Today FINRA released the highly anticipated second round of social media guidance Regulatory Notice 11-39. The new guidance supplements Notice 10-06, which was issued by FINRA in January 2010. Notice 11-39 is not meant to alter the principles of 10-06, but rather answers additional questions that firms have raised regarding the application of the rules to social media during the past 21 months.
Below are some key clarifications to questions impacting our customers in FINRA’s own words. To help our readers digest Notice 11-39 and understand it in more concrete terms, I’ve included my regulatory interpretations/translations as Hearsay Social’s Compliance Manager under each provision.
As part of [his or her] responsibility, a registered principal must review prior to use any social media site that an associated person intends to employ for a business purpose. The registered principal may approve use of the site for a business purpose only if the registered principal has determined that the associated person can and will comply with all applicable FINRA rules, the federal securities laws, including recordkeeping. requirements, and any additional requirements established by the firm.
Translation: If a registered rep has a history of communicating with the public in a dishonest or misleading manner, a principal should not permit him/her to use social media for business purposes.
The registered principal must review an associated person’s proposed social media site in the form in which it will be ‘launched.’ Some firms require a registered principal to review the first posting by an associated person on an interactive forum within the site. This approach can help to ensure that the registered principal will be reviewing not only the initial communication, but the social media site itself in its completed design.
Translation: Still ambiguous what “the form in which it will be ‘launched’” means. It could mean that the content must be identical to the published version of say, a profile. Or it could mean that a principal must review a draft of the profile on the native interface or a pdf of a draft profile in its entirety before it can be published.
FINRA considers unscripted participation in an interactive electronic forum to come within the definition of “public appearance” under NASD Rule 2210. Public appearances do not require prior approval by a registered principal.
Translation: Spontaneous commenting on another’s post will be considered a “public appearance” and need not be pre-approved by a firm principal. Same goes for Facebook Chat.
[Interactive content can become static.] For example, interactive content could be copied or forwarded and posted in a static forum, such as a blog or static area of a Web page, in a manner that renders it static content. It then would constitute an advertisement under NASD Rule 2210, requiring prior approval by a registered principal of the firm. A static posting is deemed an “advertisement” under NASD Rule 2210 and therefore requires a registered principal to approve the posting prior to use.
Translation: If you repost or redistribute an interactive post or tweet to a static forum, the content changes from interactive to static and must be pre-approved.
Some firms require each associated person to certify on an annual or more frequent basis that the associated person is acting in a manner consistent with such policies.
Translation: You should probably consider adding an annual certification of the firm’s social media policy to your employee training program.
If a third party posts a business-related communication, such as a question about a security, on an associated person’s personal social media site, …the associated person [may] respond to the communication … provided that the response does not violate the firm’s policies concerning participation on a personal social media site. If a firm has a policy that associated persons may not use a personal social media site for business purposes, then a substantive response by the associated person would violate this policy. Some firms permit a non-substantive response, and pre-approve statements that their associated persons may make to respond to such posts and that direct the third party to other firm-approved communication media, such as the firm’s email system.
Translation: Notwithstanding other factors, if your firm allows you to use your personal account for business purposes, then you can answer inquiries related to the firm’s products and services without violating FINRA rules. The firm’s policy is the final word on this.
Under NASD Rule 2210, a firm that co-brands any part of a third-party site, such as by placing the firm’s logo prominently on the site, is responsible for the content of the entire site.
Translation: If you allow your firm’s logo to go on a site, you are “adopting” or “becoming entangled with” the content on that site; the firm can be held responsible for any non-compliant content as if it distributed that content itself.
In order to ensure that the business communications are readily retrievable without necessitating the capture of personal communications made on the same device, firms should have the ability to separate business and personal communications, such as by requiring that the associated persons use a separately identifiable application on the device for their business communications. If possible, this application should provide a secure portal into the firm’s own communication system, particularly if confidential customer information may be shared. If the firm has the ability to separate business and personal communications, and has adequate electronic communications policies and procedures regarding usage, then the firm is not required to supervise the personal emails made on these devices. Of course, firms also are free to treat all communications made through the personal communication device as business communications.
Translation: If you develop and implement steps to have your people separate their personal profiles from their business accounts, you don’t have to monitor and archive your employees’ personal Facebook Pages. Include your expectations in your social media policy. Retain a social media vendor that supports APIs and provides a secure portal from which to access social media sites.
Disclaimer: This blog post and any resulting transmissions between you and Hearsay Social are not intended to provide legal or other advice or to create an attorney-client relationship. Please consult your legal and/or compliance departments for their interpretations of FINRA regulations and instructions on how to modify your social media policy accordingly.