Skip to content

Publish More Content, Get More Compliant?

Hearsay Insights Proves It Can Happen


It might sound counterintuitive, but it’s true: the more content customers started publishing through Hearsay Social Dynamic campaigns, the less non-compliant content alerts started coming in. In 2018 there was a 52% increase in automated content published and at the same time a 46% decrease in alerts created.
Publishing 2017-2018                                             

Compliance Alerting 2017-2018

Let’s take a step back to the beginning of the story.

The Evolution from Suggested Posts to Social Automation

In 2017 a majority of our marketing admins focused their strategy on building up a robust content library that their field team could leverage for relevant posts. The advisor/agent would leverage the content and add their own individual touch to the post.
Enter automation. With 2018’s introduction of Dynamic Campaigns, marketing admins began to create automated campaigns which included content they added to their Hearsay libraries. With just a little bit of structure, it was now possible to enable the field with a fully automated campaign around any topic that may be of interest to their customer base. This meant that:

  • Marketing could now easily create full campaigns around industry topics like tax planning or college savings, or non-industry topics like holidays or health – any relevant topic for which they had content
  • With just a click they could notify advisors and agents that an automated campaign was available for subscription
  • Advisors and agents could subscribe to a campaign, essentially ‘set and forget’ their social media and let it work for them

It was easy for the field to know which campaign was right for them based on the campaign description: who was it designed for (social audience), who is best suited to participate (field) and how often content would be added.
Advisors and agents valued spending less time on their social media efforts. Whereas with individual content pieces or suggested posts, they often updated the ‘lead in’ (the post that marketing wrote for them attached to the article), with Dynamic Campaigns they placed control in the marketing teams hands in favor of time savings and increased productivity.
Since marketing knew all the rules and only provided pre-approved content in Dynamic Campaigns, and advisors and agents weren’t adding their personal flair to social postings, this organically led to a decrease in alerts.

2019 and Beyond: An Increase in Marketing Efficiency

In order to make the lives of our corporate marketing customers easier, we’ve prioritized ways to integrate with the tools they use to create and manage their corporate digital experience – tools like Adobe Experience Manager, Salesforce Marketing Cloud, and Oracle Marketing Cloud. They have been able to easily push content from these tools to their corporate-owned channels, they were unable to reach the field advisor.
To create a better experience for both corporate and the field, late last year our Professional Services division began offering the ability to sync content between Hearsay and content management platforms. Using Hearsay APIs for 2-way sync between a client’s CMS and the Hearsay Content Library, corporate marketing teams can now avoid entering content in two locations and easily push content to the field. Time savings and increased productivity in one API! And advisors and agents can quickly access and easily share the same high-quality content being created by the corporate marketing team. Throughout 2019 we will continue to focus on scoping and customizing CMS system integrations with our clients. We look forward to helping you with yours!

The OCIE Electronic Messaging Risk Alert (and How Hearsay Can Help)


Happy New Year! The SEC would like you to include updating your advisor electronic messaging compliance policy in your resolutions so 2019 is the year of execution.
In 2018, the Office of Compliance Inspections and Examinations (OCIE) increased the total number of examinations by 10% compared to 2017. We believe the number of examinations will continue to increase in 2019 as mentioned by Hearsay Chief Business Officer, Donna Prlich, a few days after the release of the OCIE’s fifth and final risk alert of 2018.
The focus of the alert was to “remind advisers of their obligations when their personnel use electronic messaging” AND to “help advisers improve their systems, policies, and procedure [related to electronic messaging].
The OCIE highlighted that the increase of use and the number of changes in the way “mobile and personally owned devices are used pose challenges for advisers in meeting their obligations under the Books and Records Rule and the Compliance Rule.”

Advisers Act – A Quick Refresher

The Advisers Act “Books and Records Rule” Rule 204-2 requires advisers to make and retain records relating to their investment advisory business. This includes “originals of all written communications received and copies of all written communications sent” relating to

(i) any recommendations and advice made or proposed,

(ii) receipt, disbursement, or delivery of funds,

(iii) purchasing or selling a security, or

(iv) the performance of a managed account or securities recommendation,” subject to certain limited exceptions.

The Advisers Act “Compliance Rule” Rule 206(4) requires advisers to “adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act.”

Highlights from OCIE’s Dec 2018 Risk Alert (and how Hearsay may be able to help)

The Examination Observation: 
Specifically prohibit business use of apps that can be misused by allowing an employee to:

(i) send messages anonymously,

(ii) automatically destroy messages, or

(iii) prohibit third-party viewing.

How Hearsay Can Help: 
Hearsay Relate allows teams to monitor, archive, and access the complete text conversation using the tool’s built-in supervision functionality.
The Examination Observation: 
If advisers [financial firms] permit the use of personally owned mobile devices for business purposes, they must adopt and implement policies addressing use with respect to, social media, instant messaging, texting, and information security.
How Hearsay Can Help:
Hearsay’s solutions are deployed at over 150 financial services firms and used by over 150,000 advisors. Our Customer Success team will guide your organization through the strategies, processes and best practices necessary for successfully implementing a compliant text messaging program.
You may also find this Guide to Creating a Compliant Texting Policy useful.
The Examination Observation:
For advisers [financial firms] that permit the use of social media, personal email, or personal websites for business purposes, contract with software vendors to:

(i) monitor the social media posts, emails, or websites,

(ii) archive such business communications to ensure compliance with record retention rules, and

(iii) ensure the capability to identify any changes to content and compare postings to a lexicon of keywords and phrases.

How Hearsay Can Help:
Hearsay provides a comprehensive, built-in compliance solution that enables firms to monitor, supervise and comply with policies and industry regulations including FINRA, SEC, FFIEC, IIROC, FCA and MiFID II requirements. Our patented solutions include record keeping and universal supervision across all advisor social media, text messaging and local website activity, enabling organizations to easily and cost-effectively comply with these (and more) complex regulatory requirements.
OCIE has encouraged advisers to review risks, practices, policies, and procedures regarding electronic messaging and to consider improvements to their compliance that would help comply with their regulatory requirements.
The sooner you revisit/create your policy relating to texting the better. Check out this Guide to Creating a Compliant Texting Policy to get started.
We anticipate this Security Alert is just scratching the surface when it comes to the SEC and FINRA evaluating compliant texting and social media policies and practices. Reach out to the Hearsay team with any questions or comments.

Hearsay Responds to FINRA Request for Comment: FinTech Innovation in the Broker-Dealer Industry


FINRA recently requested comment on the provision of data aggregation services, supervisory processes concerning the use of artificial intelligence, and the development of a taxonomy-based machine-readable rulebook.
With nearly 20 comments submitted, these topics are clearly top-of-mind issues within the financial services sector. Hearsay provided its insights on data aggregation and AI within the context of electronic communications.

Why these topics?

Hearsay has deep experience in the technology challenges FINRA highlighted with data aggregation, specifically around the best method for 3rd party aggregators to use when collecting data.

FINRA solicited opinions on the methodology third party data aggregators can use to collect data, and its effect on compliance. Since Hearsay had to perform the same cost-benefit analysis when evaluating the efficacy of an API vs scraping strategy while building social media compliance workflows, it’s a topic we know well..  Robert MacCloy, Hearsay’s VP of Engineering explains:
“Social networks, with their balance of public and private sharing, have always been averse to letting companies take out data in an uncontrolled fashion, such as via a screen scraper or in-line proxy technology. In a post-Cambridge Analytica world, this concern has been redoubled. Screen scrapers work unreliably at best, and when they do work, organizations now need to be cautious to respect consumer privacy and meet the expectations and concerns of the general public. Using officially authorized APIs provides a method to get the necessary regulatory data in a way that social networks have signed up to support, and they provide the needed guardrails to keep companies out of hot water.”

