Posts Tagged compliance
At a meeting last week with a prospective client, while we were diving into freshly baked cookies (yes, that’s right, warm cookies, I love meetings in the Midwest), a compliance professional turned to me and asked me a question about “PAC files”. Really?
At that moment, I realized that it’s time to change the conversation.
For more than 2 years, we have been discussing how to use social media while complying with the financial services rules and regulations. After all, Financial Industry Regulatory Authority (FINRA) issued its first Regulatory Notice 10-06 in January of 2010, followed by the Financial Services Authority (FSA), Financial Promotions Using Social Media, and then came Cir/ISD/1/2011 from the Securities and Exchange Board of India (SEBI), then more guidance from FINRA with Regulatory Notice 11-39 followed by Investment Industry Regulatory Organization of Canada (IIROC) issuing 11-0349, and the Securities Exchange Commission (SEC) alerts early this year, that included Investor Adviser Use of Social Media. In addition, the National Association of Insurance Commissioners is drafting The Use of Social Media in Insurance. We have even seen the Massachusetts Securities Division issue a letter to Registered Investment Advisers on the use of social media.
Fundamentally, we are reminded by all these regulators that social media is just another form of written communications, and needs to be treated as such. Existing rules around recordkeeping, suitability, advertising, and supervision are media-neutral and all apply. Content, not the device is determinative. And the regulators are only interested in business communications. With the release of each new set of guidance, there are lively conversations about how to interpret and apply some of the rules to specific features across the social networking sites, however, at this point, the message is clear, spirit of the guidance is to protect the investor.
As none of the native social networking sites have ability to support these compliance requirements, project managers, IT and Security have been having their own discussions. Third party vendors have been identified, requirements outlined, demo after demo watched, pilots launched, RFPs written and evaluated, matrixes comparing vendors developed and analyzed, budgets submitted, resources assigned and contacts negotiated. In some cases, upward of 30 people from within the enterprise have been involved in all these conversations. No wonder the compliance professional had heard about “PAC files”.
In the meantime, the lines of business, marketing departments, investor relations, human resources, research, customer service, and savvy financial advisors are chomping at the bit to start using social media to nurture existing relationships, attract new clients, build brand awareness, share information, do recruiting and conduct research. Maybe they have heard the statistics: more than 47% of Boomers use social media in some form (Forrester Research, June 2011) and the heaviest users of social media, Gen Y (ages 18-30) hold more than $2.4 trillion in personal income and by 2025 will control more than 46% of the personal wealth in the United State (Javelin Research). They want to speak to the language of their clients and prospects. Or maybe, they have heard the stories about how financial advisors are beginning to generate business. Like the advisor at a large broker-dealer who captured a new $2 million dollar account after noticing that a LinkedIn connection had retired. Or the advisor who attracted a $1 million prospect after only 96 tweets and with only 51 followers.
So now that you ensured that your firm will be in compliance with the rules and regulations and you have decided which technology solution to use, let’s change the conversation. Let’s talk about training, integrated marketing, content strategy and measurement. And how you will begin to support your Financial Advisers’ use of social media to build their business.
Up until very recently, social media eDiscovery was often overlooked (or just plain ignored) by law firms and organizations alike. That’s changing though. With an increase in case law emerging on social media issues, it was inevitable that the legal community would start to incorporate social media communications into their discovery strategies.
The recent sanction of an attorney in Virginia underscored the importance courts now place on proper discovery of social media content. At the end of the day, social media is just another form of electronic communication, much along the lines of email and instant messaging. It’s the content that matters, not the communication channel. In fact, whether it’s for corporate governance, regulatory, or eDiscovery purposes, the identification and collection of social media content is absolutely critical.
I’m excited to present at LegalTech New York this year. Social is on everyone’s minds. Case law is growing on the topic. And technology is keeping pace. In addition to speaking in New York, I’ll also be hosting a regular webinar on social media eDiscovery. We’ll be hosting our first Social Media eDiscovery webinar on February 8th at 11am PT, so we encourage you to sign up and find out what your organization should be doing with respect to social and what tools are available to facilitate the discovery process.
