(This is a guest post from Stephen Selby, Director of Regulatory Services at LIMRA.)

As social media users in financial services have discovered over the past couple of years, it’s tough to build a business in a swamp. It makes me think of the King of Swamp Castle from Monty Python and the Holy Grail.

Listen, lad. I’ve built this kingdom up from nothing. When I started here, all there was was swamp. All the kings said I was daft to build a castle in a swamp, but I built it all the same, just to show ‘em. It sank into the swamp. So, I built a second one. That sank into the swamp. So I built a third one. That burned down, fell over, then sank into the swamp. But the fourth one stayed up. An’ that’s what your gonna get, lad—the strongest castle in these islands.

Social media regulation has been a little like Swamp Castle. FINRA released Regulatory Notice 10-06, and built a foundational concept for all of us to follow—all the old rules apply. But the financial services industry as a whole did not believe that foundation was solid enough. We let the first castle sink into the swamp.

Then FINRA released Regulatory Notice 11-39. The financial services industry again said that foundation was not strong enough, so we again let social media fall into the swamp. Foreign regulators like the FSA in Great Britain and the IIROC in Canada published social media guidance in their own countries. The National Association of Insurance Commissioners issued its own white paper on social media. The messages from the FSA, IIROC, and NAIC all tracked well with FINRA’s core message—all the old rules apply. But the financial services industry was not happy with that foundation yet and, even with all of the positives, watched social media again fall into the swamp.

January 2012: The Fourth Castle of Social Media Regulation

Now we have both the SEC and the Commonwealth of Massachusetts issuing guidance for Registered Investment Advisors. To paraphrase the King of Swamp Castle—I am here to tell you what you’ve gotten—the strongest castle in these islands! We have seen securities regulators, insurance regulators, and now RIA regulators all say the same things: Yes, social media is an exciting new form of communication. Yes, we will apply existing rules to this new technology. It should be clear that we are no longer standing in a swamp, but on the strong foundation of a consistent message.

Let’s see how that consistent message applies to RIAs in the Commonwealth of Massachusetts. I will present these points in a different order than communicated by the Massachusetts Securities Division their memo of January 18, 2012. This order should help you structure your approach to social media for RIAs:

• Social Media is subject to supervision. Have a plan. Document it. Test the plan at least annually.
• Training. No policy or procedure is very good unless people know what it is. Therefore training is a really good idea.
• The firm is responsible for all business content. It’s social media time. Do you know what your investment advisor representatives (IARs) are saying?
• Social media is subject to record-keeping requirements. You will need a method of capturing and retaining social media content in a manner consistent with SEC retention rules. (For more, see 950 CMR 12.205(7)(a) and 17 CFR 275.204-2.)
• Frequent supervision is better. Massachusetts states on page 6 of their document “A review done daily would be considered a reasonable supervision of the adviser’s social media site.” Less frequent review can be acceptable—if you have low traffic volumes.
• Social media is usually advertising under RIA rules. Go back to the basics and apply current advertising content and supervision standards for RIAs to social media. Performance reporting via social media is subject to the same content and time standards as any other kind of media. Cherry picking past performance is not permitted. Recommendations are not permitted.
• Adoption and Entanglement applied across regulators. RIAs are responsible for content which they post, Tweet, re-Tweet, or like, or to which they link. RIAs are also responsible for content which is posted on behalf of their representatives by business partners or anyone else who has an interest in the success of the IAR. Selective removal of some content results in the “adoption” of the remaining content.
• “Liking” can be Problematic. To completely understand what Massachusetts is saying about the “Like” button, I encourage you to read SEC Regulation FD and the recent SEC risk alert. The key take-away is that your firm is responsible for any content which is “Liked” by the firm or an IAR. Make sure it’s good content.
• Read the SEC guidance. Massachusetts makes reference to recent SEC guidance on social media usage.

More Best Practices for Social Media Compliance

The Massachusetts document “The Use of Social Media by Investment Advisers” is not intended to tell the whole story. Here are a few ideas you need to consider beyond the recent guidance provided by the Commonwealth.