What is scraping? a.k.a screen scraping; Consumers provide credentials to their accounts directly to an aggregator. Aggregators have the technical ability to collect any data they deem relevant. Despite contracts with the consumer, aggregators may collect more data than anticipated. Member firms may be held accountable in the case of data breach or mishandling of information, even if they are not the proximate cause.

What are APIs? APIs present a more balanced approach to information sharing. They allow allow member firms and custodians of information to determine the manner and method in which they share information with data aggregators. The potential downside to aggregators (and customers) is that information collected is limited to what has been defined in the API.

What is Hearsay’s POV?

Compliance should be holistic, not tactical. The best way to protect consumers is to examine behavior, not technology.

Hearsay believes FINRA should critically examine the methodology of data aggregation and the potential for data exploitation, as well as play an active role in defining principles and guidance on how member firms can balance the privacy of consumers against regulatory requirements of record keeping, rather than regulating specific technologies.

While FINRA’s Special Notice focused on the potential impact of Personal Financial Management portals (PFMs) and aggregation of financial data (think Intuit Mint, Personal Capital), there are now many more avenues where financial data may be shared, such as electronic communications.

The increasing popularity of messaging apps and texting, for example, has broker-dealers and consumers communicating on a more frequent basis. This increases the likelihood that financial data, including personally identifiable information, will be shared across potentially insecure channels. Because Hearsay deals with the intersection of advisor and client communications, and has seen dramatic growth in both touchpoints and the types of technology, regulating via principles instead of technology is the right way to protect consumers.

FINRA should push principles as the driver of this behavior: “prohibit, prevent and evaluate.”

Applying the principles that balance deterrence with remediation helps create a richer, more complete form of compliance. Aggregated data can “prohibit and prevent” potential consumer fraud by using the complete context of an interaction to determine the nature of the relationship between the broker-dealer and consumer. Aggregated data can also be used to “evaluate” the totality of the broker-dealer contact with a consumer. Although current compliance rules only demand monitoring of individual channels, data aggregation can “stitch” together these channels so that a conversation can be read entirely in context.

Read our full response for an example of “prohibit and prevent”, how data aggregation can provide interesting insights into compliance workflows, and more details on data aggregation for “evaluate.”

Does Hearsay’s POV resonate within the community?

Hearsay’s points of view are shared by other commenters in the financial services industry.

Other commentators echoed Hearsay’s position on approaching compliance from a principles based approach, instead of favoring certain types of technology.  For instance, SIFMA is also a proponent of principles-based guidance. SIFMA has long held the position that FINRA should define the ground rules and then allow the marketplace to develop technology, rather than continually reforming laws to react to the current technological landscape. As SIFMA notes in its comment, “Regulation and supervisory practices should be principles-based and technology agnostic to accommodate future innovation without requiring reforms each time a new technology is created.” Page 2 of the SIFMA Response.

FINRA has always taken a principles based approach and dovetails with Hearsay’s compliance roadmap.

The intersection of compliance and technology is an important topic, which Hearsay cares about passionately. Hearsay has been one of the pioneers of developing tailored, specific and effective compliance tools to assist member firms to enforce their communications policies on a variety of different channels. Data aggregation and artificial intelligence is simply the next frontier, which Hearsay has embraced. Hearsay was one of the first companies to offer risk mitigation features within advisor mobile telephony, and now Hearsay is assisting member firms in addressing compliance issues when integrating their technology stack into CRM.

When given the chance, Hearsay takes full advantage of opportunities to communicate with regulatory bodies to influence the conversation and speak on behalf of our customers.

Stay tuned for more thought leadership from Hearsay on this and other compliance issues.

What’s Next for the Fiduciary Rule? 2,000 Compliance Pros Weigh In

SIFMA compliance legal

For SIFMA’s recent annual Compliance and Legal Seminar in Orlando, Fla., attended by close to 2,000 compliance professionals, the theme was, “A Constant Voice Through 50 Years of Change.” (See the documentary-style video that set the stage for the conference.)
There definitely was change in the air.

