Three common misconceptions about social media regulations for the securities industry
February 26, 2013
Laws, regulations, and guidelines that govern social media usage for financial institutions sometimes cause confusion. In addition, the application of such rules can often be unclear as social networks continue to evolve and the types of engagement available to users change. Here we address the top three most commonly heard misconceptions:
Misconception #1: Firms have strict liability for their reps’ social media rule violations.
Reality: A combination of documented policy, process, and training can protect a firm, even if its registered representatives violate the securities rules governing the use of social media.
Many firms believe that since they are responsible for supervising the business-related activities of their registered representatives (RRs) on social media, they will be held liable for inappropriate use of social media outlets by their RRs. As a result, some firms have summarily decided it’s easier to completely ban or materially limit the use of social media.
However, the Federal securities laws and regulations and the rules of the Financial Industry Regulatory Authority (FINRA) relating to communications on social media do not impose strict liability on a firm for violations of these rules by their RRs. The disciplinary actions and fines imposed on firms for individual RRs violations of such rules are the result of a firm’s failure to establish, maintain, and enforce an adequate supervisory system.
Oppositely, securities firms will not be held liable when they have put in place and followed competent supervisory procedures designed to address the use of social media. For example, although the use of social media was not at issue, in the matter of the Department of Justice (DOJ) investigation of a former director of Morgan Stanley who pleaded guilty to a charge of evading Internal Controls required by the Foreign Corrupt Practice Act (FCPA), DOJ declined to bring an enforcement action against Morgan Stanley because it found that Morgan Stanley had regularly updated internal policies to reflect regulatory developments and specific risks, frequently trained its employees on its internal policies, and followed through on suspected violations and misconduct. Because Morgan Stanley constructed and maintained a system of internal controls, which provided reasonable assurances that its employees were not breaking the law, the DOJ declined to bring any enforcement action against Morgan Stanley related to its director’s conduct.
Similarly as long as firms have a clear and concise social media policy with a governance structure that identifies roles and responsibilities and incorporates controls for the use and monitoring of social media, an employee training program, and appropriate oversight and monitoring of social media use, they should not have liability for an individual RR’s violation. There should be no need to take the drastic view that all social media use must be banned if such policies and procedures are implemented and followed.
Misconception #2: Regulations require firms to block the ‘like’ button.
Reality: Not all ‘likes’ are inappropriate, so it isn’t necessary to block the button entirely.
Because a ‘like’ could be construed as an endorsement or testimonial, many firms have come to the conclusion that regulations require them to block representatives from ‘liking’ posts on Facebook and LinkedIn or ‘favoriting’ tweets on Twitter.
The regulators’ concern is that activation of the ‘like’ button amounts to an endorsement of some product, person, or service. But would they really consider it inappropriate if an advisor ‘likes’ a picture of their granddaughter or their favorite sports team’s page?
Facebook’s ‘like’ feature received special attention in the SEC’s January 4, 2012 National Examination Risk Alert. Testimonials are prohibited by the Investment Advisers Act of 1940, and thus investment advisory firms and dually registered broker-dealers and investment advisers must have policies and procedures for the prevention of testimonial posts about the firm, its advisers, or solicitors.
Depending on the facts and circumstances, the use of “social plug-ins,” such as the ‘like’ feature, might be construed as a testimonial. In a footnote, the SEC stated that some social media sites do not permit an adviser to disable the ‘like’ button or a similar feature. Therefore, the firm should develop a system to monitor these sites and remove third-party postings if necessary. At the 2012 FINRA Annual Conference, there was more discussion on this topic, and the consensus was that a client or adviser liking a page isn’t a problem, but, liking a specific post could be considered a prohibited testimonial.
Misconception #3: The first tweet or social media post by a rep. requires pre-approval
Reality: Tweets and Facebook, LinkedIn and Google+ status posts are considered dynamic content and do not require principal pre-approval.
Across the industry there has been an open question about which types of communications need to be pre-approved by a registered principal prior to posting on social media. FINRA Rule 2210(b)(1)(A), FINRA Notices (10-06, 11-39 and 12-29), and NASD Rules 2211(b)(1) and 3010(d) impose certain supervisory and pre-review requirements with regard to retail correspondence and institutional sales material by a registered principal of the firm before its public use. FINRA Rule 2210(b)(1)(D) excepts from the registered principal pre-approval requirements of Rule 2210(b)(1)(A) any communication that is posted on an online interactive electronic forum that does not make any financial or investment recommendation or otherwise promote a product or service of the firm.
So what does this mean in terms of social media? Essentially, it means that “static content” needs pre-review and approval, while “dynamic/interactive content” does not require pre-approval.
What’s the difference between ”static” content and “dynamic” content?
Consistent with FINRA Notice 10-06, “static content” is content that is an independent, stand-alone content item that remains posted until it is changed by the user (e.g. LinkedIn profile page). On the other hand, “dynamic content” is interactive content that is used to engage in real-time interactive communications (e.g. a LinkedIn share, Facebook wall posting, or a tweet).
As such, a RR’s dynamic social media content does not need pre-review and approval so long as it does not make any financial or investment recommendation or otherwise promote a product or service of the firm. Firms can choose not to require pre-approval prior to posting, but should continue to supervise after use in the same manner required for supervising correspondence to ensure that such posting is fair, balanced, and not misleading.
We recommend addressing social media risk with a thoughtful combination of policy and technology. It is important that a firm’s social media policy is a part of the organization’s overall operation and risk management policy. In addition, one of the most important pieces of social media risk mitigation is the regular practice of educating employees on the regulations and your firm’s policy.
If leveraged properly, social media can be a great business opportunity for financial institutions. Although the regulations can seem daunting, once decoded, social media regulations are easy to address with proper policy and technology.
Hearsay Social can help! Click here to learn more.
Disclaimer: The material available on this blog is for informational purposes only and not for the purpose of providing legal advice. We make no guarantees on the accuracy of the information provided herein.