance, and follow-thru to correct issues was important. Specifically for public appearances, training, documentation and an occasional in-person spot check was suggested.

And finally, per FINRA Rule 2210, interactive social media communications were exempted from filing. See Belbey Blogs: Recent Guidnace from the SEC on Filing of Social Media for more details on that topic.

That’s it! I hope you found these highlights helpful and that I see you at FINRA Advertising Regulation Conference on October 10–11, 2013 in Washington DC.

Belbey Blogs: FINRA Annual Conference 2013 – Part II of III (Cyber Security, Using Social Media Tools)


By Joanna Belbey,   June 5, 2013

pic_JoannaToday’s blog is authored by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn.

To continue with my prior blog, Belbey Blogs: FINRA Annual Conference 2013 – Part I of III (Suitability, Elisse Walter, Fraud) here are the highlights of the sessions that I attended at the FINRA Annual Conference:

FINRA Annual Conference 2013 – Part II of III

Cyber Security session

The threats from cybercrime are increasing and constantly evolving. They are particularly dangerous for small broker dealers, as 60% of small firms go out of business after a cybercrime. There is no comprehensive federal law that exists to govern policy and a patchwork of state laws. However, 47 states have breach notification laws pertaining to unauthorized access to Personally Identified Information (PII). PII typically includes first name, last name, social security, account and driver’s license numbers.  Basic privacy protection principles include: providing notice of policies, allowing customers a choice to consent to their data being captured, access to participation, integrity and security of the data and enforcement and redress of a breach. Laurie Dzien, Chief Privacy Officer and Associate General Counsel from the FINRA Office of General Counsel, advises firms to 1) know and classify their data, 2) analyze appropriateness of access to PII, 3) collect only the data that is required and 4) destroy what you no longer need, 5) create a team to quickly handle data breaches before they happen, 6) conduct careful due diligence of third party vendors, and 7) create an information security incident response plan (team, communications, procedures, train and access effectiveness of response).

Denise Watson, Manager, Operational Risk & Privacy from Raymond James reiterated that firms need processes and controls in place for data protection and privacy. She offered some practical warnings as well. Your firm may need to wipe some printers’ hard drives before disposal and to unplug fax machines at night to avoid data leakage.

And finally, Gilbert “Gib” Sorebo of SAIC suggested that “firms should stay on top of evolving threats, engage cyber experts and secure your systems”.  Or simply put, Sorebo says “Don’t be the easiest to pick.”

Using Social Media Tools (Small Firm Focus) session

Back 20 years ago, firms were very careful and adopted email slowly. The same holds true for social media today. This seems particularly true for small firms if this session is any indication. From a show of hands in the room, very few of the attendees of this session were participating in social media. In fact when polled, (Editor’s Note: Yes, they used polling at the FINRA Annual Conference!), 33% of the audience chose “I wish the Facebook guy was never born”.  Mitchell Atkins, SVP and Regional Director for FINRA South Region confirmed low adoption for small firms saying, “Very few FAs are actually using social media, even though they have been approved by their firms. However a few have gone off the reservation.”

The overall theme of the session was that if you use social media for business at all, all the rules and regulations around record keeping, advertising and supervision apply. Per Atkins, firms also need processes in place to handle customer complaints and a possible social media crisis. It was also suggested that interns could use social media to search for FAs outside activities. Education, predefined processes and thoughtful compliance are essential. Or as Hardeep Walia, Chief Executive Officer, Motif Investing said  “When using social media and thinking ‘compliance’, it pays to be paranoid.”

My personal favorite moment of this session was when Patricia Bartholomew, Managing Partner, General Counsel and Chief Compliance Officer of Craig-Hallum Capital Group gave me a big shout out to follow my tweets for a summary of the session (@Belbey).

For more on the FINRA Annual Conference, check back here Friday for Belbey Blogs: FINRA Annual Conference 2013 – Part III of III (Ask FINRA Senior Staff, Social Media Considerations, and Communications with the Public).

PS. For those of you who are just getting started, here are resources that were provided at this session:

FINRA Regulatory Notices:

FINRA Regulatory Notice 11-39, Guidance on Social Networking Communications (August 2011)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p124186.pdf

FINRA Regulatory Notice 10-06, Guidance on Blogs and Social Networking (January 2010)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf

SEC Resources

Securities Exchange Act Release No. 69279 (April 2, 2013) (Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: Netflix, Inc., and Reed Hastings)

http://www.sec.gov/litigation/investreport/34-69279.pdf

IM Guidance Update: Filing Requirements for Certain Electronic Communications (March 2013)

http://www.sec.gov/divisions/investment/guidance/im-guidance-update-filing-requirements-for-certain-electronic-communications.pdf