(This is a guest post from Stephen Selby, Director of Regulatory Services at LIMRA.)

As social media users in financial services have discovered over the past couple of years, it’s tough to build a business in a swamp. It makes me think of the King of Swamp Castle from Monty Python and the Holy Grail.

Listen, lad. I’ve built this kingdom up from nothing. When I started here, all there was was swamp. All the kings said I was daft to build a castle in a swamp, but I built it all the same, just to show ‘em. It sank into the swamp. So, I built a second one. That sank into the swamp. So I built a third one. That burned down, fell over, then sank into the swamp. But the fourth one stayed up. An’ that’s what your gonna get, lad—the strongest castle in these islands.

Social media regulation has been a little like Swamp Castle. FINRA released Regulatory Notice 10-06, and built a foundational concept for all of us to follow—all the old rules apply. But the financial services industry as a whole did not believe that foundation was solid enough. We let the first castle sink into the swamp.

Then FINRA released Regulatory Notice 11-39. The financial services industry again said that foundation was not strong enough, so we again let social media fall into the swamp. Foreign regulators like the FSA in Great Britain and the IIROC in Canada published social media guidance in their own countries. The National Association of Insurance Commissioners issued its own white paper on social media. The messages from the FSA, IIROC, and NAIC all tracked well with FINRA’s core message—all the old rules apply. But the financial services industry was not happy with that foundation yet and, even with all of the positives, watched social media again fall into the swamp.

January 2012: The Fourth Castle of Social Media Regulation

Now we have both the SEC and the Commonwealth of Massachusetts issuing guidance for Registered Investment Advisors. To paraphrase the King of Swamp Castle—I am here to tell you what you’ve gotten—the strongest castle in these islands! We have seen securities regulators, insurance regulators, and now RIA regulators all say the same things: Yes, social media is an exciting new form of communication. Yes, we will apply existing rules to this new technology. It should be clear that we are no longer standing in a swamp, but on the strong foundation of a consistent message.

Let’s see how that consistent message applies to RIAs in the Commonwealth of Massachusetts. I will present these points in a different order than communicated by the Massachusetts Securities Division their memo of January 18, 2012. This order should help you structure your approach to social media for RIAs:

• Social Media is subject to supervision. Have a plan. Document it. Test the plan at least annually.
• Training. No policy or procedure is very good unless people know what it is. Therefore training is a really good idea.
• The firm is responsible for all business content. It’s social media time. Do you know what your investment advisor representatives (IARs) are saying?
• Social media is subject to record-keeping requirements. You will need a method of capturing and retaining social media content in a manner consistent with SEC retention rules. (For more, see 950 CMR 12.205(7)(a) and 17 CFR 275.204-2.)
• Frequent supervision is better. Massachusetts states on page 6 of their document “A review done daily would be considered a reasonable supervision of the adviser’s social media site.” Less frequent review can be acceptable—if you have low traffic volumes.
• Social media is usually advertising under RIA rules. Go back to the basics and apply current advertising content and supervision standards for RIAs to social media. Performance reporting via social media is subject to the same content and time standards as any other kind of media. Cherry picking past performance is not permitted. Recommendations are not permitted.
• Adoption and Entanglement applied across regulators. RIAs are responsible for content which they post, Tweet, re-Tweet, or like, or to which they link. RIAs are also responsible for content which is posted on behalf of their representatives by business partners or anyone else who has an interest in the success of the IAR. Selective removal of some content results in the “adoption” of the remaining content.
• “Liking” can be Problematic. To completely understand what Massachusetts is saying about the “Like” button, I encourage you to read SEC Regulation FD and the recent SEC risk alert. The key take-away is that your firm is responsible for any content which is “Liked” by the firm or an IAR. Make sure it’s good content.
• Read the SEC guidance. Massachusetts makes reference to recent SEC guidance on social media usage.

More Best Practices for Social Media Compliance

The Massachusetts document “The Use of Social Media by Investment Advisers” is not intended to tell the whole story. Here are a few ideas you need to consider beyond the recent guidance provided by the Commonwealth.

