Quick Results
Publications

SEC/FINRA Issue Guidance Related to Use of Social Media

Share

Introduction

Social media use by members of the financial services industry is becoming increasingly common.  In growing numbers, registered investment advisers, broker-dealers and dual-registrants are using social media platforms such as Facebook, LinkedIn and Twitter to communicate with existing and potential clients, promote services and educate investors.  These uses of social media, while potentially effective business practices, create a host of compliance and oversight issues for investment firms.  Firms must be cognizant of the risks associated with using various forms of social media and must enact adequate policies and procedures to ensure compliance with all regulatory and legal requirements.

The use of social media has become an important matter of interest to regulators.  In January of this year, the United States Securities and Exchange Commission (SEC)'s Office of Compliance Inspections and Examinations (OCIE) and Office of Investor Education and Advocacy (OIEA) issued a series of alerts regarding the risks of social media.1  These alerts follow on the heels of an SEC action against an Illinois-based investment adviser charged with a social media scam.

Financial Industry Regulatory Authority (FINRA) has also issued guidance on the use of social media in Regulatory Notice 11-39 and Regulatory Notice 10-06.  In fact, FINRA maintains a website, "Guide to the Web for Registered Representatives," aimed at making registered representatives aware of the compliance requirements and potential liabilities implicated by the use of social media.  In addition, FINRA has released a series of podcasts, available on its website, which are designed to further educate firms and their personnel on these issues.

Because this area is coming under increased scrutiny by both the SEC and FINRA, registered investment adviser, broker-dealer and dual-registrant firms must evaluate their existing policies and procedures regarding social media in order to ensure they are in compliance with all of the regulatory requirements.

Recent Enforcement

On January 4, 2012, the SEC charged an Illinois-based investment adviser with offering to sell fictitious securities via social media websites.  The Division of Enforcement alleged that Anthony Fields of Lyons, Illinois, offered more than $500 billion in fictitious securities through such websites and as a result, willfully violated multiple provisions of federal securities laws.  The SEC further alleged that in addition to making multiple fraudulent offers, Fields provided false and misleading information to the public concerning assets under his firm's management, clients and operational history.  It is also alleged that Fields failed to maintain required books and records, failed to implement adequate compliance policies and procedures and held himself out as a broker-dealer when in fact he was not registered with the SEC.

The SEC used its release announcing the charges against Fields as a platform to announce its issuance of guidance highlighting the risks investors and advisory firms face when using social media.  In this regard, OCIE Director Carlo di Florio contended, "As investment advisers increasingly utilize social media to communicate with clients and potential clients, firms need to be mindful of the applicable standards governing those communications."

SEC Guidance to Firms

The SEC's Risk Alert reviews concerns that may arise from the use of social media by firms and their associated persons, and offers suggestions for complying with the federal securities laws.  The alert also notes that firms should consider how to implement new compliance programs or revisit their existing programs in the face of rapidly changing technology.

The SEC has interpreted Adviser's Act Rule 206(4)-7, as requiring firms using social media to adopt and periodically review the effectiveness of policies and procedures regarding social media.The Risk Alert provides several factors that the staff believes a firm3 should consider in its efforts to comply with this obligation, including:

  • Creating "usage guidelines" that provide guidance to personnel on the appropriate and inappropriate uses of social media, including specific social media sites that are/are not permitted.
  • Creating clear "content standards" that prohibit or impose other restrictions on specific content, e.g., content that recommends investments, contains information on specific investment services or provides information on investment performance.
  • Ensuring that firm and third-party social media sites are effectively monitored, especially where third-party sites do not provide complete access to supervisors and/or compliance personnel.
  • Increasing the frequency with which it monitors activity on social media sites.  The Risk Alert recommends that firms employ a "risk-based" approach which may include periodic, daily or real-time monitoring – depending on the volume, pace and nature of the communications, as well as the potential of the communications to mislead investors.
  • Requiring pre-approval of content posted on social media sites, rather than relying on after-the-fact review.
  • Employing sufficient compliance resources to effectively monitor social media, including, where necessary, using conversation monitoring software as well as sampling, spot-checking, lexicon-based searching or other search methodologies to effectively monitor content.
    Establishing set criteria for approving social media sites, including, for example, the evaluation of a site's reputation, privacy policy, ability to remove third-party posts, controls on anonymous posting and advertising practices.
  • Implementing training related to social media that seeks to promote compliance and prevent violations of federal securities laws.
  • Requiring certification from personnel using social media sites that those individuals are complying with the firm's social media policies and procedures.
  • Reviewing social media sites' functionality in light of the rapidly evolving nature of social media, to ensure that any upgrades or modifications do not render the site inappropriate.
  • Specifying what types of communications and/or content are permitted and what is not permitted on a site that is not owned, operated, supervised or sponsored by the firm.
  • Ensuring all information is protected from unauthorized access, use, disclosures, disruption, modification, perusal, inspection, recording or destruction, including the use of firewalls between sensitive customer information and any social media sites.
  • Considering whether third parties are allowed to make postings on the firm's social media sites and, if so, implementing appropriate policies and procedures governing third-party postings.  Specific consideration should be given to whether third-party postings are "testimonials," i.e., statements of a client's experience with, or endorsement of, an investment adviser.  The Risk Alert specifically notes that the "like" button could be a testimonial under the Adviser's Act.