Social’s not going anywhere, so it’s best to be prepared if the courts get involved….
At the SIFMA Compliance and Legal Monthly Luncheon held at the Harvard Club in New York on January 17, Richard Ketchum, Chairman and Chief Executive Officer of FINRA outlined exam priorities for 2012.
Mr. Ketchum acknowledged that these difficult markets, the search for yield, and the changing regulatory landscape due to the implementation of Dodd Frank can place “tremendous pressures” on firms, clients, and Compliance departments. But, at the end of the day, the mission of FINRA is to protect investors. He stated that he hoped that his remarks before the group of mostly attorneys and other compliance professionals would “ get your blood running, if not running cold,” as he encouraged everyone to “step up” to meet compliance challenges and respond in an honest way to the lessons we’ve learned over the last few years.
In the next few weeks, FINRA will release its Annual Exam Priority Letter. The following are a few advance highlights:
Complex Products – Heightened supervision is required with enhanced compliance procedures to ensure that reps, supervisors, and retail investors understand complex products. See Regulatory Notice 12-03 for details.
Supervision – Firms must demonstrate responsibility for all business lines they engage in, in spite of increased difficulty, complexity, and customer frustrations with return on investments. Firms must demonstrate proper supervision.
Suitability – Changes to FINRA “Know your customer” Suitability are rules going into effect July 9th. Examiners will review the steps firms are taking to prepare for changes and implementation once rules are in effect. See Regulatory Notice 11-25 for details.
Data Security – In light of sophisticated attacks against firms, FINRA is looking for equally significant defenses, including attention to emerging markets.
Social Media – FINRA has issued two notices, Regulatory Notice 10-06 Guidance on Blogs and Social Networking Web Sites and Regulatory Notice 11-39 Guidance on Social Networking Websites and Business Communications. Examiners will focus on the supervision and recordkeeping of all business communications, regardless of device; the pre-approval of static content; supervision of interactive content on a risk basis; and the adoption and entanglement of third-party content resulting in a firm being responsible for that content. Furthermore, FINRA examiners will check whether a registered principal of the firm has reviewed social media sites before they are launched; if there are links to third-party sites with false or misleading content; that firms have established policies to ensure the accuracy of third-party data feeds; and when firms allow the use of personal devices, they must demonstrate the ability to supervise and keep records of those business communications.
Mr. Ketchum noted that FINRA welcomes continued feedback from the industry on any and all issues and is looking forward to a three-way conversation - specifically about social media and FINRA, the industry, and the SEC — that sets so much of the record-keeping requirements in the industry.
So, watch for FINRA’s Annual Exam Priority Letter soon and continue to take a careful look at how your firm is complying with FINRA rules, including following FINRA’s guidance on social media. And consider writing a letter to Mr. Ketchum and FINRA to share your key learnings as you begin to deploy social media within your enterprise.
Most of the Actiance team is off at Lotusphere this week – and while I expect a few of them will be sneaking away from the show floor early to visit the “Magic Kingdom,” I’ve been left to captain the ‘blogging ship’ as it were. So, as a nod to the Actiance team at Lotusphere and to longtime Actiance partner, IBM, I wanted to write about some great news for IBM Connections users and Actiance customers.
At the event, Actiance is showcasing the result of a partnership with IBM – Vantage for IBM Connections.
When most people think about what the term “social business” means, they typically don’t think regulatory compliance and eDiscovery. But, businesses moving into social face increased regulatory compliance requirements. Add in the requirement that social content needs to be discoverable and suddenly the internal IT team is in over its head trying to make social business work.
That’s why Actiance has partnered with IBM to make it easier for IBM customers to adopt social collaboration tools. IBM customers can now access Vantage Compliance support for IBM Connections and IBM Sametime through the IBM Passport Advantage (PPA).