• Put clear license and registration disclosures in social media profiles. This will help insulate the firm against the appearance of soliciting where the firm is not registered.
• Update the firm’s Code of Ethics. Not all states require a code of ethics, but communicating a standard and then training your people to that standard is always a good idea.
• Face-to-face supervision is a best practice. Take time to review the computers and mobile devices of IARs when visiting satellite offices.
• Understand what is being said about you by solicitors and other business partners. You may need to review agreements to specifically address the use of social media.
• Get help, but take responsibility. Social media use and supervision is ultimately up to you, but Socialware and LIMRA can help get you going.

In closing, think of the King of Swamp castle. “All the other kings” may say you are daft for using social media when there are so many questions, from ROI to compliance. Prove them wrong. Now that regulators for the securities, insurance, and investment advisory business have spoken, you have a firm compliance foundation on which to build your social media practice.

When so many regulators are saying the same thing—maybe you really do have the opportunity to build the strongest castle in these islands.

Image source.

This article from InvestmentNews explains the change:

Tweet away: Finra backs off social-media posting regs

While the article is right to emphasize how this change provides a better way forward, advisors can’t just “tweet away” without a second thought. The reality is that post-use filing was always about the content. And it’s still about the content, even though what FINRA is proposing will remove hurdles that have stymied some firms in their use of social media.

Proposed FINRA Changes for Social Media Postings

Here’s the crux of the proposed change, quoted from FINRA’s letter to the SEC of December 22, 2011:

FINRA recognizes that a member may face supervisory and operational difficulties if it is required to file an online forum post given that the member will be supervising such communications in the same manner as correspondence. Accordingly, FINRA is amending proposed FINRA Rule 2210(c)(7) to add a filing exclusion for retail communications that are posted on online interactive electronic forums. Nevertheless, members should be aware that this exemption does not apply to any filing requirement that may arise under either federal law or SEC Rules.

“Retail communication” is a key term here. According to FINRA,

Retail communication would include any written (including electronic) communication that is distributed or made available to more than 25 retail investors within any 30 calendar-day period. ‘Retail investor’ would include any person other than an institutional investor, regardless of whether the person has an account with the member.

Even more important—and the reason to be careful about how you “tweet away”— is the last sentence from the first quote: “. . . this exemption does not apply to any filing requirement that may arise under either federal law or SEC Rules.” If the nature of what you’re discussing, via social media or otherwise, requires a filing, it will still require a filing.

The Medium and the Message: Two Compliance Checkpoints

We can think of firms and advisors as having two compliance “checkpoints” for any message they put out:

• Checkpoint 1: the medium. FINRA and other regulatory bodies have always treated different mediums differently. For instance, they don’t expect an advisor to digitally record an in-person conversation the same way they would archive an e-mail. Over the past few years, social media has presented a host of new challenges to regulators, since it often does not fit neatly with existing regulations that address other mediums. The new FINRA approach changes things up—a lot.
• Checkpoint 2: the message. A prospectus is a prospectus and must be treated like one. Some types of content will always require pre-review; some will always require post-review. The new FINRA approach doesn’t change that at all.

FINRA Is Not Handing Out a “Hall Pass”

For more insight on this, we asked for the opinion of Stephen Selby, Director of Regulatory Services at LIMRA. Here’s what he said:

FINRA content standards and filing requirements must not be confused. FINRA advertising filing requirements merely mandate that certain materials have to be reviewed by FINRA at a particular point in time. Regardless of FINRA filing requirements, content standards always apply. When using social media for “business as such,” clear, accurate and suitable information must be provided, conflicts of interest must be disclosed, and both sides of the story must be told about investments and investing strategies.

Keep in mind that advertising rules are not the whole story. FINRA also looks at public communications through a lens of “Standards of Commercial Honor and Principles of Trade,” which covers a whole range of issues. There have been recent proposed amendments to the new advertising regulations, which would potentially relax FINRA filing requirements for certain limited uses of social media. Any potential relaxation of filing requirements should not be confused with a hall pass.

