Posts Tagged Regulatory Notice
In 2009, as social media rose to prominence, the securities industry asked its largest independent regulator, FINRA (Financial Industry Regulatory Authority), for guidance on how to use social media while complying with the rules and regulations governing the industry.
In response, FINRA convened a Social Networking Task Force of FINRA staff and industry representatives and issued Regulatory Notice 10-06, Guidance on Blogs and Social Networking Sites in January 2010. The goal of the Notice was to “ensure that – as the use of social media sites increases over time – investors are protected from false or misleading claims and representations, and firms are able to effectively and appropriately supervise their associated persons’ participation in these sites.”
In addition, FINRA also provided a Guide to the Internet for Registered Representatives and a series of educational programs designed to help firms understand how to use social media within a culture of compliance.
In short, through the Regulatory Notice, Guide and various educational programs, FINRA conveyed that electronic communications shared over the Internet are governed by the same rules governing communications with the public that firms already follow: record keeping, suitability, supervision and content requirements. FINRA did make a distinction between static and interactive content: that static content is considered advertising and as such, required preapproval by a registered principal of the firm and that interactive content was akin to a public appearance and did not require pre-approval, but required supervision after the fact.
The industry had been hoping that FINRA’s would provide a specific road map to social media compliance, instead, FINRA provided guidance and encouraged firms to interpret the rules themselves: “each firm must develop policies and procedures that are best designed to ensure that the firm and its personnel comply with all applicable requirements. Every firm should consider the guidance provided by this Notice in the context of its own business and its compliance and supervisory programs.”
For 18 months, the industry debated how to specifically interpret the direction that FINRA provided and requested further clarification. In response, FINRA organized another Task Force and last week released Regulatory Notice 11-39 Social Media Websites and the Use of Personal Devices for Business Communications.
Regulatory Notice 11-39 reiterates the guidance previously provided around record keeping, supervision, suitability and content requirements. It also makes some further clarifications, including: a principal of the firm must review a social media site in the form that it will be “launched”, the content, not the device, determines record keeping requirements, the firm is subject to “adoption” and “entanglement” issues regarding third party posts, and that business communications through a personal device must be retained, retrievable and supervised. Like 10-06, Regulatory Notice 11-39 emphasizes that firms must create written social media policies and must provide training to its associated persons.
Again, although helpful, this further guidance will most certainly create even more debate about how to specifically interpret the rules to implement social media within the securities industry. Are there any other precedents to follow?
As we discussed in Beer and SEC Don’t Mix, there has been one social media-specific sanction to date. In January 2011, FINRA fined a broker $10,000 and suspended her for one year for sending series of “misrepresentative and unbalanced” messages on Twitter among other issues.
When you combine FINRA’s guidance, educational programs, and single sanction, firms now have more than enough direction to develop and implement compliant social media strategies. Work with your compliance department, check in with Human Resources and collaborate with IT and your service providers to work through the technology issues. And when in doubt on the best way to proceed, remember to follow the spirit of FINRA’s mission to: protect investors by maintaining fairness in the US Capital markets.
Well, it’s been four months since FINRA reconvened its task force to revisit Regulatory Notice 10-06. Anticipation’s been building within the financial services and technology communities as to what additional guidance FINRA will come out with, having had a year to assess 10-06 in action. Whatever new guidance FINRA does come out with, however, must be approved by the mothership (aka the SEC).
FINRA’s only been around since 2007, its creation having been approved by the SEC. So, in many respects, FINRA still maintains close ties to the mothership, just by the very nature of the industry they oversee. Many financial institutions are countries unto themselves with countless subsidiaries and offshoots left and right. Inevitably, the line blurs between investment advisories (IAs) and broker-dealers (BDs) since many of these institutions are dually registered, making it difficult to determine which rules to apply – the SEC’s, FINRA’s, or both.
Since the changes implemented by the SEC in the 1990s regarding instant messaging storage and retention, we’ve seen the importance of both engaging with the regulators to keep abreast of what’s happening in the regulatory world and keeping them up-to-speed on what technology is capable of doing. I just had a call this morning with some attorneys from the SEC’s Office of the Chief Counsel on the topic of social media. Not surprisingly, they keep close tabs on what FINRA’s doing with respect to this emerging area. There aren’t any social media-specific guidelines from the SEC, at least not yet. But, judging by the questions I was asked by the SEC attorneys, I got the feeling they are keen to see how IAs are using technology to remain compliant with rules such as 204-2 and 206(4)-1, pertaining to recordkeeping and advertising, respectively.
