Posts Tagged ‘eDiscovery’

Helping State and Local Government Agencies Get Social

Thursday, February 18th, 2010

Our very own Chris Richter was recently interviewed on Federal News Radio 1500. The topic was social networking use at state and local government agencies, how to protect the agencies infrastructure and how to ensure compliance with laws, such as the Freedom of Information Act.

Some of the questions answered in the interview are:

- What is Social Middleware?
- How does it enable or help the Open Government directive?
- Is this something that empowers agencies to adopt Social Networks?
- Is this something that makes these tools more useful?

For answers to these questions and more click the play button below or listen to the interview on the Federal News Radio 1500 site.

Interview description
“As state and local governments move forward using Twitter and Facebook, questions are looming as to how to best use these new social media tools to reach private citizens. Social middleware is being used to help ward off the potential IT risks and compliance issues associated with using social media tools.”

Tags: , , , , , , , , , ,
Posted in Compliance, News, Social Middleware, Social Networking News | No Comments »

Social Networking: Going Online Without Crossing the Line (Research Magazine Cover Story)

Tuesday, February 16th, 2010

RES-March310-Cover-200pxIn the March edition of Research Magazine they take a detailed look at the challenges financial advisors face in dealing with social networking sites like Facebook, Twitter and LinkedIn. As they point out “Some have blocked access to networking websites from advisor workstations. At least one broker-dealer requires new hires to delete their LinkedIn profile as a condition of employment.”

The challenges are very real in these highly regulated environments. Kip Gregory sums it up well “Who could blame any firm operating in a regulated industry for taking a cautious approach in the face of all that? Especially in financial services, which is at its core an industry built around the management of risk. The question is: How do you, as a competitor in this business, choose to respond to a clearly shifting landscape?”

Of course the latest move by FINRA helps ease some of the concerns of these financial firms. With the release of Notice 10-06 they address some of the big questions firms are asking. In addition to this Notice you can also download the Companion Guide to FINRA Social Networking Compliance. And if you are still hungry for more information be sure to check out the play-by-play summary of the February 3rd FINRA webinar on this topic.

The article then moves on to discuss the “techno-solutions” to solving the social networking compliance problem. They highlight our Risk Manager solution for it’s ability to turn on or off any part of a social network that could cause a compliance issue. In addition, there is discussion around our ability to moderate content before it hits the social sphere as well as providing full capabilities to do a post-review after the fact.

I don’t want to give the entire article away so let me just leave you with a few final thoughts:
- Social networks are here to stay and the firms that find ways of adopting them first will have a big advantage. In fact the article points out that “100 percent of the 48 firms surveyed thought social media was here to stay and 84 percent thought it would have a lasting impact on financial services.”
- You do have to create a social media policy (don’t skip this step) – here is a good place to start (first paragraph)
- Look for ways to institutionalize your policy through social networking compliance solutions.
- Plan for change – the sites change, compliance issues change and the way advisors use these tools will change.

Read the full Research Magazine article here

Tags: , , , , , , , , , , , , , , , ,
Posted in Compliance, News, eDiscovery | No Comments »

Real world advice for independent advisors, an interview with Kristen Luke

Monday, February 8th, 2010

wmmlogoKristen Luke, from Wealth Management Marketing, was gracious enough to spend some time talking through her work with independent investment advisors and financial planners. We specifically discussed social networking, what’s holding her clients back and how they are dealing with SEC and FINRA compliance issues.

1. Tell me a little about your background and Wealth Management Marketing
“Prior to starting Wealth Management Marketing in October of 2008, I headed up the marketing department of a boutique wealth management firm in San Diego for 3 years.   It was a natural transition from working at my previous job to starting WMM since I performed similar tasks, but now I do it for a variety of firms instead of just one.   I have a BA in Business Economics from the University of California, Santa Barbara and an MBA with an emphasis in Marketing from San Diego State University.  WMM develops marketing plans for independent advisors and also provides the back office support required to implement the strategies. Basically, we are an in-house marketing department outsourced.”