Vantage for IBM Connections provides a centralized governance, management, and security policy framework to ensure compliant, discoverable social content (it also allows granular policies to be defined between end users, groups of employees, and even non-employees).
I know the team is excited to showcase our new Vantage for IBM Connections compliance module (available exclusively through IBM) at Lotusphere this year. We’ve already seen a tremendous amount of interest in the module from customers looking to better enforce corporate use policies and enable collaboration.
If you’re attending Lotusphere this year, please stop by Actiance booth #521 – we’d love to hear about what your organization is doing to enable social business. If you have questions about Vantage for IBM Connections – let us know in the comments section below – we always enjoy talking social business!
In recent weeks, there has been some confusion about FINRA’s stance on social media. Between one source and another, it seems as if there’s a general feeling that FINRA is “backing off” from social media. We don’t agree. We’re going to attempt to clarify FINRA’s position, but first, some context.
Since the consolidation of NASD and the regulatory function of NYSE in 2007, the newly established entity, FINRA, has worked towards creating a new, consolidated FINRA Rulebook. The goal is to harmonize and streamline existing rules (from NYSE and NASD), adapt to the changes in the securities industry, and create a set of rules that are flexible enough to be used across different types of firms regulated by FINRA.
As FINRA has clearly stated that social media is just another form of electronic communications and should be treated as such, firms are closely watching FINRA’s progress on the consolidation of rules that impact social media, such as supervision, bookkeeping, and communications.
In July 2011, FINRA filed proposed changes to Communications with the Public rules with the Securities Exchange Commission. Since then, there have been two rounds of comments from the industry with FINRA submitting the final proposal for changes on December 22, 2011, to the SEC. The SEC is accepting comments from the industry until January 18, 2012, and will comment on the proposed rule sometime after that.
The issue that has everyone talking within social media circles begins on page 10 of the December 22nd letter. The current NASD Rule 2210 specifies six types of communications, with different regulatory requirements for each. One category, “Public Appearance,” used for “participation in a seminar, forum (including an electronic forum), radio or television interview” was where FINRA originally classified interactive posts on social media. That meant that firms were responsible for supervising such activities to ensure compliance with content standards and maintain appropriate records but were not required to file these posts with the FINRA Advertising Department. (A sidenote for those of you unfamiliar with the regulatory process: depending on how they are categorized, certain advertising and sales literature materials need to be both pre-approved by a registered principal of a firm and then sent to FINRA for review and approval.)
Under the new rule, however, FINRA Rule 2210 would be streamlined to have only three categories of communications and “Public appearance” would no longer be a separate category under communications. Instead, FINRA has proposed categorizing social media as “Retail Communications,” which has a different set of regulatory requirements. When the industry expressed concern that this would make using social media overly complicated for firms, FINRA specifically excluded posts on online interactive electronic forums from filing requirements.
However, it’s important to note that although social media may not be subject to filing requirements with the proposed rule, firms still need to ensure compliance with content standards and bookkeeping requirements like any other written communications. That means that social media communications need to be captured, supervised, archived, and made available upon request. Filing is not archiving after all, and a number of folks appear to have been confusing the two terms.
Backing off social media? We don’t think so, especially when the SEC issues two alerts and charges a firm with the fraudulent use on LinkedIn in one day. In fact, we think that the regulators will pay close attention to the use of social media in the coming year to demonstrate their commitment to protecting investors.
Are you ready? We’re certainly standing by. In fact, we’re planning on putting on a webinar once FINRA 2210 is finalized, so watch this space for details. And feel free to contact us if you’d like to chat about your specific social media concerns in the meantime.