It’s a real benefit for firms and advisors that FINRA is proposing these changes, and I’m sure it will reduce the headaches for the compliance officers we work with every day. They’ll still need to archive 100% of the social media messages that their advisors send out, but the filing burden will be lower.

But Selby hit the nail on the head: relaxed standards for certain types of messages don’t equate to a “hall pass” for all social media conversations. Firms should create strong, sensible policies for social media, train their advisors appropriately, and make sure that they have the right tools in place to ensure that they can still adequately supervise advisors’ social media use. Regardless of how the regulatory standards evolve, we’ll be here to help.

Image source.

There are two lessons to take away from this:

1. The SEC has made social media a priority. After yesterday’s news, it’s clearer than ever that 100% of firms should prepare for social media audits by having strong social media policies and social media archiving in place.
2. There’s no need to be scared of social media. Fraud is still fraud. While the social networks do present many new challenges for advisors and compliance officers, when it comes to shady activities, only the mediums—not the underlying rules—have changed.

The SEC’s Stance on Social Media

A year ago, the SEC fired a shot across the bow when it issued its sweeps letter about social media. (Our CEO, Chad Bockius, analyzed the SEC letter in two blog posts, which you can find here and here.) If that weren’t enough of a call to action for firms and RIAs to take social media compliance seriously, yesterday’s action should be. Social media use is widespread, and the SEC has articulated firms’ responsibility to monitor and archive these communication channels.

The SEC’s main communication this week, “Investment Adviser Use of Social Media,” is sober and methodical. Probably none of it will be news to compliance departments that have been actively working with their firms’ advisors or agents to promote the compliant use of social media to build professional networks and increase business. But the SEC guidance is useful for the step-by-step reminders it gives about creating and enforcing consistent and meaningful social media policies that balance risk prevention with the need to do business at a reasonable pace.

Firms have a responsibility not only to implement such policies, but to carry out active monitoring of advisors. Those that don’t could be fined, even in they have a formal policy of prohibition for social network use, because it is unreasonable to believe that policy alone will protect consumers. In our 2011 year-end webinar, Bockius discussed the need for all firms to prepare for social media audits. This week’s SEC action demonstrates how serious that need is.

Be Vigilant, But Don’t Be Afraid of “LinkedIn Fraud”

The SEC’s pursuit of the Illinois advisor doesn’t mean that firms should fear the use of social media—much less avoid it altogether. Some of this week’s media coverage might mislead social media holdouts into taking this view.

Consider the headline of this (otherwise very good) article from AdvisorOne:

SEC Charges Advisor With LinkedIn Fraud, Issues Social Media Alerts

I was trained as a newspaper journalist, so I know what headline writers are up against: they have to compress the whole story into just a few words. Unfortunately, headlines like this one make it sound like “LinkedIn fraud” is some new category of crime. In fact, the misdeeds being investigated by the SEC represent very old types of financial fraud, but simply carried out over a social network rather than in person, via mail, via e-mail, or over the phone.

The article rightly points this out in its eighth paragraph:

“Fraudsters are quick to adapt to new technologies to exploit them for unlawful purposes,” said Robert B. Kaplan, co-chief of the SEC Enforcement Division’s Asset Management Unit, in a statement. “Social media is no exception, and today’s enforcement action reflects our determination to pursue fraudulent activity on new and evolving platforms.”

Advisors and firms shouldn’t be scared of LinkedIn (or Facebook or Twitter or blogs). Instead, they need to avoid engaging in illegal, unethical, or otherwise prohibited advertising practices . . . just as for every other medium they use.

Regardless of how the story is covered, it’s good to see that the SEC is following through with its commitment to focus on social media. Your firm needs to be ready if the SEC spotlight should fall your way. Is it?

This notice is very clear in that it focuses on the “nature of various communications and not the methods.” In other words, these rules cover all communication with the public, but in light of the number of inquiries received by their Dealer Members they have specifically called out social media as a new and significant medium of communication.

At the highest level, IIROC states that “all methods used to communicate including, but not limited to, Facebook, Twitter, YouTube, blogs and chat rooms, are subject to the IIROC Dealer Member Rules.” Much like FINRA, IIROC requires their Dealer Members to have clear policies and procedures that guide individuals around the classification of content and associated regulatory responsibility. You should of course download and read the entire Notice, but I’ve called out a few of the more interesting points as it relates to social media.

Recordkeeping Responsibilities

“Firms must retain records of their business activities, financial affairs, client transactions and communication. Whether a communication is related to the business of the Dealer Member, and therefore captured by this requirement, depends on the content of the communication. The type of the device used to transmit the communication or whether it is a firm-issued or personal device is irrelevant…For instance, the content posted on social media websites, such as Twitter, Facebook, blogs, chat rooms and all material transmitted through emails, are subject to the above-noted legislative and regulatory requirements.”

In summary, firms that open access to social media sites for business use must ensure that all communication is being archived. Just like FINRA Notice 11-39, IIROC reinforces that the device used (personal or firm-issued) is irrelevant. It is the content and the communication that matters and is subject to these rules. They go on to say that if firms do not have a way to ensure the compliant retention of data on these sites, they must block an individual’s use.

Suitability and Recommendations

“Dealer Members must be mindful of the additional regulatory obligations that may be triggered as a result of the content of a communication delivered to clients. For instance, a “recommendation,” whether delivered via a social media website or by way of written correspondence, must take into consideration the suitability requirements set out in IIROC Dealer Member Rule 1300.1… At the very least, Dealer Members should implement measures to monitor and/or prohibit electronic communications that constitute a recommendation which must comply with IIROC’s suitability rules.”

This is a common concern for compliance officers in the U.S. as well. As such, most firms that have opened access to social media sites are choosing to deploy real-time monitoring of posts so they can be scanned and captured if they look suspicious. While not the only method to ensure compliance, it’s an additional tool for compliance officers to protect the public, the firm, and their advisors.

Supervisory Responsibilities

“Pursuant to IIROC Dealer Member Rule 29.7(2), Dealer Members must establish policies and procedures that allow them to comply with their supervisory obligations and protect clients from misleading or false statements. Subject to Rule 29.7(3), it is at the discretion of Dealer Members to determine whether to employ: pre-use approval, post-use review or post-use sampling.”

As it relates to social media sites specifically, “Static content, such as a profile, background or wall information, usually considered an ‘original template advertisement’, must be pre-approved pursuant to IIROC Dealer Member Rule 29.7(3) and is generally accessible to anyone. An interactive electronic forum, such as Facebook or Twitter, on the other hand, includes real time discussions and although it does require prior approval, must be supervised to ensure compliance.”

Similar to the approaches being followed in the U.S., social networking profiles across LinkedIn, Facebook, and Twitter must be pre-approved. In addition, they clearly call out that real-time discussions can be post-reviewed. The caveat is that it is still about the content and not the medium. The points above are general guidelines. If someone posts a clear advertisement on Facebook it MUST be pre-approved. This is one of those areas where training will be critical to help determine the nature of the content and the appropriate action to take.

Third-Party Communications and Research

“Third-party posts may be attributed to or considered an endorsement by the Dealer Member, thereby triggering regulatory and legislative requirements. For example, re-tweeting a client’s post or providing a “thumbs-up” may be considered an endorsement. Whether or not a third-party communication will be considered to be the Dealer Member’s communication will depend on the facts and circumstances of each case.”

This guidance is much more restrictive then what we see from FINRA. With that said, many firms prohibit the actions described above, including ‘Liking,’ ‘Sharing,’ ‘Re-Tweeting,’ and ‘Favoriting’ a post. To help ensure compliance firms are deploying automated solutions to prohibit access to these features while on the native social networking sites.

I applaud IIROC for responding to its Dealer Members to ensure clarity as it relates to communication with the public and social media specifically. With hundreds of firms moving forward with social in the U.S., I’m expecting to see the same pattern of adoption in Canada in 2012. 

While firms aren’t delaying their move to social in anticipation of these rule changes, it appears we will have to wait to get the official SEC stamp of approval.

On November 1^st the SEC issued a press release calling for public comment on FINRA’s recent amendment and the proposed rule in its entirety. Written comments are due back on Dec 7^th, 2011. It’s unclear how long the process will take following those comments but this delay is going to push the effort well into 2012.

The SEC calls out six specific areas as it relates to comments. Of the six items outlined, number three is the one area that would really impact social media use.

1. The scope of the definition of “institutional investor” for purposes of [Rule 2210]
2. The “reason to believe” standard under Proposed Rule 2210(a)(4)(F)
3. The requirements applicable to internal communications, public appearances and postings in online interactive forums
4. The requirements applicable to communications prepared by research department personnel
5. The scope of the category of associated persons who financial interests would have to be disclosed in a retail communication that includes a recommendation of securities
6. The scope of the proposed exclusion from the content standards as set forth in proposed paragraph 2210(d)(8)

In the initial round of comments Fidelity and SIFMA “opposed the elimination of the term ‘public appearance’ as a communication category, particularly with respect to interactive electronic communications.” They argued that these posts are “more analogous to physical public appearances. They also argued that recordkeeping requirements would be less burdensome if posts on social media websites are considered public appearances.”

FINRA disagreed. They stated they had “already created an exception from the principal pre-use approval requirements for such posts, permitting members to supervise and review such posts in the same manner permitted for correspondence.”

We will continue to watch this process closely and let you know what comments and changes get introduced that would impact the use of social media in the industry.

What do you think about the proposed changes?

Much has already been written about the fact that “liking” a piece of content can be viewed as an endorsement (for now I won’t go into all of the compliance issues associated with endorsements, entanglement, etc.). As a result most firms with registered reps choose to block this capability on the social networks.

Before going any further let me offer a quick 101 class on sharing content. There are in fact multiple ways to “share” content and information across Facebook, LinkedIn and Twitter. Likes, Shares, Favorites and ReTweets – these are all actions you can take on these popular sites but all basically produce the same result. They publish a “message” to your social network thereby spreading the content further. Since it was an action you took there is a perceived endorsement of that content.

To make things a little more complicated we also have to remember that “liking” on Facebook has multiple uses. It is used to share information and show interest in a particular post but it is also used to connect to Facebook Pages (vs. adding a friend on a personal Facebook page). For the latter you are basically subscribing to that Page, opting in to receive that Page’s updates.

As a test I wanted to see if the terms around content sharing affected a firm’s policy. In fact, today it does. We analyzed policies from across the industry and found the following:

• 36% block Facebook and LinkedIn “Likes”
• However, for those that block Facebook Likes, 0% block LinkedIn Comment Sharing, News Sharing and Update Sharing.
• For those that block Facebook Likes only 20% block Twitter Favoriting and Retweets.

It would appear that the action of “liking” is viewed differently than “sharing.” But should it? I would suggest no. If your policy is to prohibit the programmatic sharing of content (meaning it is shared by clicking a button vs. posting something manually) then that policy should apply to all social networks, for all content.

Let’s dig into the notion of creating a basic post on these social networks. For example, creating a status update on Facebook or tweet on Twitter. Those posts may be original content or they may be a reference to some other piece of content you’ve found interesting. From this perspective you could argue that if you are going to block “liking” (used in the generic sense) then you should also limit the posts being made directly via the social networks themselves. While I hope this is not the case I feel compelled to offer the perspective.

One thing I think we can all agree on is that whether it is social networks or some other medium the test is of the content itself. Sharing a post about the Cardinals winning the first game of the World Series (Go Cards!) clearly does not pose a risk, whereas sharing a message on a specific financial product could…it all depends on the content. As you can see, content is king. The message should be scrutinized vs. the action that delivers it to your social network.