• Put clear license and registration disclosures in social media profiles. This will help insulate the firm against the appearance of soliciting where the firm is not registered.
• Update the firm’s Code of Ethics. Not all states require a code of ethics, but communicating a standard and then training your people to that standard is always a good idea.
• Face-to-face supervision is a best practice. Take time to review the computers and mobile devices of IARs when visiting satellite offices.
• Understand what is being said about you by solicitors and other business partners. You may need to review agreements to specifically address the use of social media.
• Get help, but take responsibility. Social media use and supervision is ultimately up to you, but Socialware and LIMRA can help get you going.

In closing, think of the King of Swamp castle. “All the other kings” may say you are daft for using social media when there are so many questions, from ROI to compliance. Prove them wrong. Now that regulators for the securities, insurance, and investment advisory business have spoken, you have a firm compliance foundation on which to build your social media practice.

When so many regulators are saying the same thing—maybe you really do have the opportunity to build the strongest castle in these islands.

Image source.

Earlier in the month FINRA submitted proposed changes to NASD 2210 to simplify the guidelines around communications with the public. These changes not only simplify many issues for the industry, but they also provide insight into how FINRA interprets or plans to interpret the communication guidelines.

Back to Notice 11-39. In general, the content is very clear and does address many of the questions we’ve been hearing from the industry. I won’t walk through the entire Notice, but rather focus in on some of the more interesting aspects.

The first topic is around the review of a rep’s social media presence before launch. It is clear from 10-06, this notice and 2210 that aspects of the site, like profiles, must be approved by a registered principal prior to use. Much has been made of the notion of having to pre-review the first post on a rep’s social media site. While FINRA mentions that some firms require this, it does not say that it is required – an important distinction. If you are a firm taking this approach, remember you can always provide a handful of pre-approved first posts to the field to get started.

FINRA goes on to reinforce this point by saying “unscripted participation in an interactive electronic forum comes within the definition of public appearance.” And remember public appearances DO NOT require prior approval by a registered principal. Not surprisingly, this clarification aligns with the proposed changes to NASD 2210 – making it clear that this content can be supervised in a post-review fashion.

There is a lot of discussion around personal devices and whether the recordkeeping requirements apply. FINRA clarifies that the device is irrelevant, it is the content of the communication that must be considered. Later on in the Notice there is more discussion around personal devices, but here they focus on whether or not personal content must be retained and supervised. FINRA points out that firms can choose to treat all content created on these devices as business communications. However, another approach is to flag content as personal vs business such that firms have flexibility in how they supervise the material. In this scenario firms would have the ability to supervise 100% of the business-related social media communications while only conducting spot audits on the personal information. A huge time saver for the supervisory teams.

On the topic of technology, Question 3 looks at solutions that can automatically delete content after it has been read and sent. This type of technology typically applies for SMS (i.e., text messages). Regardless of if a solution exists to automatically delete content, if it is related to “business as such” it still must be retained and supervised.

One item that gets referenced over and over is training and education. Just as they do in Notice 10-06, FINRA points out “a firm’s policies and procedures must include training and education.” They also share that some firms require reps to “Certify on an annual or more frequent basis” that they are acting in a manner consistent with the firm’s policies. For more suggestions on what you need to include in your training and education program, check out the recorded webinar from our social media lifecycle series focused on training.

What did you think of the notice? Do you still have questions? If so please share them below.

The good news for those considering a move to social is that FINRA clarifies you do not need prior approval for communications posted on social sites as long as they qualify as interactive electronic forums. FINRA tried to introduce the concept of static vs. interactive with Notice 10-06 but unfortunately it created more confusion than clarity in the market. That was the one component introduced in 10-06 that was new, but there were no rules in place to support the actual definitions. The rest of 10-06 was clarification on existing rules. So we are back to where we started. It is all about the content and it’s classification.

You can access the entire SEC submission here, but to save you some time I’ve gone through and called out the parts that are most applicable to social media.