During the second day, a Nor’easter threatened to blast the northeast coast with heavy snow.  Many attendees scrambled to reschedule their flights before cancellation. My flight from San Francisco to New York was preemptively cancelled. I wasn’t too worried though; Florida is quite pleasant this time of year. Or so I thought. Once in Orlando, a heavy rainstorm accompanied by what felt like hurricane-strength winds forced the evening cocktail reception to be moved indoors.
The unreliable weather patterns on the east coast weren’t the only things that were rapidly changing. The anticipation of change within the compliance world was simultaneously brewing – stirred by the abandonment of the Department of Labor’s (DOL) fiduciary rule just days prior to the conference.
That decision, made by a 2-1 vote from the Fifth Circuit Court of Appeals, brought a renewed energy and interesting discourse among the panelists and attendees. People were excited, concerned and, to a certain extent, validly frustrated. For years, financial institutions have been dedicating enormous amounts of time and resources in adopting new procedures to comply with the fiduciary rule. The resounding question on attendees’ minds throughout the three-day event was, “Now what?”

Countdown to May 7

The DOL has 45 days from the March 15 entry of judgement decision to appeal for an en banc – or full court – review by the Fifth Circuit Court. (The original decision was made by a bench of three selected judges from the Fifth Circuit Court.) The DOL also has the option to petition the Supreme Court to grant a writ of certiorari (review of the lower court’s decision).
Top of mind for several panelists was how the U.S. president’s position on the fiduciary rule (and how it “may not be consistent with the policies of [his] Administration”) might affect the rule’s future. The consensus – based on President Trump’s prior orders directing the DOL to reconsider the fiduciary rule – was that the DOL will likely not appeal the Fifth Circuit’s decision or appeal to the Supreme Court. As of April 16, the DOL has not yet taken any action.

Possible Post-May 7 Scenario: An SEC “Best Interest” Rule

Many legal and compliance experts, including Hearsay’s team, believe that even though the Fifth Circuit case may not be challenged, the “best interest” portion of the DOL fiduciary rule may still be carried forward – just through a different government agency.
The Securities and Exchange Commission (SEC) is planning on releasing a proposal in 2018 with a goal of requiring brokers to apply a customer “best interest” standard to brokerage accounts. This authority was given to the SEC in 2010 under a provision of the Dodd-Frank financial reform law. During a 45-minute question-and-answer session with SEC Chairman Jay Clayton, president and CEO of SIFMA, Ken Bentsen, asked when the agency would release its version of the rule. “Soon is fair,” Clayton responded. “From my perspective, the sooner the better. I’m not sitting on this.”
It’s also important to note that the SEC will have to provide a notice and comment period on its proposal as well, further delaying much needed guidance.
Uncertainty continues to linger like a dark cloud over the future of a “fiduciary” or “best interest” rule, leaving financial institutions left out in the rain and unable to plan their next steps. The overall consensus among many law firms, panelists and conference attendees: Do not make changes to current policies and procedures already adopted regarding the fiduciary rule until the dust settles come May 7.
Check back for more updates.
Related:

How the FINRA Advertising Rule Applies to Emerging Advisor Communications

financial services online marketing digital

SIFMA’s Social Media and Digital Marketing Seminar took place recently on an unseasonably warm day in our hometown of San Francisco. The day-long event covered a variety of topics (read the full recap here); on the compliance front, legal experts from Hearsay, FINRA, Sidley Austin, Charles Schwab and Morgan Stanley held the coveted pre-lunch panel slot and had the challenge of maintaining the attention of the crowd as the aroma of garlic rosemary chicken spread throughout the room.
On a more serious note, the panel reviewed and clarified how FINRA Rule 2210 – which governs broker-dealers’ communications with the public, including retail and institutional investors – applies to specific use cases that are top of mind for marketing, compliance and sales distribution teams. Here are a few interesting highlights:

Testimonials/Social Media “Likes” Use Case

Thomas Selman, FINRA’s Executive Vice President of Regulatory Policy and Legal Compliance Officer, explained that FINRA does not regard unsolicited third-party opinions or comments posted on a social network to be communications of the broker-dealer or the registered representative for purposes of Rule 2210.
Despite FINRA’s guidance, some of the compliance leaders on the panel said they still treat certain social media “likes” and testimonials as endorsements, simply based on the potential associations consumers may make between the action (the “like”) and the original comment. The key takeaway was that, in deciding whether to allow testimonials or “likes,” it boils down to the risk tolerance of the financial institution, both from a regulatory and business perspective.