What is your take? We’d love to hear it. Just leave a comment below.

And one more thing, this will be one of the many topics we are discussing at our Compliance User Group on November 4^th. If you need more information please contact your Customer Success Partner.

Earlier in the month FINRA submitted proposed changes to NASD 2210 to simplify the guidelines around communications with the public. These changes not only simplify many issues for the industry, but they also provide insight into how FINRA interprets or plans to interpret the communication guidelines.

Back to Notice 11-39. In general, the content is very clear and does address many of the questions we’ve been hearing from the industry. I won’t walk through the entire Notice, but rather focus in on some of the more interesting aspects.

The first topic is around the review of a rep’s social media presence before launch. It is clear from 10-06, this notice and 2210 that aspects of the site, like profiles, must be approved by a registered principal prior to use. Much has been made of the notion of having to pre-review the first post on a rep’s social media site. While FINRA mentions that some firms require this, it does not say that it is required – an important distinction. If you are a firm taking this approach, remember you can always provide a handful of pre-approved first posts to the field to get started.

FINRA goes on to reinforce this point by saying “unscripted participation in an interactive electronic forum comes within the definition of public appearance.” And remember public appearances DO NOT require prior approval by a registered principal. Not surprisingly, this clarification aligns with the proposed changes to NASD 2210 – making it clear that this content can be supervised in a post-review fashion.

There is a lot of discussion around personal devices and whether the recordkeeping requirements apply. FINRA clarifies that the device is irrelevant, it is the content of the communication that must be considered. Later on in the Notice there is more discussion around personal devices, but here they focus on whether or not personal content must be retained and supervised. FINRA points out that firms can choose to treat all content created on these devices as business communications. However, another approach is to flag content as personal vs business such that firms have flexibility in how they supervise the material. In this scenario firms would have the ability to supervise 100% of the business-related social media communications while only conducting spot audits on the personal information. A huge time saver for the supervisory teams.

On the topic of technology, Question 3 looks at solutions that can automatically delete content after it has been read and sent. This type of technology typically applies for SMS (i.e., text messages). Regardless of if a solution exists to automatically delete content, if it is related to “business as such” it still must be retained and supervised.

One item that gets referenced over and over is training and education. Just as they do in Notice 10-06, FINRA points out “a firm’s policies and procedures must include training and education.” They also share that some firms require reps to “Certify on an annual or more frequent basis” that they are acting in a manner consistent with the firm’s policies. For more suggestions on what you need to include in your training and education program, check out the recorded webinar from our social media lifecycle series focused on training.

What did you think of the notice? Do you still have questions? If so please share them below.

The good news for those considering a move to social is that FINRA clarifies you do not need prior approval for communications posted on social sites as long as they qualify as interactive electronic forums. FINRA tried to introduce the concept of static vs. interactive with Notice 10-06 but unfortunately it created more confusion than clarity in the market. That was the one component introduced in 10-06 that was new, but there were no rules in place to support the actual definitions. The rest of 10-06 was clarification on existing rules. So we are back to where we started. It is all about the content and it’s classification.

You can access the entire SEC submission here, but to save you some time I’ve gone through and called out the parts that are most applicable to social media.

Communication Categories

The current NASD Rule 2210 divides communications into six separate categories:

• Advertisement
• Sales Literature
• Correspondence
• Institutional Sales Material
• Independently Prepared Reprints
• Public Appearance

FINRA is proposing to reduce the categories from six down to three. The new categories would be as follows:

• Institutional communication: includes all communications that fall within the current guidelines.
• Retail communication: includes any written (including electronic) communication that is made available to more than 25 retail investors within any 30-day period.
• Correspondence: includes any written (including electronic) communication that is distributed or made available to 25 or fewer retail investors within any 30-day period.

The proposal eliminates the current definitions for advertisement, sales literature, institutional sales material, public appearance and independently prepared reprints. They point out that “communication that currently qualifies as advertisements and sales literature would generally fall under the definition for retail communications.”

As it relates to Retail communication they provide a supervisory exemption for specific categories of this communication type. Two of these categories matter for social media. The first is any retail communication that is posted on an online interactive electronic forum (eg., social networks).  The second is any retail communication that does not make any financial or investment recommendation or otherwise promote a product or service of the member.

FINRA explicitly points out that the clarification around interactive electronic forums “codifies their current interpretation of the rules governing communications with the public on interactive electronic forums.” In other words, Notice 10-06 provided guidance to the industry but did not actually create any new policy. This change will make the interpretation explicit from a rule standpoint. There is no mention of the notion of static vs. interactive, which has caused confusion in the industry since no policy exists to back up those definitions introduced as part of 10-06. The second exemption broadens a current principal such that it would apply to all retail communication. This second exemption is important for social media because so much of what gets shared isn’t financial or investment related.

Both of these are positives for firms looking to embrace social for their reps.

In a nutshell it makes clear that organizations DO NOT need to pre-review content that is posted to social networks like Facebook, LinkedIn and Twitter.

Of course, recordkeeping requirements sill must meet the current standards. In addition to the recordkeeping, firms must supervise this content in the same manner as correspondence (i.e., post-review).

FINRA also reminds readers that rules around predicting performance, implying past performance will recur or making any exaggerated or unwarranted claim, opinion or forecast still apply. In other words your content must be fair and balanced. Something that a California-based broker failed to adhere by and as a result of her tweets was fined and suspended by FINRA.

One of the other interesting additions was the following: “Given the rapid changes to technology used to communicate with customers, FINRA believes it will be useful going forward to have exemptive authority with regard to the principal pre-use approval requirements applicable to retail communication in certain circumstances.” This statement shows an understanding that technology and communication mediums are evolving faster than policy can keep up. In theory this will help FINRA support the industry in a timely fashion without having to wait for formal rule clarifications or modifications (like this one).

3^rd party comments were mentioned but FINRA felt that Notice 10-06 in combination with previous guidance adequately addressed that topic.

The one area not specifically called out is social networking profiles. Going back to 10-06, FINRA calls for this content to be pre-reviewed and classified it as an advertisement. Under the proposed rule change it would now be classified as a retail communication. There is nothing in the proposed changes that would suggest it qualifies for the exemptions outlined above. As a result this content must still be pre-approved before being posted to social networking sites.

Comments on the proposal must be submitted to the SEC on or before August 24, 2011. At this point it is anyone’s guess as to when this will be finalized and approved. Independent of that date, these changes provide some great insight into how FINRA will look at social media communications. I suspect other state and federal regulators will be taking note as well.

FINRA has shared that they will release additional clarification on social media in a few months.  But, we also know that social media is an ever changing landscape, so it’s difficult to provide a black and white answer to the question… Where is the social media compliance bar?

We recently held a compliance forum with over 30 representatives from our customers. As part of that daylong session we discussed many of the answers to the question above. This experience, plus our deployments with more than 100 financial services firms since 2009, have led to the following 6 points that will help you and your firm ensure you are fully compliant. And this is not just opinion, we’ve had multiple clients go through and pass social media regulator audits already this year.

