March 22, 2011
Amy C. Sochard
Director, Programs & Investigations
9509 Key West Avenue
Rockville, MD 20850
Dear Ms. Sochard:
In light of the recent revisit of FINRA’s social media guidelines, Actiance, Inc., is submitting this letter for the task force’s consideration. We feel that the task force would benefit from having input from a range of sources, including from industry, technology, and others. As such, Actiance speaks from a position of experience and expertise with respect to compliance solutions for the financial services industry.
As the adoption of social media spreads further across the financial services landscape, both industry and technology vendors alike have had more time to digest the implications of social media and what more can be done. It has been over a year since the issuance of Regulatory Notice 10-06, so the level of understanding is unequivocally deeper now than at any time in the past.
Under this backdrop, Actiance would like to offer the following commentary with respect to Notice 10-06:
1. Recordkeeping Responsibilities
SEC and FINRA rules require that for record retention purposes, the content of the communication is determinative.
What 10-06 makes clear is that social media is just another form of “electronic communication.” In addition to social media, there are also public instant messaging networks (e.g., Google Talk, Yahoo!, Windows Live Messenger, AOL Instant Messenger), peer-to-peer networks (e.g. Skype), and enterprise communication platforms such as Microsoft Lync/OCS and IBM Lotus Sametime that fall under the “electronic communications” umbrella. Thus, being able to log and archive a multiplicity of electronic communications channels in one seamless platform facilitates the recordkeeping responsibilities greatly for organizations subject to FINRA guidelines.
A broker-dealer must retain those electronic communications that relate to its “business as such.”
Archiving in context adds a level of detail and comprehensiveness that assists regulators and auditors in determining whether in fact any violation occurred. It’s easy today to take conversations out of context, say, if you’ve only “joined” in the conversation in the middle or at the last minute. Being able to capture all conversations in context, from beginning to end, helps auditors understand the exact nature of a communication taking place between an advisor and a prospect/client.
It’s up to each firm to determine whether any particular technology, system or program provides the retention and retrieval functions necessary to comply with the books and records rules.
Although FINRA does not endorse any one particular technology vendor, it is important for broker-dealer firms to keep in mind that, given the vast number of options available in the marketplace today, choosing a technology partner that has the flexibility to integrate with as many content management and archiving systems as possible is critical. Given the prevalence of litigation in today’ society, this flexibility becomes even more vital since eDiscovery solutions are closely tied to archiving systems. Both law firms and businesses rely on eDiscovery to streamline their litigation processes and reduce cost.
2. Suitability Responsibilities
Firms might consider prohibiting communications that recommend a specific investment product unless the communication conforms to a pre-approved template and the specific recommendation has been approved by a registered principal.
Because so many broker-dealer firms have their representatives scattered all over the country, it simplifies the pre-approval process greatly to have mechanisms in place to expedite matters. This includes having a lexicon library that a firm can utilize for whatever technology solution they choose to deploy. In this way, already swamped compliance officers need only look at content that hits a word or phrase that is part of the lexicon library. Technology vendors are already aware of this trend and are beginning to provide pre-defined and pre-screened templates that are in compliance with FINRA regulations. In this way, registered representatives can get advertising materials out more quickly to prospects and clients.
Equally important is the ability of compliance systems to adapt to ever-changing social media feature sets. To date, LinkedIn profiles have generally been considered prime examples of static content. As functionality evolves, however, LinkedIn profiles may in the future include additional features like recommendations and blogs. The key here is that these new features need to be blocked until they have been incorporated into the pre-approval workflow.
3. Types of Interactive Electronic Forums
Social networking sites typically contain both static and interactive content.
Regarding static content, having the ability to assess content before it hits the Internet would make compliance officers sleep better at night. If registered principals are worried about the publication of static content without pre-approval, then the broker-dealer should consider adopting solutions or measures that enable them to hold content for pre-review.
Even for sites that have both static and interactive content, it does not hurt to be overly cautious with respect to pre-review, especially if lexicons can be utilized. Either way, whether it’s static or interactive content, archiving all content related to the business is required.
4. Supervision of Social Media Sites
Firms must adopt policies and procedures reasonably designed to ensure that their associated persons who participate in social media sites for business purposes are appropriately supervised, have the necessary training….
We’ve found that companies that have crafted a social media policy and disseminated it to the whole organization are better off than those which have not. Having a social media policy in place shows that a company has thought seriously about the issue, done some research, and introduced some processes to address it.
Firms that have demonstrated an understanding of the power of social media and how to leverage it are the ones that have created a social media policy already. Some types of issues typically covered in a policy include, but is not limited to, the acceptable/inappropriate uses of social media, access rights, and ramifications for breach.
As firms develop their policies, they should consider prohibiting or placing restrictions on any associated person who has presented compliance risks in the past…
Since not all representatives are created equal, it may be necessary for firms to apply different policies to different people. For instance, a firm might give Human Resources only read-only access to LinkedIn but give unfettered access to Marketing individuals. Or, drilling down even further, limiting LinkedIn access to just a portion of the Marketing team is another option, if the firm is worried about the behavior of specific individuals. Technology solutions today usually enable firms to set policies at the firm, group, or individual level.
Each firm must monitor the extent to which associated persons are complying with the firm’s policies and procedures governing the use of these sites.
Although monitoring is necessary, being able to bundle monitoring with logging and archiving adds a further level of confidence for compliance officers. To really gauge a firm’s progress on the compliance front, firms should log and archive all representatives’ activities on these social media sites. Which sites are they accessing? How long are they on there for? What are they doing exactly? Only until a firm is able to gather and analyze this data will it begin to feel more at ease with respect to compliance.
In addition, the rapid adoption of mobile and smartphone devices such as iPhones and iPads requires more vigilant and intensive monitoring of social media sites as well as robust alerting capabilities. Employees accessing social media sites and editing content during non-business hours are becoming the norm rather than the exception. A compliance solution should be able to address this type of user behavior as part of its monitoring feature set.
5. Third-Party Posts
FINRA does not consider a third-party post to be a firm communication with the public unless the firm or its personnel either is entangled with the preparation of the third-party post or has adopted its content.
Facebook “Like” and LinkedIn “Recommendations” are two popular features that fall squarely within the scope of the entanglement theory. “Liking” a comment or recommending a friend could be construed as an endorsement, which would require pre-approval by a supervisor. Hence, it is critical for broker-dealers to have the proper monitoring mechanisms in place to ensure that intentional or inadvertent endorsements do not occur.
The above comments are our thoughts on technology’s role in addressing 10-06’s requirements. Should the task force have any additional concerns or questions, Actiance is available to assist FINRA without reservation.
President and CEO