Communication Categories

The current NASD Rule 2210 divides communications into six separate categories:

• Advertisement
• Sales Literature
• Correspondence
• Institutional Sales Material
• Independently Prepared Reprints
• Public Appearance

FINRA is proposing to reduce the categories from six down to three. The new categories would be as follows:

• Institutional communication: includes all communications that fall within the current guidelines.
• Retail communication: includes any written (including electronic) communication that is made available to more than 25 retail investors within any 30-day period.
• Correspondence: includes any written (including electronic) communication that is distributed or made available to 25 or fewer retail investors within any 30-day period.

The proposal eliminates the current definitions for advertisement, sales literature, institutional sales material, public appearance and independently prepared reprints. They point out that “communication that currently qualifies as advertisements and sales literature would generally fall under the definition for retail communications.”

As it relates to Retail communication they provide a supervisory exemption for specific categories of this communication type. Two of these categories matter for social media. The first is any retail communication that is posted on an online interactive electronic forum (eg., social networks).  The second is any retail communication that does not make any financial or investment recommendation or otherwise promote a product or service of the member.

FINRA explicitly points out that the clarification around interactive electronic forums “codifies their current interpretation of the rules governing communications with the public on interactive electronic forums.” In other words, Notice 10-06 provided guidance to the industry but did not actually create any new policy. This change will make the interpretation explicit from a rule standpoint. There is no mention of the notion of static vs. interactive, which has caused confusion in the industry since no policy exists to back up those definitions introduced as part of 10-06. The second exemption broadens a current principal such that it would apply to all retail communication. This second exemption is important for social media because so much of what gets shared isn’t financial or investment related.

Both of these are positives for firms looking to embrace social for their reps.

In a nutshell it makes clear that organizations DO NOT need to pre-review content that is posted to social networks like Facebook, LinkedIn and Twitter.

Of course, recordkeeping requirements sill must meet the current standards. In addition to the recordkeeping, firms must supervise this content in the same manner as correspondence (i.e., post-review).

FINRA also reminds readers that rules around predicting performance, implying past performance will recur or making any exaggerated or unwarranted claim, opinion or forecast still apply. In other words your content must be fair and balanced. Something that a California-based broker failed to adhere by and as a result of her tweets was fined and suspended by FINRA.

One of the other interesting additions was the following: “Given the rapid changes to technology used to communicate with customers, FINRA believes it will be useful going forward to have exemptive authority with regard to the principal pre-use approval requirements applicable to retail communication in certain circumstances.” This statement shows an understanding that technology and communication mediums are evolving faster than policy can keep up. In theory this will help FINRA support the industry in a timely fashion without having to wait for formal rule clarifications or modifications (like this one).

3^rd party comments were mentioned but FINRA felt that Notice 10-06 in combination with previous guidance adequately addressed that topic.

The one area not specifically called out is social networking profiles. Going back to 10-06, FINRA calls for this content to be pre-reviewed and classified it as an advertisement. Under the proposed rule change it would now be classified as a retail communication. There is nothing in the proposed changes that would suggest it qualifies for the exemptions outlined above. As a result this content must still be pre-approved before being posted to social networking sites.

Comments on the proposal must be submitted to the SEC on or before August 24, 2011. At this point it is anyone’s guess as to when this will be finalized and approved. Independent of that date, these changes provide some great insight into how FINRA will look at social media communications. I suspect other state and federal regulators will be taking note as well.

Here are some of the key findings on advisers use of social media:

• 44% of investment advisers use some form of social media and this number is trending up for next year.
• 41% of advisers age 42-51 and 31% of advisers 52-61 use at least one form of social media. This group represents the largest use across the survey population.
• LinkedIn is the most popular social network used at 41%, Facebook is second at 14% and Twitter is third at 8%

When it comes to social media compliance, firms and their advisers are clearly putting themselves at risk for fines, suspension and possible lawsuits. Take a look at these key findings from the survey:

• 69% of firms using social media stated that they have no written record retention policies for social media content.
• 57% of firms using social media stated that they do not retain all content posted on social media websites.
• 68% of firms using social media stated that they don’t have written policies and procedures governing the use of social media by employees.
• 52% of firms using social media stated that the firm does not monitor or review social media content produced by its employees for business-related purposes.