Such is the proposition of Movenbank, a startup which launched at Sibos with a tagline of “No Paper, No Plastic, No Hidden Fees.” It aims to be the first cardless and branchless bank in the world. Everything will be centered on mobile and social media. The tagline is catchy enough, but what’s really raising eyebrows is Movenbank’s requirement for individuals to register and log in with their Facebook accounts. Now, I happened to speak at Sibos this year (Innotribe session on compliance), and the general consensus among my peers was that the problem with social media really wasn’t compliance, but rather, the enablement of it.
Here, with Movenbank, you get a perfect example of how the enablement of social media opens up new opportunities that perhaps might not have been possible five years ago. Privacy and security issues aside, if Movenbank succeeds with its grand plan, we’ll have witnessed a game-changing blend of old-school (banks) and new school (mobile and social). The fact that it involves real money makes it that much more compelling.
It’s possible with today’s technology to enable social media safely. Since we’re on the topic of banking, already we’ve begun to see firms deploy technology to enable their advisors and representatives to use social for marketing to customers and prospects. As the financial services industry is one of the most regulated when it comes to social media, technology plays a crucial role in assisting firms to remain compliant with current supervision and recordkeeping rules.
Back to Movenbank. Privacy advocates are quick to pounce on the seeming contradiction in using Facebook to log into a bank account that could potentially have someone’s entire life savings. But, as we’ve seen with Raymond James, with the right tools in place, what may have seemed impossible five years ago is now doable.
So, let’s not be too hasty in writing off Movenbank. With the right controls and technology in place, they may yet see their dream come to fruition.
Just to show that regulatory compliance in the financial services sector isn’t just limited to the West, an interesting story came out of Hong Kong this week. Poor ol’ Lo Kam Chung was fined and ordered to complete community service for giving unlicensed securities advice. Chung had set up a private discussion group in Facebook and charged subscribers $200-$300 a month to read about his securities advice. Problem is that he was never licensed with the Securities and Futures Commission (SFC) to do so. If there’s a bright side to this story, it’s that none of the subscribers followed his advice and didn’t lose any money.
This anecdote raises several issues. First, the ease with which Chung was able to set up a platform on which to dispense advice was unequivocal. That’s what happens with social media. Joining social networks is generally free, easy to sign up, and addictive. The successful social networks are those that are intuitive, easy to use, and feature-rich. Facebook is the poster child of such a network, and Chung used it to his advantage.
Secondly, the fact that the SFC stepped in and levied a relatively harsh penalty ($20,000 fine and 80 hours of community service to be completed within a year) speaks volumes about how seriously the SFC considered the Chung matter. Social is a global phenomenon, and I’m sure that the SFC was keen to set an example, much like what FINRA did in the Jenny Ta case this past January. A regulatory body without any enforcement powers is essentially a paper tiger.
Thirdly, the SFC made it very clear that the doling out of securities advice must be licensed, IRRESPECTIVE OF THE MEDIUM. That’s a not-so-subtle callout that social media communications will be policed just like any other form of communication. So, no matter if it’s the US, Canada, the UK, or Hong Kong, the regulatory bodies all share the same view that the content itself is determinative, not the communication channel.
So, don’t be a charlatan, doing your best “armchair Warren Buffett” impression, especially for money. Leave that to the “experts” and let them take the heat when things go south. Do the names Nick Leeson and Jerome Kerviel ring a bell?
As a potential harbinger of things to come, the state of Massachusetts’ upcoming new guidelines and best practices on social media usage (they take effect in 2012) by investment advisors could usher in a fresh wave of social media-specific guidelines from state regulators. This comes on the heels of FINRA’s announcement that, effective July 28, 2011, FINRA will oversee those firms with more than $100 million in assets under management (old figure was $25 million) with firms below that threshold overseen by the individual state regulators. Translation: state regulators will now have more oversight of smaller advisory firms.
Given that the financial services industry has been at the forefront of regulating social media activities relative to other industries (e.g., FINRA 10-06 and 11-39), it’s no surprise to see similar guidelines being planned at the state level. Already, the states of Oregon, North Carolina, and Florida have issued social media-specific guidelines for the state and local government agencies that fall within their purview, but Massachusetts is the first to issue guidelines targeted at financial advisory firms within its borders.
Massachusetts’ initiative is noteworthy for several reasons. First, it acknowledges that social media is booming and is actively being used in firms. According to this article, 44% of investment advisors in Massachusetts use social media to communicate with clients, yet only 30% of firms have recordkeeping policies in place for social media content. Secondly, because the threshold between state and FINRA regulators’ oversight areas was raised, many states will likely adopt their own social media guidelines for advisory firms and will look to Massachusetts’ language for guidance.
Whether it’s FINRA’s or an individual state regulator’s domain, the requirements will be similar. Having written policies on supervision and recordkeeping will be consistent between the two. Regulators, whether federal or state, are keen to ensure that firms have the requisite policies and procedures in place to properly monitor and document their advisors’ social media activities. Additionally, regulators will also look to see that the technology solutions firms have deployed are themselves up to snuff.
There are plenty of technology vendors purporting to do social media archiving, but that list gets whittled down dramatically when you also consider real-time monitoring, pre-review capabilities, and coverage for all forms of electronic communications, not just social media. Social media may receive all the glamour and headlines, but firms need to pay attention to other forms of electronic communications that are popular among advisors, namely, instant messaging and peer-to-peer applications like Skype.
So, at the end of the day, state regulators will have to draft their guidelines with not just social media in mind, but also, the array of other Web 2.0 communication channels in wide use today. If Massachusetts doesn’t carefully articulate its guidelines, it could create more problems and confusion than doing nothing at all – a veritable 2012 version of the Boston Tea Party looms.
What say you?
This fall, I attended the FINRA AdReg Conference in Washington, DC, and I’m feeling inspired enough to share some of my observations, following the news that IIROC has now issued its latest guidelines on social media. Not surprisingly, at the FINRA event, social media took center stage as questions were flying around the watchdog’s latest guidelines on social: Regulatory Notice 11-39. FINRA shed some light on what’s considered “static” (very first update or tweet), what’s considered “interactive” (subsequent updates or tweets), what firms need to be wary of when linking to third-party sites (adoption and entanglement), and what to do about personal devices (record all business-related communications). Although it’s great FINRA clarified those items, of course, there remain some gray areas.
The industry as a whole is still treading cautiously in the social media waters. The majority of folks that stopped by our booth still didn’t allow their reps to use social media for business purposes. Others allowed only limited access to the Big 3 (Facebook, LinkedIn, and Twitter). In fact, not one single firm permitted completely unfettered access. It’s obvious to me that the industry still needs some educating on the potential of social media and the potential of technology to effect change, thus creating a foundation on which to build additional revenues for the firm.
Compared to last year’s event, the industry is taking baby steps toward realizing the full potential of social and its power as a marketing tool. My gut feeling is that everyone at the event sensed the inevitable. They just wondered what the best way to go about it was. Similarly, they all agreed that social is an effective medium to reach lots of eyeballs, but because the event was heavily dominated by compliance and legal folks, conservatism ruled the day.
That sentiment was unequivocally reflected in the comments by Mitch Bompey of Morgan Stanley Smith Barney (MSSB). MSSB takes the approach of pre-reviewing ALL tweets, not just the initial one sent by the rep after s/he sets up her/his profile. FINRA’s position is that not every single tweet is considered “static,” just the very first one when the rep sets up her/his profile. FINRA leaves it up to the individual firm and its risk-based principles to decide how they want to treat subsequent tweets and updates.
I also heard several conversations regarding negative commentary. Best practice suggests that it’s up to the firms themselves how they want to handle it, so long as they retain records of the negative commentary and potential customer complaints. To many FINRA folks, leaving only positive comments up is a form of “recommendation,” i.e., by choosing to leave only positive comments up on a firm’s site is an implicit recommendation.