2. Can you profile the clients you typically work with?
“I primarily work with independent investment advisors and financial planners.  The majority of my clients are RIAs which can range from solo practitioners with $10 million in AUM to firms with 20 employees with a few hundred million in AUM.  I also work with individual advisors at larger brokerage firms who need help creating their own individual marketing plans or are looking for assistance in creating a social media marketing strategy.”

3. What are their top issues/challenges when it comes to social media marketing?
“I consistently hear the same two challenges from my clients:
- Meeting compliance requirements.  Up until recently, it was not clear what an advisor could and could not do according to FINRA.  It is still unclear about what the SEC requires.  So many advisors tell me that their compliance departments won’t allow them to participate in social media.  I’m not sure if this is going to change now that FINRA has released their guidelines.
Quick Note: The Companion Guide to FINRA Social Networking helps address these questions.
- “Finding the time to participate in social media.”

4. What percentage of your clients are engaged with social networks today?
“Almost 100% of my clients are engaged with social networks in some way.  Most of them are only involved with LinkedIn.  Closer to 50% are involved in Facebook or Twitter for business purposes.”

5. For those that are active how are they dealing with compliance issues?
“Some advisors have not been concerned about it and are doing nothing.  Others are passing everything through their compliance departments prior to posting on LinkedIn, Facebook and Twitter.  Others are using sites likes Socialware to archive their social media activity.”

6. What would recommend to your clients that are getting ready to start engaging with social networking?
“I would recommend that they first understand what they can and cannot do from a compliance standpoint.  Then I’d recommend they start playing around with the different sites to get an understanding of which ones they like.  I find that the advisors that are most successful with social media are the ones who personally enjoy interacting on the different sites.  Once an advisor has a basic understanding of social media, it’s important to create a plan of action.  This includes finding their target market and centers of influence on the different sites, determining what type of information to broadcast and how often to do so.  Social media is like any other type of marketing.  It should be planned out to increase the likelihood of success.”

It is clear from our day-to-day conversations and interviews like this that social media will continue to play a big role for independent investment advisors and financial planners. As Kristen points out it is critical to understand the compliance issues before jumping into this new channel of communication. I’ve already mentioned the Companion Guide to FINRA Social Networking and in addition you should look at the summary of the recent FINRA webinar explaining Notice 10-06 on Social Networking Compliance.

For more information from Kristen you can follow her on Twitter or at her blog.

Tags: , , , , , , , , , , , , ,
Posted in Compliance, Marketing, eDiscovery | No Comments »

FINRA Webinar: Compliance Considerations for Social Networking Sites

Wednesday, February 3rd, 2010

FINRA_logo

If you happened to miss it, FINRA hosted the Social Networking Compliance webinar this afternoon.  Here is a summary from their site on what was scheduled to be discussed:

“This webinar covers compliance and regulatory considerations when using social networking sites to communicate firm business. With the advent of Facebook, LinkedIn, MySpace and Twitter, business use of social networking sites has become popular and can present supervision challenges for firms. Panelists from FINRA discuss the guidance that was recently issued in Regulatory Notice 10-06.”

If you already read Regulatory Notice 10-06 you didn’t miss too much. I will say the most valuable part was the Q&A from the audience and FINRA staff. As you might expect the FINRA team focused on the overarching guidelines but didn’t spend too much time interpreting specific situations. They made it very clear that this is the responsibility of the firm to evaluate a sites capabilities and determine what the firm’s policy will be on usage, supervision, record keeping, etc.

If you are looking for more details on how these guidelines get interpreted for use on social networks you should download the Companion Guide to FINRA Social Networking Compliance.

And if you are interested in a summary of the webinar here are all of my live tweets that I posted during the session. Feel free to follow me on Twitter and send me any questions you have.