In the words of the Securities Division, “the Survey suggest that investment advisers using social media sites for business communication may not have implemented sufficient recordkeeping systems and/or supervisory and compliance procedures.” This is clearly an understatement of the situation they discovered. Firms should consider this an early warning to the increased level of scrutiny coming down at the state level.

These results come on the heals of FINRA’s latest announcement that they are going to offer additional guidance on social media use by Registered Reps. This Notice, an extension to what was provided in Notice 10-06, is aimed at clarifying key questions arising from the industry.

As we’ve said before, the social media train has left the station. Advisers are going to use these platforms to grow their business (regardless of corporate policy) and the clock is ticking for firms to embrace this movement and ensure compliance. FINRA has already started their examinations on social media and you can expect states like Massachusetts to follow suit very quickly.

There has been a lot of speculation about what it all means for the industry. Before offering a point of view on that question let’s review what it said exactly:

• SEC: “All documents concerning any communications made by or received by [Adviser] on any social media site”
  In other words, you need to be archiving your social media activity. You should look for an automated approach to capturing all the required content and recognize that unless the solution can capture 100% of the data created on these sites, it isn’t a solution.

• SEC: “All documents concerning [Adviser]’s policies and procedures related to the use of social media web sites by [Adviser]”
  Just like email and IM, this form of electronic communication must be governed by a set of policies and procedures. Your policy should outline at a high level the corporate approach and guidelines to social media.  Your procedures should define the who, the what, the where, the when and the how of the policy itself.

• SEC: “All documents concerning [Adviser]’s policies and procedures concerning a third party’s use of any social media website maintained by [Adviser]”
  The question of 3^rd party comments really hits on the topics of entanglement and suitability. A comment on a social media site alone does not equal an endorsement, but there are situations that you must consider and construct your policy and procedures with those in mind. For example, how will you treat the “liking” of a comment or the “favoriting” of a tweet? If it occurs on the wrong comment you could create an issue for yourself. If it occurs on a benign statement the regulators will not take issue.

• SEC: “All documents concerning [Adviser]’s policies and procedures related to the use of social media websites by [Adviser]’s personnel for personal, non-business related matters”
  The topic of personal vs. professional is a complicated one. First, you are not allowed to have separate identities on social media sites, it is against the terms of service for LinkedIn and Facebook. Second, it is often the personal relationships that ultimately translate to business. There are multiple ways to account for this issue. Some are policy based and some are driven by technology. Check back for more on this topic as it really warrants an entire post.

• SEC: “All documents concerning [Adviser]’s personnel training and education related to the use of social media websites by [Adviser], whether for personal, non-business related, or business related matters”
  One consistent thread from all of the regulators in on the topic of training. If you are going to open up access to social media you must train on the policies and procedures. Additionally, it is a tremendously valuable investment to help individuals understand how to apply these new platforms to accomplish key business goals. On that topic, LIMRA and Socialware have recently released a whole series of training to specifically address everything from the regulatory issues to the business best practices.

• SEC: “All documents concerning [Adviser]’s record retention policies and procedures concerning the involvement with or usage of, whether for personal, non-business related, or business-related matters, any social media website maintained by [Adviser]”
  Not only is it critical to archive this electronic communication, it is also your responsibility to document what is required to be archived.  This documentation should account for the individual Advisers as well as anyone that supports them in their social media efforts.

For those of you that haven’t seen the Sweeps letter, I hope this detail helps. In a follow-up post I will address the following:

• What does the Sweeps letter mean for the industry?
• What should I do now?
• What resources are available to help me get compliant, quickly?

In an article from FA Magazine, Joe Price of FINRA discusses reconvening the social media task force to offer additional guidance on top of what has been provided in Notice 10-06. I for one applaud FINRA for continuing the discussion with the industry on this topic. In 12 short months we’ve seen over 100 FINRA-regulated firms adopt social media in a compliant fashion. These experiences have led to many learnings and some additional questions.

