FINRA just released additional guidance on social media and electronic communications with Regulatory Notice 11-39 -- Guidance on Social Networking Websites and Business Communications (http://www.finra.org/Industry/Regulation/Notices/2011/P124186)
After another year and a half policing the social media streets in their unmarked cars, FINRA reminds advisors they are paying attention and taking social media seriously. There have been several recent sanctions of advisors for violations ranging from failure to disclose outside business activities to unbalanced tweets regarding securities. Many violations have been directly related to social media while others were exposed through these public interactions.
So what’s new?
As a follow-up to FINRA Regulatory Release 10-06 in January 2010, the new FINRA 11-39 Guidance expands the use of social networking sites, supervision requirements and recordkeeping requirements for registered representatives and member firms.
Firms must establish and maintain a system to supervise the activities of each associated person (Rule 3010).
Your firm must have policies and procedures. The firm must have a process and technology to monitor and archive activity. The firm must train its associated persons. Does your firm have policies and procedures? Training? How about an Annual Certification?
A Registered Principal must review/approve a proposed social media site in the form in which it will be launched (Rule 3010).
No more emails to say, “I plan to use Facebook. OK?” The new guidance is still fairly vague and more important – challenging to implement. Many social sites do not give you a draft or staging area for a profile page. Advisors will want to check with their compliance team for guidance. Likely, a document with screen print of a sample layout and referencing each heading section to state what you will/will not include should meet this requirement. Compliance will require a screen print of the actual site to validate the mock-up.
Unscripted participation equals a public appearance (Rule 2210). While prior approval is not required for the specific social interaction, approval is required for participation in the social medium. The 11-39 Guidance requires forms to adopt supervisory procedures, methodologies and technologies to ensure and effective post communication review. This review must ensure that the firm can identify any violations of securities laws and flag any content that is misleading, unbalanced or inappropriate.
Commenting on another person’s social posting is considered a “public appearance” and does not require pre-approval (aside from approval to participate in that social medium). If you copy the interaction to a static portion of the advisor’s website this does become “Advertising” under Rule 2210 as static content!
Determine business vs. personal records. A firm can distinguish between personal and business interactions. If purely personal and non-securities or firm-related interactions, these need not be retained. The release also clarifies that the type of device used to communicate is not relevant. The rules are the same for email, blog, iPhone, RSS feeds, direct posting, indirect posting, etc. (For example – Is your LinkedIn connected to Twitter? Both must be monitored and archived even if the post originates on LinkedIn.)
Advisors – Segment your network. Keep personal and business separate whenever possible!
Links to 3rd-Party Sites and Content Feeds
You cannot link to a 3rd party website, social site, blog or any location where the firm (and/or associated person) has reasonable belief that content may be misleading, containing false content or intentional bias. If you have links to other sites, you are responsible for reasonable due diligence! Also, if you participate in the content of the 3rd party site, it becomes your advertising or social post and the associated person and firm must follow Rule 2210.
The same rules apply in reverse. If you bring in RSS feeds, solicit posts or have interactions with content providers, you are responsible for this content. This remains a vague area, but if you believe the data to be inaccurate, you must take action.
So when does a firm become “entangled” with another site?
If you place your logo on the 3rd party site, you are responsible for the content. If your procedures help you to determine a site has misleading content, deleting the logo and link to that site is required. Any content on that site are no longer your responsibility according to the 11-39 Guidance. That said, I would document the efforts here carefully.
Registered Investment Advisors have similar challenges. The SEC and States are our their in their unmarked cars as well.
Starting in social media is more than policies and procedures. It is defining business objectives, aligning your team and implementing in a risk-controlled strategy. Good luck!