The Risk Alert also reminds firms that record-keeping obligations do not differentiate between various media, including paper and electronic communications, such as e-mails, instant messages and other internet communications related to recommendations or advice.  Therefore, firms must retain records of communications through social media that contain information that satisfies recordkeeping obligations under the Adviser's Act.  The Risk Alert also recommends that firms review their document retention policies to ensure that records generated by social media communications are retained in compliance with the federal securities laws.

The SEC's bottom line is that a firm's use of social media must comply with various provisions of the federal securities laws, including, but not limited to the antifraud provisions, compliance provisions, supervisory provisions and recordkeeping provisions.

FINRA Guidance

Through its Regulatory Notices and Internet Guide (collectively FINRA Guidance), FINRA has similarly promulgated factors firms should consider in designing policies and procedures related to the use of social media sites.  FINRA Guidance suggests firms consider the following:

  • Every firm that intends to communicate, or permit its associated persons to communicate, through social media must ensure that it can retain records of those communications as required by SEC and FINRA rules.  The recordkeeping requirements do not depend upon the type of device or technology used to transmit the communication, nor whether the device is firm-issued or the property of the individual.
  • A firm or its personnel recommending a security through a social media site must comply with FINRA rules regarding suitability.  Every recommendation must be suitable for every investor to whom it is made.
  • Firms must adopt supervisory policies and procedures reasonably designed to address communications that recommend specific investments.  Where applicable, these policies need to ensure that appropriate additional disclosures are made such that each customer has a sound basis for evaluating the facts with respect to the product.
  • Firms must appropriately determine whether the social media properly constitutes "static" or "interactive" content.  Static content must be approved by a registered principal of the firm prior to its posting.  Most interactive content (particularly real-time interactive communications) will be considered an interactive electronic forum that does not require prior principal approval, but does require appropriate supervision of the communications.  Firms should keep in mind that "interactive" content may become "static" and thus require prior approval.
  • Firms must reasonably supervise all interactive electronic communications in a manner reasonably designed to ensure that they do not violate the requirements of FINRA's communications rules.  FINRA recommends a "risk-based" approach to determine the extent to which the review of incoming, outgoing and internal electronic correspondence is necessary for  proper supervision.
  • Firms must adopt policies and procedures reasonably designed to ensure that their associated persons who participate in social media sites are appropriately supervised, have the necessary training and background to engage in such activities and do not present undue risks to investors.
  • Firms must establish appropriate usage guidelines for customers and other third parties who are permitted to post on firm-sponsored web sites, as well as processes for screening third-party content based on the expended usage and frequency of third-party posts.
    A firm must conduct appropriate training and education concerning its policies, including those related to social media.  Firms must follow up on "red flags" that may indicate that an associated person is not complying with firm policies.  FINRA Guidance notes that requiring certifications of compliance and/or spot checking are effective in monitoring compliance.

FINRA has concluded that a representative's responsibilities when communicating via the internet or other electronic media are the same as in face-to-face discussions or in written communications with the public.  Therefore, FINRA Guidance requires firms to be aware of compliance requirements and potential liabilities when using social media websites.

Conclusion

The foregoing demonstrates the extent to which the use of social media has become an important matter of interest to regulators.  Both the Risk Alert and FINRA Guidance make clear that these considerations are not exhaustive, a safe harbor or a check-list for examiners.  Rather, firms must develop policies and procedures that are designed to ensure that the individual firm and its personnel comply with all applicable requirements. Thus, both SEC and FINRA encourage firms to review, reassess and strengthen their compliance and risk management programs.

If you have questions about your social media policies or about how these issues might affect your company, or have any other securities-related issues, please contact any of the following Baker Donelson attorneys:


Memphis, Tennessee
Mark D. Griffin 901.577.2221 mgriffin@bakerdonelson.com
Lori H. Patterson 901.577.8241 lpatterson@bakerdonelson.com
Jackie Prester 901.577.8114 jprester@bakerdonelson.com
Matthew George White 901.577.8182 mwhite@bakerdonelson.com

or any of the other attorneys in our Broker-Dealer/Registered Investment Adviser Group.

1 National Examination Risk Alert: Investment Adviser Use of Social Media, available here; Investor Alert: Social Media and Investing - Avoiding Fraud, available here; Investor Bulletin: Social Media and Investing - Understanding your Accounts, available here.
2 The Risk Alert primarily addresses an investment advisory firm's obligations regarding the use of social media. However, the Risk Alert specifically provides that "[t]o the extent that a firm provides both brokerage and investment advisory services ("dual registrant"), it is required to adhere to both the federal securities laws and FINRA applicable rules, including but not limited to, depending on the circumstances, Rule 17a-4(b) (recordkeeping) under the Exchange Act, 17 C.F.R §240.17a-4(b), and NASD Rules 2210 and 3010. " Regarding Broker-Dealer firms, the Risk Alert also notes that "FINRA has issued guidance regarding the application of the federal securities laws and its rules to the use of social media by broker-dealers or their representatives."
3 While the Risk Alert states that the factors should be considered by investment advisers, it also specifically provides that "Dual registrants may also want to consider these factors, although they do not modify or displace firms' obligations under the federal securities laws, FINRA or other rules relevant to social media, or FINRA guidance in this area."

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept