5 FINRA Social Media Guidelines that you Need to Know
In this blog post, I'll discuss the 5 social media guidelines that should be taken into consideration by any Financial Industry Regulatory Authority (FINRA) member firm that would like to employ social media as a means of interacting with prospects and clients.
In August 2011, FINRA released Regulatory Notice 11-39 which builds upon Regulatory Notice 10-06 and provides guidance on social media use for member firms. While this notice outlines guidance and not concrete rules, it's important to establish "best practices" by following the guidelines as rules are sure to follow. It's also important to note that while 11-39 provides guidance, it does so to detail how to apply existing FINRA/SEC rules to social media.
I've broken down the document into 5 easy-to-follow points, as you'll see below.
1. You Must Maintain Records
Similar to other forms of electronic communications, if a social media post constitutes a business communication, then SEC Rule 17a-4(b) applies. Rule 17a-4(b) under the Securities Exchange Act of 1934 (SEA) requires broker-dealers to preserve certain records for a period of not less than three years, the first two in an easily accessible place. Among these records, pursuant to SEA Rule 17a-4(b)(4), are “originals of all communications received and copies of all communications sent (and any approvals thereof) by the member, broker or dealer (including inter-office memoranda and communications) relating to its business as such, including all communications which are subject to rules of a self-regulatory organization of which the member, broker or dealer is a member regarding communications with the public.” The SEC has stated that the content of an electronic communication determines whether it must be preserved.
The Bottom Line: For business communications made via social media, even if only distributed internally, records must be kept. Most firms have chosen the "safe" route and capture all social media communications, similar to what is presently done for email.
2. You Must Supervise
NASD Rule 3010 requires each firm to establish and maintain a system to supervise the
activities of each associated person that is reasonably designed to achieve compliance with
applicable federal securities laws and FINRA rules.
As part of that responsibility:
- A registered principal must review prior to use any social media site that an associated person intends to employ for a business purpose
- The registered principal may approve use of the site for a business purpose only if the registered principal has determined that the associated person can and will comply with all applicable rules.
- The registered principal must review an associated person’s proposed social media site in the form in which it will be “launched” (the current structure of the social media site).
The Bottom Line: Before approving a social media site for use by your registered representatives, be sure that your representatives fully understand and will comply with the applicable rules regarding such communications. Also, be sure to review the social media site itself prior to approval. Don't let too much time pass between the time you review the site and the time that you approve its use; the site may have fundamentally changed, requiring an additional review prior to approval.
3. You Must be Careful when Posting 3rd Party Links
Firms may not establish a link to any third-party site that the firm knows or has reason to
know contains false or misleading content. A firm should not include a link on its website
if there are any red flags that indicate the linked site contains false or misleading content.
Additionally, a firm is responsible under NASD Rule 2210 for content on a linked third party site if the firm has adopted or has become entangled with its content.
The Bottom Line: You have to trust that your registered representatives can use their own judgment when determining if a 3rd party link is OK to post. A safer alternative is to include language in your internal social media policy that formerly bans the use of 3rd party links.
4. You Must Spot Check your Data Feeds
Similar to 3rd party sites, data feeds provided by 3rd parties that are integrated with your website or social media platform must contain accurate information. Firms must adopt procedures to manage such data feeds. Aside from being familiar with the proficiency of the data provider, firms should also regularly inspect the data feeds for any red flags that indicate that the data may not be accurate and should promptly take necessary measures to correct inaccurate data.
The Bottom Line: Be aware of the 3rd party content that is fed into your social media platform. Inspect often and amend accordingly. If a data provider proves unreliable, give them the ax and find another solution. Don't get burned (read: fined) for content that members of your organization did not generate themselves; it exposes your firm to unnecessary liability.
5. You Must Understand that "Suitability" Applies
When a firm or its personnel recommends a security through a social media site, this triggers the requirements of NASD Rule 2310 regarding suitability. Whether a particular communication constitutes a “recommendation” for purposes of Rule 2310 will depend on the facts and circumstances of the communication. Firms should consult Notice to Members (NTM) 01-23 (Online Suitability) for additional guidance concerning when an online communication falls within the definition of “recommendation” under Rule 2310.
Various social media sites include functions that make their content widely available or that limit access to one or more individuals. Rule 2310 requires a broker-dealer to determine that a recommendation is suitable for every investor to whom it is made.
The Bottom Line: When determining suitability, be sure to keep in mind the scope of social media distribution. For example, if you have 1000 followers on Twitter and you tweet a recommendation, that recommendation must be suitable for all of your followers.
While FINRA has done an excellent job of laying the groundwork for complying with rules when employing social media, many questions remain unanswered. Given the rate of change and innovation in technology, it's difficult for overly bureaucratic organizations to respond in a timely manner. Your best bet is to play to safe when employing social media - archive everything, supervise often, and review and revise your social media strategies and policies frequently. If the introduction of email and other forms of electronic communication years back has taught us anything - it's to be safe, rather than sorry.
If your organization employs Salesforce.com Chatter for users internally, externally or both, the above applies. You should archive all Chatter content to your existing electronic communications archive. To learn more, please visit: Archive for Chatter