Their concerns were consistent with what we’ve heard in similar discussions with other regulatory bodies – the FSA in the UK, IIROC in Canada, and, of course, FINRA here in the US. It’s the gnawing feeling that guidance was necessary, given the rapid spread and adoption of social media, but that the guidance needed to be well thought out before being issued.
I’ve got no problem with things taking time. The financial services industry and its regulators have historically leaned toward the cautious, conservative tack. Certainly, that approach hasn’t changed, even if social media moves at a breakneck pace. It’s like the ol’ race between the tortoise and the hare. Slow and steady will win out over “irrational exuberance” 99% of the time. At least, that’s what your mother would have you believe.
March 22, 2011
Amy C. Sochard
Director, Programs & Investigations
9509 Key West Avenue
Rockville, MD 20850
Dear Ms. Sochard:
In light of the recent revisit of FINRA’s social media guidelines, Actiance, Inc., is submitting this letter for the task force’s consideration. We feel that the task force would benefit from having input from a range of sources, including from industry, technology, and others. As such, Actiance speaks from a position of experience and expertise with respect to compliance solutions for the financial services industry.
As the adoption of social media spreads further across the financial services landscape, both industry and technology vendors alike have had more time to digest the implications of social media and what more can be done. It has been over a year since the issuance of Regulatory Notice 10-06, so the level of understanding is unequivocally deeper now than at any time in the past.
Under this backdrop, Actiance would like to offer the following commentary with respect to Notice 10-06:
1. Recordkeeping Responsibilities
SEC and FINRA rules require that for record retention purposes, the content of the communication is determinative.
What 10-06 makes clear is that social media is just another form of “electronic communication.” In addition to social media, there are also public instant messaging networks (e.g., Google Talk, Yahoo!, Windows Live Messenger, AOL Instant Messenger), peer-to-peer networks (e.g. Skype), and enterprise communication platforms such as Microsoft Lync/OCS and IBM Lotus Sametime that fall under the “electronic communications” umbrella. Thus, being able to log and archive a multiplicity of electronic communications channels in one seamless platform facilitates the recordkeeping responsibilities greatly for organizations subject to FINRA guidelines.
A broker-dealer must retain those electronic communications that relate to its “business as such.”
Archiving in context adds a level of detail and comprehensiveness that assists regulators and auditors in determining whether in fact any violation occurred. It’s easy today to take conversations out of context, say, if you’ve only “joined” in the conversation in the middle or at the last minute. Being able to capture all conversations in context, from beginning to end, helps auditors understand the exact nature of a communication taking place between an advisor and a prospect/client.
It’s up to each firm to determine whether any particular technology, system or program provides the retention and retrieval functions necessary to comply with the books and records rules.
Although FINRA does not endorse any one particular technology vendor, it is important for broker-dealer firms to keep in mind that, given the vast number of options available in the marketplace today, choosing a technology partner that has the flexibility to integrate with as many content management and archiving systems as possible is critical. Given the prevalence of litigation in today’ society, this flexibility becomes even more vital since eDiscovery solutions are closely tied to archiving systems. Both law firms and businesses rely on eDiscovery to streamline their litigation processes and reduce cost.
2. Suitability Responsibilities
Firms might consider prohibiting communications that recommend a specific investment product unless the communication conforms to a pre-approved template and the specific recommendation has been approved by a registered principal.
Because so many broker-dealer firms have their representatives scattered all over the country, it simplifies the pre-approval process greatly to have mechanisms in place to expedite matters. This includes having a lexicon library that a firm can utilize for whatever technology solution they choose to deploy. In this way, already swamped compliance officers need only look at content that hits a word or phrase that is part of the lexicon library. Technology vendors are already aware of this trend and are beginning to provide pre-defined and pre-screened templates that are in compliance with FINRA regulations. In this way, registered representatives can get advertising materials out more quickly to prospects and clients.
Equally important is the ability of compliance systems to adapt to ever-changing social media feature sets. To date, LinkedIn profiles have generally been considered prime examples of static content. As functionality evolves, however, LinkedIn profiles may in the future include additional features like recommendations and blogs. The key here is that these new features need to be blocked until they have been incorporated into the pre-approval workflow.
3. Types of Interactive Electronic Forums
Social networking sites typically contain both static and interactive content.
Regarding static content, having the ability to assess content before it hits the Internet would make compliance officers sleep better at night. If registered principals are worried about the publication of static content without pre-approval, then the broker-dealer should consider adopting solutions or measures that enable them to hold content for pre-review.
Even for sites that have both static and interactive content, it does not hurt to be overly cautious with respect to pre-review, especially if lexicons can be utilized. Either way, whether it’s static or interactive content, archiving all content related to the business is required.
4. Supervision of Social Media Sites
Firms must adopt policies and procedures reasonably designed to ensure that their associated persons who participate in social media sites for business purposes are appropriately supervised, have the necessary training….
We’ve found that companies that have crafted a social media policy and disseminated it to the whole organization are better off than those which have not. Having a social media policy in place shows that a company has thought seriously about the issue, done some research, and introduced some processes to address it.
Firms that have demonstrated an understanding of the power of social media and how to leverage it are the ones that have created a social media policy already. Some types of issues typically covered in a policy include, but is not limited to, the acceptable/inappropriate uses of social media, access rights, and ramifications for breach.
As firms develop their policies, they should consider prohibiting or placing restrictions on any associated person who has presented compliance risks in the past…
Since not all representatives are created equal, it may be necessary for firms to apply different policies to different people. For instance, a firm might give Human Resources only read-only access to LinkedIn but give unfettered access to Marketing individuals. Or, drilling down even further, limiting LinkedIn access to just a portion of the Marketing team is another option, if the firm is worried about the behavior of specific individuals. Technology solutions today usually enable firms to set policies at the firm, group, or individual level.
Each firm must monitor the extent to which associated persons are complying with the firm’s policies and procedures governing the use of these sites.
Although monitoring is necessary, being able to bundle monitoring with logging and archiving adds a further level of confidence for compliance officers. To really gauge a firm’s progress on the compliance front, firms should log and archive all representatives’ activities on these social media sites. Which sites are they accessing? How long are they on there for? What are they doing exactly? Only until a firm is able to gather and analyze this data will it begin to feel more at ease with respect to compliance.
In addition, the rapid adoption of mobile and smartphone devices such as iPhones and iPads requires more vigilant and intensive monitoring of social media sites as well as robust alerting capabilities. Employees accessing social media sites and editing content during non-business hours are becoming the norm rather than the exception. A compliance solution should be able to address this type of user behavior as part of its monitoring feature set.
5. Third-Party Posts
FINRA does not consider a third-party post to be a firm communication with the public unless the firm or its personnel either is entangled with the preparation of the third-party post or has adopted its content.
Facebook “Like” and LinkedIn “Recommendations” are two popular features that fall squarely within the scope of the entanglement theory. “Liking” a comment or recommending a friend could be construed as an endorsement, which would require pre-approval by a supervisor. Hence, it is critical for broker-dealers to have the proper monitoring mechanisms in place to ensure that intentional or inadvertent endorsements do not occur.
The above comments are our thoughts on technology’s role in addressing 10-06’s requirements. Should the task force have any additional concerns or questions, Actiance is available to assist FINRA without reservation.
President and CEO
Whoever thought that government regulatory bodies were out of touch in our 2.0 world, best reconsider their position. The Securities and Exchange Commission (SEC) has begun to issue letters, asking investment advisors for details on their use of social media. The request is quite broad, covering documentation on messages, posts, tweets, blogs, record retention policies, and even how the firm in question treats the personal use of social media while on the corporate clock.
The goal ostensibly is to get a better understanding of how social media is being used within the financial services community. Every man and his dog knows social media is a hot topic these days, and the SEC is all too aware that the phenomenon has infiltrated broker-dealer and investment advisory firms as well. Financial advisors are keen to use social media to prospect for new customers, strengthen ties with existing clients, and to market new products and services. However, these communications between financial advisors and their clients are subject to regulatory scrutiny.
In January 2010, the Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 10-06, which was specifically written for social media. It spells out the guidelines securities firms must follow when communicating with clients. Reflecting the speed at which social media moves, FINRA already has plans to issue updated guidance later this year, conceding that many things they observed in 2010 were unexpected (e.g., at the time of original publication, brokers were not using social media for business communications). Such a miscalculation on FINRA’s part has forced it to revamp the guidelines.
And, it’s not just the US that is adopting measures to address social media. The Financial Services Authority (FSA) in the UK requires that appropriate risk warnings be given when social media is used for advertising purposes. Hand in hand with the increased regulatory interest in social media is the emergence of technology vendors stepping in to help firms remain compliant with these guidelines.
Here at Actiance, we’ve developed the industry’s most robust platform for managing and securing social media use within the enterprise. Our Socialite platform enables organizations to moderate, log, and archive all activities and content posted to Facebook, LinkedIn, and Twitter. In this way, financial services firms can rest assured that their communications with clients and prospects do not run afoul of any FINRA or FSA regulations.
Actiance is at the forefront of managing social media within financial services firms and will be providing guidance at headline Finextra events in London and New York over the coming months to share a best practice approach on coping with the regulatory guidelines.
What a crazy year 2010 was for technology. Facebook’s CEO was named Time’s Person of the Year, the iPad hit the market in a big way, and location-based services took off. As we’ve been snuggled in for the holiday season and tossing back some libations with friends and family, we wanted to have a look back at what stoked people’s interests or got us freaked out in 2010.
Facebook: The Social Networking Beast
The hugely popular social networking site continued its meteoric growth in 2010, with the number of users crossing the half-billion mark. A movie loosely documenting its humble beginnings was released; Mark Zuckerberg was named Time’s Person of the Year (the dude’s only 26!); and it’s the gold-standard for social media platforms. Pretty heady stuff for a company that was founded just six years ago and had its roots as a way to check out your college classmates’ pictures and see where the eye candy’s at.
However, with this spectacular growth came heightened media scrutiny and shrill criticism from privacy advocates. It also became a tastier target for hackers and other evildoers. Despite these privacy and security issues, Facebook continues to be the platform of choice for third-party developers. To its credit, Facebook has listened to user feedback and has responded accordingly. That’s the beautiful thing about an open Internet that Zuckerberg likes to preach. Word travels fast, which can be both a blessing and a curse. And so far, his congregation is filled with believers.
Location-Based Services: I Know Where You Are (and Where You’re Not)
Thieves have got to absolutely love the booming popularity of location-based services, such as Foursquare, Gowalla, and Facebook Places. Marrying smartphones with GPS technology has spawned sites that let users “check in” wherever they’re at, notifying all their friends of their exact location at that moment in time. Great concept if your friends that you’re telling are truly your friends. Not a good concept if you’ve got folks on your “friends list” that shouldn’t be there or you’ve got the wrong privacy settings enabled on your smartphone, essentially giving a green light to applications like Foursquare to share your information with unauthorized folks. Yikes. Better make sure you hide that family-heirloom Rolex reeeeeeal gooood.
Collective Buying: Power in Numbers
The tough economic times of these last couple years means that bargain-hunting has become the norm for many of us. Enter Groupon and LivingSocial - a couple of sites that aspire to give the best deal on a broad range of products and services. The key to their success is scrounging up the minimum number of persons to partake in a deal. Once that threshold is crossed, everyone in the “group” gets that product or service at a great price. If the quorum’s not met, no deal for you (thank you, Soup Nazi).
iPod, iPhone, iPad, iCha-ching
Aside from the dropped calls you (allegedly) get if you hold a 4G iPhone with the bottom half of your left palm, held at a 27 degree angle, with partly sunny skies, and your mother-in-law is in town, Apple can do no wrong. Hard to believe this company was on its deathbed in the mid-1990s (for those of you who can remember). Now, if Steve decides to stick an “i” in front of its next product, run out and buy some Apple stock that day. The iPad is the latest Apple offering that it really didn’t invent but has marketed better than everyone else (both past and present). Now, if Steve could just figure out a way to outdo the Most Interesting Man in the World, then he may just be worthy of his deity status. (Norv’s boss would like you to know that these are his opinions and she makes no comment about buying stock or Steve’s deity status.)
Boxy but Good
People used to say this about Volvos. Not the sexiest car around, but they were reliable and were safe. The same can be said for the regulations starting to pop up now to address the social media phenomenon. People normally get a little drowsy when they hear or see the word “regulation,” but it’s one of those necessary evils.
Many industries, such as financial services, energy, and healthcare, are turning to social media to market their products and services and extend their brand reach. However, it was only a matter of time before the regulatory bodies started to catch up. Case in point: the financial services industry issued FINRA Regulatory Notice 10-06 in January 2010 to provide guidance on what brokerage firms and its representatives are and are not permitted to do with respect to social media. And you can bet your bottom dollar/euro/pound that other industries will soon follow suit (we’re actually already starting to see this happen).
Social Media’s Playing with the Big Boys Now
When social networking first hit the scene, it was all about the hipsters and Generation Y’ers. It was supposed to be a fad, limited to folks with too much time on their hands. Well, I think it’s safe to say it’s here to stay. Corporate types are on-board, real money is being generated, and your grandmother might even have a Facebook account.