Native Advertising Use Case

sifma social digital 2018
(L-R) W. Hardy Callcott, Chris Fernandes, Robert Innes, Tom Selman

Native advertising is content on an online publication that resembles the publication’s editorial content, but is paid for by an advertiser and intended to promote the advertiser’s product. A native ad can take a form that mimics the news, feature articles, product reviews, entertainment and other material that surrounds it online.
The popularity of native ads is exploding: It is estimated that they will drive 74 percent of all ad revenue by 2021. (Read more about native ads from The Federal Trade Commission here.)
Selman reiterated that FINRA provides a principles advice-based approach, as opposed to providing prescriptive advice. History has shown that simply providing basic principles, while allowing technology and business innovation in the early stages of a new communication scenario, helps shape usage and best practices. With that advice-based approach, Selman highlighted that firms may use native ads that comply with the applicable principles of FINRA Rule 2210, including the requirements that firms’ communications be fair, balanced and not misleading.
A key issue with native ads now is that it’s hard for the consumer to tell if the content is sponsored.  Therefore, while it is allowed, there also needs to be sufficient disclosure. In particular, native advertising must:

  1. Prominently disclose the firm’s name
  2. Reflect accurately any relationship between the firm and any other entity or individual who is also named
  3. Reflect whether mentioned products or services are offered by the firm as required by Rule 2210(d)(3)

Video Conferencing Use Case

Video conferencing technology has become a necessity for internal and external business communications.
The panelists noted most firms allow video conferencing, but there are additional risk considerations. First, communications features within the technology (such as local chat and email) still need to adhere to the compliance standards set forth in the firm’s communications compliance guidelines, including recordkeeping requirements. Because of this, many firms disable the chat feature to minimize the chances of violations.
Secondly, the protection of confidentiality needs to be prioritized. A best practice to protect the dissemination of confidential information is to ensure all windows and program are closed in the background prior to starting the video conference.

Online Content Use Case

The panel also addressed issues when advisors post specific content online (hyperlinks to products, personal trip photos, links to corporate philanthropic events, etc.). While each scenario requires unique analysis, the main takeaway was that a compliance team needs to review the subject matter of the content and decide which content needs pre- or post-approval.
In addition, beyond regulatory requirements, a compliance team should take into consideration branding guidelines and whether content accurately represents the firm’s brand.

Considerations When Hiring a Compliance Vendor

When deciding on a compliance vendor, the panelists agreed that it’s important to factor in the interests of each of the business teams who are going to be involved. There are usually multiple points of contact internally who will directly or indirectly be impacted by the compliance solution.
Nubiaa Shabaka, Global Head of Cybersecurity Legal at Morgan Stanley, and Robert Innes, Associate General Counsel at Charles Schwab, both highlighted the importance of providing the points of contact an opportunity to present their considerations and concerns. A best practice is to gather the feedback through requests for proposals (RFPs) and ensure that each internal organization is involved in the RFP process.
In addition to the RFP process, it is also important to factor in the functionality of the technology itself. Chris Fernandes, Director of Legal at Hearsay, noted that even within a single organization, different lines of business may be facing different compliance workflows; not all may need to comply with broker-dealer regulations. Therefore, a solution needs to have flexibility and features needed to be able to address the considerations of multiple stakeholders.
This year’s compliance panel experimented with a new, more interactive Q&A format that seemed to resonate with the attendees. We look forward to next year’s discussion!
Disclaimer: The material available on this blog is for informational purposes only and not for the purpose of providing legal advice. We make no guarantees on the accuracy of the information provided herein.
Related: