In the week that “retweeted” was officially added to the Oxford English Dictionary, after only two years of use, FINRA beats the retweet and issues new guidelines on social media, just 18 months after 10-06 hit our doorsteps, and “So, what do you read into 11-39?” is the question on the tip of everyone’s tongue.
As expected, a few points are clarified; the latest guidance has become more prescriptive in some areas and less so in others. (Puzzled looks abound, I’m sure.) If you’d rather hear more about this, than to continue reading, please join me on a webinar Wednesday, August 31st at 10am EST and I’ll explain.
I’ll start with the missing pieces of 11-39
What’s missing is the specific reference to individual social networking sites (I bet that’s not what you were expecting). And for this, I applaud FINRA. Examples were given in 10-06 – Facebook was mentioned twice (OK, three times if you look at the endnotes), Twitter four times, and LinkedIn just the once. Interesting that, in the conversations I’ve had with wealth management firms and wire houses, it’s LinkedIn that is the network of choice.
Why my applause though? Good job, FINRA, I say, because you’ve recognized that this world moves very quickly. Three months ago, YouTube was the fastest growing social network. Then it was Google+. And now, as Google+’s new member growth falls by 30% a day to 700,000, we’re not sure anymore. That said, LinkedIn has added 20 million new profiles since its IPO in May and now boasts 120 million profiles. Equally, since January 1, 2011, we’ve tracked 938 changes across Facebook, LinkedIn, and Twitter (yes, really!).
Good job, FINRA, because you’ve recognized that loyalty in our social world is somewhat limited. And, that just because Facebook, LinkedIn, and Twitter are today’s Holy Trinity of social, it doesn’t necessarily mean that they will be tomorrow.
What else is good?
It’s also good to see clarification on business versus personal commentary – this reinforces what we’ve been saying for some time, that “the regulator is interested in the communications related to the business and when the individual is representing the business” – the advice we have been giving since January 2010, is NOT to go against the Facebook rules (for instance) and set up two profiles, but take advantage of Facebook giving you the ability to set up a profile for personal use and a page for professional use, because contrary to a lot of public opinion, you CAN do this – as a businessperson, you can set up a specific page for your business use (drop me a note if you want step-by-step instructions). The SEC itself has stated that the content of an electronic communications determines whether it should be preserved. Just like the FSA out of the UK does. It doesn’t matter about the modality.
I do believe that, as an industry, we are perhaps being somewhat short-sighted by thinking that you can absolutely separate personal from business communications in the social world. I think the lines will continue to blur (increasingly so) as we become more accustomed to social. I do believe we’ll see more guidance on this as time goes on.
What else is new?
A proposed social media site must be approved in the “form in which it will be launched.” FINRA is talking here about the launch of new social media sites. So, if you’re launching a new design, a new Twitter feed, for instance, then the graphics that you’re using, the imagery, and the actual site – the “wireframes” in design parlance – need to be part of the approvals process. Third Party Data Feeds are referenced also. FINRA reminds us that the firm is responsible for checking the proficiency of the vendor of the data and its ability to provide accurate data – and it must regularly review for red flags.
In reaction perhaps to the number of new companies popping up purporting to provide control and manage social media, FINRA specifically calls out details on technology that automatically erases or deletes content, stating that this precludes the ability of the firm to retain the communications in compliance with their obligations under SEA Rule 17a-4, yet further into the 11-39 guidelines, FINRA details more about the deletion of inappropriate third-party content.
It’s clear that a record of communications that doesn’t contain the full record is no record at all. However, I do hold to the fact that some content simply has to be deleted. I can’t control the 750 million other Facebook users out there (heck, I can’t even control what my little brother says on Facebook), and not all of those users have the same filtering mechanism that I have when it comes to content. I’ve deleted some friends and banned others because their language would offend my Mother, who to me, is my ultimate Facebook controller. In a corporate environment, I certainly don’t want the Actiance brand associated with profanity, racism, or a host of other comments, that we automatically delete through the use of our Urban Dictionary.
But we do record the fact that they were made. We also record the fact that they were deleted. We also record what the page looks like before and after the delete. Belt and braces. It might not be on the social network anymore, but it’s in the archive.
Mobile IS mainstream, and network barriers have crumbled.
And, it’s clear to see that the growth of mobile is having an impact; 250 million of the 750 million active Facebook users use the site through a mobile device – and on mobile, they’re twice as active. It’s clear that firms are concerned about mobile, rightly so, but equally, that FINRA is being sensible about how firms operate and how they do business. And, not all of us use devices that are firm-owned to post content and collaborate on social networks. That’s the way the world is changing. It’s one of the biggest challenges of today’s CIO: the personally owned device (whatever that might be – iPhone, BlackBerry, Droid, iPad, Tablet, Netbook). FINRA reminds us that it’s the communications, not the device, that is important.
The Users, the pesky Users…
FINRA gives an even bigger call-out about training and education. Human beings, I’m convinced were put on earth to create chaos. And in a social world, we can do this very quickly and very easily. (I should at this point, before our CEO, @Kambwani, sees this, reference that this quote is mine and mine alone.) But equally, you don’t just give 20,000 financial advisors access to LinkedIn and expect that they know what to do. In a lot of instances, there is a generational gap, injecting social into the DNA of individuals doesn’t happen overnight. FINRA is dead-right by saying that training is important, that certification is important. And regular training is not just a one-off, because people forget when they’re on a social network. They forget who they’re connected to, and who might see their content.
We are, after all, as human beings, ultimately fallible. And, we have technology in every other area of our business lives to protect us (anti-spam and security in the email world), to stop us sending our bank account details to Nigeria or our intimate personal details to hackers, Web filtering in the Web world to stop us playing online poker all day, and maybe even Actiance to limit our usage of Farmville to a mere 30 minutes a day. In other words, we use technology to protect us against technology. And it goes without saying that using technology to protect us from malware infection (our very own @jaeho9kim wrote about this recently right here on this blog), from ourselves, and from malicious intent.
I think I’ve rattled on quite long enough now, so I’ll leave you with this final set of questions. Did 11-39 answer your questions? Did it raise more? What do you think it didn’t cover? Tune in next week for our webinar – and for thoughts that I’ve gathered recently, when I got together with 60 Financial Services Marketing, Compliance, and IT professionals and asked them what they thought FINRA should issue in terms of guidance.