Many firms are also realizing that the honeymoon period is over. FINRA announced their examination priorities for 2011 and social media is one of the 20 areas listed. To quote their priorities announcement “In 2011, firms can expect FINRA examiners to review supervisory systems and recordkeeping for electronic communications like social media.” It should be noted that firms need to account for positive supervisory procedures as well as the reverse (test and ensure that reps are adhering to prohibition, if that is the policy)

Along this journey many firms have inquired about state regulators and their stance on social media. To date we have not seen any specific guidance from these regulatory bodies but we have heard anecdotes of state auditors examining social media policies, procedures and systems to support compliance. Without direct guidance it appears this auditors are using FINRA’s guidance as their measuring stick. This isn’t surprising when you look at the information coming from the SEC and IIROC. The guidance they are providing all looks very similar to FINRA’s.

Back to the topic of additional guidance, in the FA Magazine article described above, Joe Price is quoted as saying “People have said to me, ‘You’re not being creative enough. You’re not appreciating the fundamental sea change going on in communication,’” He points out that FINRA can’t modify the rules on its own because record-keeping requirements were established by the SEC, but does mention “We may need to rethink those old rules.”

There is no doubt this is a unique medium. That being said firms that wait to act are only putting themselves at more risk. Just look at what we found in our Advisor Survey last year. 40% of the respondents stated they were knowingly violating corporate policy to take advantage of the business benefits of social networks. By supporting a policy of prohibition you are actually inviting risk, not reducing it.

In addition, and perhaps more important, you are losing out on all the value that can be driven from these sites. Don’t believe me? Check out the recording of our latest webinar on LinkedIn Business Benefits. You’ll hear about real-world use cases and techniques for transforming your practice using LinkedIn. So stay tuned. 2011 is going to be a banner year for social media – for many reasons…

The year got started off with the much-awaited guidance from FINRA regarding the use of social media for regulated reps. Notice 10-06 clarified how financial firms should use social media in a compliant fashion and with this Notice in hand many got off the sidelines and into the game.

Of course, advisors had already started to experience the benefits of social media for their business. In a survey of regulated financial advisors Socialware found:

• 60% were already using social media for their business
• 36% acquired new customers
• 40% were using these sites, while knowingly violating the corporate policy of prohibition

And really, how can you blame them. Social media represents the greatest shift in how we connect, communicate and share. Consider a few of these milestones that social networks hit in 2010:

• Facebook reached 500 million users (only to recently break the 600mm mark)
• Twitter reached the 190 million user mark and 56% of these users rely on Twitter for business purposes
• LinkedIn reached 90 million users (only to surpass this mark by reaching the 100mm user mark in January. The growth is to be expected when you see stats like the one regarding their InMail service. It is 30X more effective than a cold call! I don’t know about you but I’d rather send one InMail vs. making 30 phone calls.

All of this success and activity has caught the regulators eyes. FINRA started completing LinkedIn audits in 2010. In addition, the SEC sent out a sweeps letter regarding social media (look for a blog post soon on this topic).

The good news is that Socialware’s nearly 100 customers can sleep easy at night knowing that they are protected, in full compliance and are on the path to realizing the potential that social media has to offer.

So thanks to everyone for an exciting 2010 – we know this is just the beginning of the great things to come as the financial services sector fully embraces social media.

This got me thinking about firms that are trying to manually monitor LinkedIn. Not only is it inefficient but it’s also ineffective. For example, say that you are going to rely on LinkedIn’s search to find reps from your company. The site offers a fast way to browse profiles, but they limit you to 300 results. This is a huge issue.

The only other option is to manually search for reps by name. Talk about a waste of time. And what will FINRA think of this approach to supervision? In the recent MetLife ruling FINRA fined the insurer $1.2mm because their email supervision approach was “hardly an effective means to detect misconduct.”

We recently spoke to a registered rep of a top 10 wealth management firm. Their policy allows reps to have LinkedIn profiles but they must be pre-approved (more on that later). While the content of the profile is approved by the Ad Review Department, there are no automated mechanisms to detect misconduct or better yet, ways to prevent it in the first place.

Taking advantage of LinkedIn’s Advanced Search I was able to find reps of this firm that had recommendations, certifications, personal activities and group associations – all violations of the firm policy and in some cases violations of SEC/FINRA regulations. The reality of social networking compliance is that the policies and procedures must be automated. The volume of content and activity is simply too high and the pace of change is too great.

So what exactly do firms need to be thinking about when it comes to LinkedIn compliance? Early this year FINRA published 10-06 as we all know. Even though the notice has been out for almost a year there still seems to be confusion. Let me try to clear up some of the confusion.

1. There are no new rules, just interpretation of the existing ones.
I took this point for granted early on. But as I talked to more and more companies I got the sense that organizations felt they had to deal with new FINRA rules. The reality is that 10-06 is simply an interpretation of their existing rules. Here is a snippet from the Notice that makes this point.

FINRA is issuing this Notice to guide firms on applying the communications rules to social media sites, such as blogs and social networking sites…At the same time, FINRA is seeking to interpret its rules in a flexible manner to allow firms to communicate with clients and investors using this new technology.

2. LinkedIn IS a social network
Another point I’ve heard from the industry is that some compliance departments don’t believe LinkedIn is a social network and as a result 10-06 doesn’t apply. FINRA actually calls out LinkedIn specifically in their notice and the same rules apply here as they would for Facebook, Twitter or other forms of electronic communication.

“Social networking sites, such as Facebook, Twitter and LinkedIn, typically include both static content and interactive functions.”

3. LinkedIn content must be archived and supervised
Yes and Yes. FINRA differentiates between static and interactive content on the social networks. They point out that static content is information like a LinkedIn profile and as with other web-based communications a registered principal of the Firm must approve all static content on a page of a social networking site before it is posted. This can create an issue for firms that don’t have the ability to manage access to the edit features of these profiles. Otherwise you are trusting a rep won’t violate policy, and testing against your policy would be highly manual and error prone.

In addition, FINRA makes it clear that every firm must ensure that it can retain records of social media communications as required by Rules 17a-3 and 17a-4 under the Securities Exchange Act of 1934 and NASD Rule 3110. For firms that allow access to LinkedIn without automated archiving and supervision this creates a massive risk. Here is a quick example of one risk that most firms overlook.

The main driver of value on LinkedIn is your network. You build that network by inviting people you’ve worked with, clients, prospects, recruits, etc. As you can see from the form above you create a short note to the contact so they remember you and understand why you are asking to connect. For firms that allow access without an automated solution they are going to miss every connection note (won’t be archived or supervised) and be in direct violation of FINRA/SEC.

If you are looking for more information on understanding FINRA 10-06 or LinkedIn specifically you can download the following guides:

The Companion Guide to FINRA/SEC Social Networking Compliance

A Guide to LinkedIn Social Networking Compliance

First let’s start with background on the MetLife fine. The issue at hand is that they did not follow their own policy on matters related to email archiving and the review of archived email.  Their policy was clear as far back as 1999. Brokers were required to provide copies of their own emails to supervisors so they could be reviewed. In 2007 they acquired technology to facilitate the process or more specifically, to facilitate their policy. The fine covers 1999-2006 where the policy was crystal clear but the practice was “lacking.”

Susan Merrill (FINRA Executive Vice President and Chief of Enforcement) pointed out that FINRA’s rules “afford firms the flexibility to tailor procedures that are appropriate for their particular business models, all firms must have the ability to flag emails that my evidence misconduct.” She then points out that having a “system” that requires the broker to manage the compliance process by “providing copies of their own emails to supervisors for review is hardly an effective means to detect such misconduct.”

So what does this have to do with social media? At this point every financial firm is participating in social media. Some are doing so under corporate directives such as a brand marketing initiative, others have employees that are participating that are in direct violation of policy (a simple LinkedIn search will show this) and still others are opening up access in a managed and compliant fashion such as New York Life.