1. Policy- Compliance starts with policy. Regulators, like FINRA, require each firm to have a social media policy in place before opening access. Unlike other forms of electronic communication, social media requires a close look at the data and the activity that users can create and engage in. In addition, social networking sites are constantly changing so firms should plan for updates and think through how policy will flow from a paper document to technology for automation purposes. For more information on setting social media policy you can refer to the Guides we’ve published on the topic here. In addition, I’d encourage you to watch the recorded webinar on setting policy that was part of our joint LIMRA series title the Social Media Adoption Lifecycle.
2. Training- Just like having a policy, training is a requirement from the regulators. Training should cover everything from your policy, associated procedures and even best practices on how to use social media for business purposes. The latter is not a regulatory requirement but does go hand-in-hand with opening up access to new mediums, like social networks. Before recreating the wheel on training be sure to check out solutions from organizations, such as LIMRA, who are experts at training the field on regulatory issues.
3. Content- Archiving social media data is a fundamental requirement of all regulators. We know that social is treated the same as any other form of electronic communication in the eyes of the regulators. The challenge with social is getting all of the data you need to be compliant. You would never accept archiving 70% of your email, so why would that be acceptable with social? As you explore how you will archive social networking information be sure to verify that all data is being captured.
4. Context- To be compliant in social media you need more than just the data created on the sites themselves you need the context as well. Yes, you must have the content that was posted, say a status update, but you also must have the fact that the data was a status update vs. a direct message. The reason is simple. Messages in social networks are not created equally. Depending on the context you must apply different supervisory principles. Context also becomes critical when a post turns into a full-blown conversation. Supervising a post without the context of a conversation is useless. Another challenging aspect of social networks is the concept of personas. Are you operating in a personal mode or a professional one? This is another area where context will serve you well, ensuring you are scrutinizing the right content.
5. Activity- Another area where social networks create unique compliance risk is around the activities of these sites. On LinkedIn, you can accept and display recommendations on your profile. Unfortunately, this is a violation of the  Investment Advisers Act of 1940. That regulation states that you can’t have testimonials inside of advertisements. What about “liking” a comment? Does that create suitability or endorsement concerns? It can. Part of ensuring compliance will be to limit access to these activities that can create risk for the individual and the firm.
6. Supervision- Supervision is fundamental when it comes to the communication of reps to consumers. With social media certain content must be pre-reviewed, as its considered an advertisement, and certain content requires post-review, similar to email or IM. While there is lots of debate on what must be pre-reviewed vs. post-reviewed (we will save this for a later post) it is clear that supervision of social media can create a real burden if the processes and points of integration to existing systems are not managed or thought through. Furthermore, firms must address the real-time nature of this medium. How will you ensure that the field can use these platforms effectively if your processes don’t support timely review?

Evolving? Yes. Impossible to meet the bar?  No, if you plan appropriately and base your decisions on industry best practices and expertise. And one last word of caution. Don’t just plan for the first 6 months of use. Be sure to consider the compliance challenges that are created as you expand your rollout, eventually approaching 100% utilization (check out this research from Morgan Stanley). It happened with email, and my prediction is that it will happen here as well. This puts a premium on getting it right the first time.

At our recent customer user group meeting, we were impressed by how open and frank our customers were with us, but more importantly with each other.  With a common goal in mind of developing a community that allows sharing of best practices and pitfalls, we spent a day working through a number of challenges and opportunities.

One of the hottest topics that everyone wanted to discuss was static vs. interactive.  When all was said and done, we agreed on two things.  (1) Content (i.e. what is posted) is king regardless of how/where it is posted.  Trying to label specific features of a social network, as static or interactive is a fool’s mission.  And (2) intent is everything – using the term “extemporaneous” to focus your compliance guidance was well accepted by all.

This led us directly into a conversation tied to pre-review and post-review.  Because of the conclusion on static content, it was agreed that pre-review of content is a critical aspect of a compliance solution and without it you cannot truly be compliant.  However, this does not relieve the compliance obligation, which demands that all information available must be captured whether, performed on network or off network (home computers).  It was very reassuring to all attendees when hearing peers confirm understanding of the regulations and ensure they are using the same solution to meet those regulatory requirements.

Part of our conversation focused around the constant changes occurring daily with the social networks.  Everyone was relieved to hear Socialware’s approach to addressing these changes through our agile product management and development strategy.  This was reaffirmed when Facebook announced a new video chat feature through a partnership with Skype. On that same day, we released a blocking filter should you choose to block this functionality for your users.

Personally, it was a very enjoyable day watching so many of our customers across numerous companies interact with each other.  We all walked out in the afternoon smarter and more educated for the time spent.  I’m looking forward to the next one already.