  • Joe Price talking about FINRA task force on social networking, 14 industry participants, came out with Notice 10-06
  • 5 key points, record keeping, suitability, types of content, supervision & 3rd party posts
  • Record Keeping: rules flow from SEC standards, no way to change this. Must retain, archive and retrieve to be compliant
  • Record Keeping: technology is going to be the issue, FINRA spoke to firms (including Socialwarewe solve this today with Risk Manager)
  • Record Keeping: discussing integration to enterprise archives, lot of interest in area, each firm needs to assess each solution
  • FINRA will not endorse any technology provider, firms need to assess the fit, determine if it delivers on compliance needs
  • interested in position on acceptable formats of social media messaging for FINRA filing and internal record keeping
  • Question: how do you file a tweet? Acceptable filing format is PDF for FINRA but not for retention (discovery issues, etc)
  • Suitability: 01-23 applies to social media directly, applies around recommendations, “call to action” or “suggestion”
  • Suitability: more specific to individual more likely it will be a recommendation, general news not a rec.
  • Suitability: call to action is key, not going to have prior approval requirement so be careful of what you post
  • Possible use of templates? Firms have libraries, drop a recommendation of an approved template, be careful of specific products
  • Question: “Business as such?” SEC term, not addressing it in Notice 10-06, books and records rule apply in this situation
  • Question: “if we decide to utilize social media we must have technology to track information” there are low tech options…
  • …technology is going to be key to make this scale
  • Question: “if a rep indicates where they work is that an advertisement?” ex: business card info on LinkedIn, likely already approved
  • Question: “business related inquiry on social media site?” addressing later, need to have procedures for reps to follow
  • Content Types: “interactive electronic forum” have def. of public appearance (i.e., chat rooms), must all be supervised
  • Content Types: public appearances do not need to be pre-approved
  • Content Types: blogs? static communication = advertisement = prior approval. However some allow for interaction
  • Content Type: These interactive blogs would be considered a public appearance (i.e., allowing comments)
  • Question: “What if firm hosts a blog and allows for 3rd party comments? What if it is a marketing brochure blog?” This is static
  • Content Types: key ideas, employees should have site use approved for use of logos, content, etc (the static elements)
  • Content Types: engaging on the sites can then be supervised post-use, these are the interactive pieces
  • Content Type: firms should decide on their own policies as part of this.
  • Content Types: key is whether or not a dialogue is supported or intended on these portions of social sites
  • Technology to capture content is still evolving, will there be compliance grace period? FINRA answer “No”
  • Firms must make the call if a vendor can meet the FINRA requirements (check out companion guide http://bit.ly/72HiGj)
  • Recently looking at a blog that wasn’t interactive, send email back and comment *not real-time interactive communication*
  • Question: “On Twitter, is initial posting interactive or static?” background content is static part, tweets are interactive
  • Question: “what if social site doesn’t allow for archiving?” answer don’t use it or use a 3rd party solution (i.e., Socialware)
  • Question: “what about broker-to-broker communication?” defined as institutional sales material (2211), already defined
  • Question: “How will FINRA test compliance?” FINRA provides policy guidelines, new process, examiners take steps to analyze steps  …
  • Question: …will look for supervisory steps, will look for policies, will look for other steps that compliance is being addressed with
  • Supervision: interactive communications can be supervised, implement risk based principles to review communications
  • Question: “Use of sites for recruiting?” Yes – they are subject to FINRA advertising rules, static vs. interactive
  • Question: Recruiting issue – expectation of earnings. Be careful here, this is most frequent issue
  • Question: “can registered reps conduct pre-approved, scripted, filed FINRA presentations via a webex type of application, w/instant messaging” …
  • …”assuming IM’s are being supervised by a reg. principle?” webinar=static, questions=interactive (can be supervised)
  • Supervision: can choose to pre-approve or not, can choose to sample pre or post, lot of flexibility, you decide
  • Supervision: communication between research and investment bank always need review, as well as incoming complaints
  • Question: “do personal social sites of RR need to be monitored to ensure not being used for professional use?” …
  • Question: … firms need to establish procedures/policies on this, once used for business firms are responsible,
  • Question: “don’t want reps using Facebook, agree not to, is firm responsible to still track?” I don’t know, maybe based on person
  • Question: “are firms accountable for how RR identifies themselves on personal SN site” firms need to adopt clear policies on this
  • Question: “does review of interactive communication have to be conducted by a registered principal” can be some delegation
  • Should not allow RR to use social media sites if you cannot supervise it (for business purposes)
  • Ensure you train those that are granted access, enforce your procedures, have consequences for violations
  • Question: “prohibit from using certain social site features, are firms accountable if RR use them if “prohibited”?” …
  • Question: Answer is same. They are responsible. (Socialware can disable these features completely to protect the firm – look at Feature Level Access Control of Risk Manager)
  • Question: “how do you supervise an anonymous complaint?” guidance already provided, must be able to identify person & issue
  • 3rd Party Posts: not subject to advertising rule (great clarity), situations where you can be held accountable
  • 3rd Party Posts: adoption & entanglement, you republish or direct people to content, you just adopted it and endorsed it
  • 3rd Party Posts: influenced posts, can you please post a testimonial to my Facebook page = entanglement
  • Question: “implicit endorsement of posts, rep didn’t remove a comment?” does not create an endorsement situation
  • Question: “RR retweets a post, is this an endorsement/entanglement” absolutely endorsement or adoption
  • Question: “What if you “like” a comment on Facebook” Yes absolutely that is an endorsement (FYI – Socialware can block this)
  • Question: “what if statement is just wrong, what should firm do?” adopt policy to enable quick action, still needs to be supervised
  • Adoption & entanglement is SEC concept, one-off answers not the way to go, each firm should develop a complete policy
  • Firms are doing a lot of different things to monitor 3rd party posts, complaints, publishing guidance
  • Great FINRA webinar, hope you enjoyed the live tweets, be sure to grab the Companion Guide for SN Compliance http://bit.ly/72HiGj