Those that are moving forward with a policy of prohibition have to be concerned about their ability to supervise adherence. In our upcoming webinar with LIMRA we discuss the Procedures stage in the Social Media Adoption Lifecycle and outline the steps required to satisfy regulatory requirements on this issue.

One popular position I’ve heard is firms allowing access to LinkedIn as a “business card.” The idea is that they can have a profile on the site (albeit a limited one) and are not allowed to use any other part of the site such as LinkedIn Mail, Groups, LinkedIn Answers and many other valuable parts of this social network. Since the profile is static content (as defined in FINRA Notice 10-06) that information must be approved by a registered principle.

The problem is anyone that has ever used LinkedIn will know that all of these unsupervised features are tremendously valuable. In essence this approach is saying, “have a profile but don’t connect with anyone on the site.” It defeats the purpose of being on LinkedIn in the first place – and your reps know this.

So now back to the MetLife story. Are firms that are taking this approach going to see a similar fine from FINRA in a few years? Time will tell. My guess is that a written policy and “trust” that reps won’t use the most valuable parts of sites like LinkedIn with no automated supervision “is hardly an effective means to detect such misconduct.”

“This webinar covers compliance and regulatory considerations when using social networking sites to communicate firm business. With the advent of Facebook, LinkedIn, MySpace and Twitter, business use of social networking sites has become popular and can present supervision challenges for firms. Panelists from FINRA discuss the guidance that was recently issued in Regulatory Notice 10-06.”

If you already read Regulatory Notice 10-06 you didn’t miss too much. I will say the most valuable part was the Q&A from the audience and FINRA staff. As you might expect the FINRA team focused on the overarching guidelines but didn’t spend too much time interpreting specific situations. They made it very clear that this is the responsibility of the firm to evaluate a sites capabilities and determine what the firm’s policy will be on usage, supervision, record keeping, etc.

If you are looking for more details on how these guidelines get interpreted for use on social networks you should download the Companion Guide to FINRA Social Networking Compliance.

And if you are interested in a summary of the webinar here are all of my live tweets that I posted during the session. Feel free to follow me on Twitter and send me any questions you have.

• Joe Price talking about FINRA task force on social networking, 14 industry participants, came out with Notice 10-06
• 5 key points, record keeping, suitability, types of content, supervision & 3rd party posts
• Record Keeping: rules flow from SEC standards, no way to change this. Must retain, archive and retrieve to be compliant
• Record Keeping: technology is going to be the issue, FINRA spoke to firms (including Socialware – we solve this today with Risk Manager)
• Record Keeping: discussing integration to enterprise archives, lot of interest in area, each firm needs to assess each solution
• FINRA will not endorse any technology provider, firms need to assess the fit, determine if it delivers on compliance needs
• interested in position on acceptable formats of social media messaging for FINRA filing and internal record keeping
• Question: how do you file a tweet? Acceptable filing format is PDF for FINRA but not for retention (discovery issues, etc)
• Suitability: 01-23 applies to social media directly, applies around recommendations, “call to action” or “suggestion”
• Suitability: more specific to individual more likely it will be a recommendation, general news not a rec.
• Suitability: call to action is key, not going to have prior approval requirement so be careful of what you post
• Possible use of templates? Firms have libraries, drop a recommendation of an approved template, be careful of specific products
• Question: “Business as such?” SEC term, not addressing it in Notice 10-06, books and records rule apply in this situation
• Question: “if we decide to utilize social media we must have technology to track information” there are low tech options…
• …technology is going to be key to make this scale
• Question: “if a rep indicates where they work is that an advertisement?” ex: business card info on LinkedIn, likely already approved
• Question: “business related inquiry on social media site?” addressing later, need to have procedures for reps to follow
• Content Types: “interactive electronic forum” have def. of public appearance (i.e., chat rooms), must all be supervised
• Content Types: public appearances do not need to be pre-approved
• Content Types: blogs? static communication = advertisement = prior approval. However some allow for interaction
• Content Type: These interactive blogs would be considered a public appearance (i.e., allowing comments)
• Question: “What if firm hosts a blog and allows for 3rd party comments? What if it is a marketing brochure blog?” This is static
• Content Types: key ideas, employees should have site use approved for use of logos, content, etc (the static elements)
• Content Types: engaging on the sites can then be supervised post-use, these are the interactive pieces
• Content Type: firms should decide on their own policies as part of this.
• Content Types: key is whether or not a dialogue is supported or intended on these portions of social sites
• Technology to capture content is still evolving, will there be compliance grace period? FINRA answer “No”
• Firms must make the call if a vendor can meet the FINRA requirements (check out companion guide http://bit.ly/72HiGj)
• Recently looking at a blog that wasn’t interactive, send email back and comment *not real-time interactive communication*
• Question: “On Twitter, is initial posting interactive or static?” background content is static part, tweets are interactive
• Question: “what if social site doesn’t allow for archiving?” answer don’t use it or use a 3rd party solution (i.e., Socialware)
• Question: “what about broker-to-broker communication?” defined as institutional sales material (2211), already defined
• Question: “How will FINRA test compliance?” FINRA provides policy guidelines, new process, examiners take steps to analyze steps  …
• Question: …will look for supervisory steps, will look for policies, will look for other steps that compliance is being addressed with
• Supervision: interactive communications can be supervised, implement risk based principles to review communications
• Question: “Use of sites for recruiting?” Yes – they are subject to FINRA advertising rules, static vs. interactive
• Question: Recruiting issue – expectation of earnings. Be careful here, this is most frequent issue
• Question: “can registered reps conduct pre-approved, scripted, filed FINRA presentations via a webex type of application, w/instant messaging” …
• …”assuming IM’s are being supervised by a reg. principle?” webinar=static, questions=interactive (can be supervised)
• Supervision: can choose to pre-approve or not, can choose to sample pre or post, lot of flexibility, you decide
• Supervision: communication between research and investment bank always need review, as well as incoming complaints
• Question: “do personal social sites of RR need to be monitored to ensure not being used for professional use?” …
• Question: … firms need to establish procedures/policies on this, once used for business firms are responsible,
• Question: “don’t want reps using Facebook, agree not to, is firm responsible to still track?” I don’t know, maybe based on person
• Question: “are firms accountable for how RR identifies themselves on personal SN site” firms need to adopt clear policies on this
• Question: “does review of interactive communication have to be conducted by a registered principal” can be some delegation
• Should not allow RR to use social media sites if you cannot supervise it (for business purposes)
• Ensure you train those that are granted access, enforce your procedures, have consequences for violations
• Question: “prohibit from using certain social site features, are firms accountable if RR use them if “prohibited”?” …
• Question: Answer is same. They are responsible. (Socialware can disable these features completely to protect the firm – look at Feature Level Access Control of Risk Manager)
• Question: “how do you supervise an anonymous complaint?” guidance already provided, must be able to identify person & issue
• 3rd Party Posts: not subject to advertising rule (great clarity), situations where you can be held accountable
• 3rd Party Posts: adoption & entanglement, you republish or direct people to content, you just adopted it and endorsed it
• 3rd Party Posts: influenced posts, can you please post a testimonial to my Facebook page = entanglement
• Question: “implicit endorsement of posts, rep didn’t remove a comment?” does not create an endorsement situation
• Question: “RR retweets a post, is this an endorsement/entanglement” absolutely endorsement or adoption
• Question: “What if you “like” a comment on Facebook” Yes absolutely that is an endorsement (FYI – Socialware can block this)
• Question: “what if statement is just wrong, what should firm do?” adopt policy to enable quick action, still needs to be supervised
• Adoption & entanglement is SEC concept, one-off answers not the way to go, each firm should develop a complete policy
• Firms are doing a lot of different things to monitor 3rd party posts, complaints, publishing guidance
• Great FINRA webinar, hope you enjoyed the live tweets, be sure to grab the Companion Guide for SN Compliance http://bit.ly/72HiGj

Look for much more from Socialware on this topic. And if you haven’t registered for a Risk Manager invitation please do so here (it is free). Of course, if you want to get started right away you can sign up for the premium version here.