The bigger issue is, “how can companies utilize social media safely without having it blow up in their faces, like what happened to Domino’s in 2009?” This past year saw organizations, big and small, kick the tires and see what they could do with social media. They also poked around to see what kinds of controls, if any, were available from technology vendors. Just all part of the maturation process of a communications channel that promises to bring more excitement and innovation in 2011.
The above are just my musings on trends in 2010. What were the biggie ones you saw this past year? And don’t worry, you’ll still get your soup.
10-06, 2010, apple, Domino's FINRA, facebook, FaceTime, Foursquare, Gowalla, GPS, Groupon, iPad, LBS, LivingSocial, location based service, Regulatory Notice, review, social media, Time, Volvo, wrap-up, zuckerberg
The announcement last week that financial services behemoth, Citi, was looking for an attorney to oversee its social media activities underscores the influence that social media holds in today’s business world and the still-evolving legal ramifications stemming from ill-advised usage of social media tools. No industry is further ahead on social media guidelines than the financial services industry. The Financial Industry Regulatory Authority (FINRA) issued social-media specific guidelines in January 2010. Known as Regulatory Notice 10-06, these guidelines specify what types of social media content needs to be monitored and archived. The Financial Services Authority (FSA) in the UK followed soon thereafter with its own guidelines on social media, illustrating that the explosion is taking place on a global level.
Other industries are taking a cue from financial services, too, and have either started to issue guidelines on social media (e.g., energy and utilities) or are in the process of issuing them (e.g., pharmaceuticals). Even individual states, like Florida, have updated their General Records Schedule to require the retention of social media communications. The bottom line is that regulators are keen to keep pace with the dynamism of social media and are trying to establish frameworks for managing social media activities for their respective industries.
In the case of Citi, they’ve taken it one step further by initiating a search for an associate general counsel to focus solely on social media. Among the many responsibilities of this new role are protecting Citi’s intellectual property, working with specific business counsel to secure approval of content, establishing consistent processes for vetting and replying to comments in interactive environments (e.g., Twitter, Facebook, etc.), and promoting consistent policies.
The fact that Citi has created a role just for social media shows just how seriously the Wall Street giant is taking the phenomenon and is taking a proactive approach to establishing itself as the leader in this nascent practice area. Take, for instance, Anna O’Brien, the VP of Social Media at Citi. She’s credited with helping Citi become the first financial services company to have a verified Twitter account and is (obviously) a huge advocate of social media. She spoke at the Business Development Institute (BDI) conference in NYC a couple weeks ago about how social media is a powerful marketing weapon. Then, you’ve got the folks at Morgan Stanley Smith Barney, who have been championing social media as an effective marketing and prospecting tool for financial advisors. Morgan sees a well-defined social media strategy as critical to delivering on clients’ needs and expectations.
And it’s not just Social Media attorney titles that we’re seeing. More and more often we’re starting to see the appearance of titles like Social Media Compliance Manager and Product Manager Social Media on job boards. In fact, when one does a search on LinkedIn for “social media compliance,” nearly 13,000 people turn up in the search results here in the US. So, Citi and Morgan Stanley are not alone is recognizing the importance of social media.
As the conversation moves from our email clients to the social network, Gartner suggests that for 20% of us business users, social media will become the primary mechanism for interpersonal communications by 2014. Here at FaceTime, we see an increasing amount of content passing through these social networking sites. This may be daunting, but platforms such as Socialite help firms, particularly those in regulated industries, remain in compliance with the emerging guidelines specific to social media. From pre-review moderation of content to the contextual logging and archiving of activities and events, FaceTime can enable folks like Citi’s associate general counsel-to-be execute his or her job duties with more peace of mind.
10-06, anna obrien, banks, BDI, Business Development Institute, Citi, facebook, FaceTime, finra, Florida, FSA, Gartner, general counsel, general records schedule, GRS, job title, Morgan Stanley Smith Barney, Regulatory Notice, sec, social media, socialite, Twitter
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- June 2010
- May 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- July 2009
- June 2009
- April 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- Application Filtering
- Electronically Stored Information (ESI)
- Employee Behavior
- Enterprise 2.0
- Enterprise IM
- Financial Services
- Guest Post
- New Internet
- personal v professional
- Product Announcements
- Public IM
- Retail banking
- RSA Conference
- Securities and Exchange Commission
- Social Networking
- Unified Communications
- Web 2.0
- Web Security