Look for much more from Socialware on this topic. And if you haven’t registered for a Risk Manager invitation please do so here (it is free). Of course, if you want to get started right away you can sign up for the premium version here.

Tags: , , , , , , , , , , , , , , , , , , ,
Posted in Uncategorized | 2 Comments »

Just released: Companion Guide to FINRA Social Networking Compliance

Tuesday, January 26th, 2010

FINRABlogPostYesterday FINRA surprised everyone by releasing Regulatory Notice 10-06, titled “Social Media Web Sites – Guidance on Blogs and Social Networking Web Sites.” Since September of 2009, FINRA created and has been working with a Social Networking Task Force to discuss “how firms and registered representatives could use social sites for legitimate business purposes in a manner that ensures investor protection.” One of the key goals of this task force, and this new notice, is to interpret the FINRA rules with the knowledge of the changing landscape of social media to allow firms to communicate in this channel while still protecting investors.

For the most part there is nothing new in the Notice. FINRA reinforces their position on long standing electronic communication guidelines reiterating that those rules apply exactly as stated for social networking sites such as Facebook, Twitter and LinkedIn.  For example:

  • Recordkeeping – firms ARE required to retain social media records that a related to a broker-dealer’s business.
  • Supervision – firms MUST monitor the extent to which employees are complying with policies.
  • Pre-approval – firms MUST define their policy for pre or post approval depending on their risk profile.

While reinforcing some of the core guidelines there were a few key clarifications that make adopting social networks a little bit easier in the financial services arena.  For example:

  • Static vs. Dynamic content – a registered principle is still required to pre-approve any static content such as a profile or Twitter background details. Dynamic content such as wall posts constitute an interactive electronic forum and therefore firms do not have to have a registered principal approve these communications prior to use.
  • Third-party posts – FINRA clarified that posts by customers or other third parties are not governed by rule 2210. However, if a firm endorses one of these posts they may become attributable to the firm.