Finally, the explosion in smartphone usage was cited several times. Per 11-39, business communications done through smartphones, tablets, and other similar devices need to be retained, even if they are personal devices. The blending of personal and professional communications is no more evident than in the use of these devices, and this remains one of those gray areas I alluded to earlier.
As usual, much was learned at the show as well as other events I’ve been at this fall, and I’m looking forward to see how firms, reps, and technology vendors react to this latest set of guidelines.
Happily sitting at my desk, back in New York, after speaking and exhibiting at a number of events this Fall for Actiance on the East Coast. I guess I’m just a road warrior-in-training. Thought I’d share my observations….
One event of note was the 2-day FINRA Advertising Regulation Conference. For 6 years, I managed creation and delivery of FINRA educational programs, so I appreciated the “behind the scenes” effort to produce an event with such high-quality content, service, and yes, fantastic food. I spent my time catching up with former colleagues, staffing the Actiance booth, talking with compliance professionals, chatting with other exhibitors, and attending a few sessions. And eating!
Social Media was a strong theme. In fact, the second day of the conference started with a General Session: Compliance Considerations for Social Media. My colleague Norv Leong summarized the session nicely, see “Looking back at the FINRA Advertising Regulation Conference” for details.
During this session, I was struck, again and again, by how that FINRA was providing general guidance and leaving it up to the individual firms to take a risk based approach to managing social media. At one point, Joseph E. Price, Senior Vice President, Advertising Regulation/Corporate Financing of FINRA, shared that a vendor called him and said “tell Mitchell Bompey of Morgan Stanley Smith Barney that he is taking a too conservative approach by pre-approving all content in advance”. Price smiled and replied: “Mitchell is doing everything he needs to, based on the risk tolerance of his firm.”
There was a lively conversation about how to apply the SEC concept of “prominence and proximity” to tweets. In other words, can product disclosures be
one click away? So far, as there are no new rules and regulations governing social media, firms are looking at earlier guidance regarding banner ads for clues on how to proceed.
Q: Our firm would like to advertise on the Internet using a so-called “banner advertisement” to link to our homepage. Can we simply include our name in the banner advertisement without further disclosure?
A: Yes. Typically, a banner advertisement consists of a single word or phrase, often graphically depicted as a button, which directly links the Internet user to a specific homepage. An Internet banner advertisement functions much like an envelope in a paper communication. In the case of a banner advertisement that does no more than disclose a member firm name and enable the user to link to the member firm’s homepage, there is no need to include additional disclosure in the communication. However, if the advertisement offers specific products or services, additional disclosure may be required to comply with applicable standards.
Firms are interpreting this to mean, “The tweet is the envelope.” And the riskier the product, the closer the disclosure.
We also heard that it is essential to gain the trust of the organization by building comprehensive social media policies, training staff, closely supervising activities, gaining experience through pilots, and then adapting the policies and retraining based on experience. But, once programs were up and running, and polices are in place, we heard that trust is essential. With appropriate supervision of course.
And finally, a few firms, new to social media, expressed concern about the possibilities of negative comments posted on a corporate blog. Shayna Beck, Associate Counsel at The Vanguard replied that they keep both positive and negative comments up and that “taking off bad comments is not how you play in this space.”
And at the end of the session Beck ultimately concluded “We do the best we can.”
So that brings me to the end of my random thoughts this week – and I’ll leave you with this. What’s your attitude to risk? What are you pre approving? What’s ok for post-review?
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- June 2010
- May 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- July 2009
- June 2009
- April 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- Application Filtering
- Electronically Stored Information (ESI)
- Employee Behavior
- Enterprise 2.0
- Enterprise IM
- Financial Services
- Guest Post
- New Internet
- personal v professional
- Product Announcements
- Public IM
- Retail banking
- RSA Conference
- Securities and Exchange Commission
- Social Networking
- Unified Communications
- Web 2.0
- Web Security