While this update is a very positive step for firms there is still the open question of how to address the compliance requirements in an automated fashion.  Additionally, FINRA does not address every fine grain issue you will run into on social networks that could trigger a compliance violation. For example, does Favoriting a tweet trigger rule 2210 because of an endorsement? And more importantly how will protect your firm from these possible violations?

To help firms accelerate their adoption of social networking tools Socialware has released the Companion Guide to FINRA/SEC Social Networking Compliance. This guide provides a detailed analysis of social networks and how their capabilities can trigger regulatory rules. Furthermore, it provides a clear checklist of requirements to evaluate social networking compliance solutions.

For more details you can read the press release and download the guide now.

Tags: , , , , , , , , , , , ,
Posted in Best Practices, Compliance, News, Social Middleware, eDiscovery | 5 Comments »

Government, Social Networks and Freedom of Information

Thursday, January 21st, 2010

governmentI came across an article yesterday, titled Twitter and Government Transparency. In it Andy Opsahl outlines the potential challenges social networks are creating for government entities.  The question being raised is whether or not activity on sites like Twitter, Facebook and LinkedIn need to be archived and available for records requests.

As Melinda Catapano points out in the article “if this is connected to official agency work, you better be able to produce that record.” But aren’t these consumer sites, just used for personal use? The answer is it depends. While the lines are blurring between personal and professional use on these sites one thing is clear. If you are using them to communicate agency work you can be assured that it is going to be governed by the same set of principles that govern other communications

In fact, Wisconsin Attorney General J. B. Van Hollen recently issued an opinion in which he states that electronic communications made by elected officials are public records, even when they are posted on social networking sites. Van Hollen states that the Wisconsin Public Records laws applies whenever the content is connected to the official’s purpose or function.

One option many agencies have employed is to simply block access to these sites. That course of action flies in the face of The President’s Open Government Directive.  These sites are the perfect platform to create transparency, participation and collaboration. The Bright Side of Government recently did a blog post that discusses this exact topic. Of course with increased levels of participation comes the need to comply with the federal guidelines such as the Freedom of Information Act and the Public Information Act.

Catapano admits that “she, like numerous other CIOs, didn’t have a clue as to how to archive external social networking posts”. She goes further by saying “it would probably be a good master’s thesis because everybody needs those answers and everybody seems to be avoiding the problem.”

Well there is good news Melinda. One you are not alone in that other industries are struggling with this same challenge. Here is a quick snapshot of the issues that financial services organizations face around embracing social networks.  Second, there actually is an automated solution to archiving social network activity and content. Socialware’s Risk Manager solution was built from the ground up to solve this problem and many others that can arise from business related usage of social networks.

Today we are currently working with a number of government agencies and look forward to sharing their success stories over the coming weeks and months. In the mean time if you are interested in signing up you can request a free invitation here.

Tags: , , , , , , , , , , , , , ,
Posted in Compliance, News, Social Middleware | No Comments »

When is a social media policy not enough?

Wednesday, January 20th, 2010

policyAs more and more companies race to adopt social technologies they inevitably ask the question, “what should our policy be?” Depending on the industry and the company you will find a wide range of policies. Some are a few paragraphs and some are literally pages long. If you are looking for some examples here is a great list of policies across a number of industries.  Additionally, here is a more specific list of government related social media policies.

I will be the first to say that policies are important when it comes to opening up the social web to your employees. But a word of caution, don’t stop after pressing the save button.  In a recent report from Deloitte they posed the question to employees “what is your company’s policy when it comes to use of social networking channels”? Here were the responses:

  • 26% – There are specific guidelines as to what you can and cannot say online in relations to the company and/or client matter
  • 7% – The policy is to use your discretion when it comes to posting comments and opinions on the world wide web and social networking sites
  • 11% – There is a policy, but I don’t know what it is
  • 23% – There is no policy
  • 24% – Don’t know if there is a policy

Note that 58% either don’t have a policy or don’t know what it is. This should be concerning. After all if your company believes it’s important enough to create a policy isn’t it just as critical to ensure the policy is followed? On that topic how will you monitor it to ensure compliance? In regulated industries like financial services and government this is even more critical as regulators require that certain activity be captured and archived.

The Independent Insurance Agents & Brokers of America (IIABA) recently published a great resource titled “Creating a Social Web Policy for Your Independent Agency”.  The report offers some very good recommendations and detailed steps on how to go about creating a social media policy. However, there are two recommendations that I would like to expand on.

The first is related to “compliance with federal and state discovery, document retention and other laws and agency procedures.” In the guide they state “employees should copy and paste any client specific social media communication into the agency management system and record an activity in the same manner they would in using other media.”  While that is one way to capture and retain the data it is enormously unproductive and it also raises questions around completeness of the archive.

What happens if someone forgets to take these steps or decides they simply don’t want to? A better approach would be to leverage automated solutions, like our Risk Manager product as an example, that sits between the end user and the social networks to automatically capture and retain the content. Not only will this eliminate the manual work around data capture and retention but it also guarantees completeness.

The second is around advertising statutes and regulations. They correctly state that “social media posts are communications subject to various federal and state laws/regulations, including characterization as advertising under some state laws, so employees should make sure they are complying with all such laws in using social media.” This is correct. The detail that is missing though is how you will comply in this new environment. Again I’ll go back to our Risk Manager product as a mechanism to help ensure compliance on this point and many others.

I encourage you to download the IIABA report if you have not created your social media policy. If you are looking for more information on how the FINRA/SEC rules impact social network use you should take a look at this summary as well. Last be sure you have the tools in place to make it as easy as possible for your employees to meet the policy and compliance guidelines as they start to use these powerful sites.

Tags: , , , , , , , , , , , , ,
Posted in Compliance, News, Social Middleware, eDiscovery | No Comments »

Security execs fear the unknown

Tuesday, October 20th, 2009

Twitter Security Image

Forrester analyst Rob Whiteley recently posted a blog entry titled “Security execs are insecure about Twitter”. At the Forrester Security Forum the topic of Twitter and the security threat it poses to enterprises got a lot of attention.

Rob made some great points and raised some interesting questions.

1. Security execs must find a way to deal with the shift in data ownership

2. Consumerization of IT is usurping control from IT

3. It’s no longer sufficient — and definitely not necessary — to denounce the use of social media

Dealing with a shift in data ownership

We couldn’t agree more with this point. Every day employees are using the tools they believe will make them most productive in their job – applications such as Facebook, LinkedIn, Twitter and more. While the enterprise doesn’t own the application they need to take steps to monitor, capture and retain the data. Without taking these steps companies put themselves at risk on multiple fronts from compliance to eDiscovery to data leakage.

Consumerization of IT

The process of provisioning new applications and devices is no longer forced to go through IT. The idea of IT consumerization continues to grow and companies are still struggling with finding the “right” answer. On the positive side consumerization helps drive productivity, accelerate innovation and doesn’t require the organization to spend millions on applications that aren’t fully utilized.

Of course there are downsides to consumerization and IT groups are scrambling to find ways to deal with the challenge. The answer lies in enabling employees to use these applications in a safe, controlled and secure way. Blocking access will only encourage employees to find workarounds and put the organization at even greater risk.

Not necessary to denounce social media

People fear what they don’t understand. Twitter is a great example. It may be one of the latest consumer apps to dominate the scene but it won’t be the last. Enterprises will be faced with the next “Twitter” before long and the reaction will likely be the same.

Enterprises need to break the cycle of fearing the unknown. Instead let the employees guide the business based on what they know works. By working with them instead of blocking access businesses will reap the rewards.

Tags: , , ,
Posted in Best Practices, Compliance, News | No Comments »