Skip to content

Live from FINRA Ad Conference: FINRA Rule 2210 is coming

This morning Kevin Eversen and I attended the General Session of the FINRA Advertising Regulation Conference in Washington, DC.
Panelists included Tom Pappas (VP of Advertising Regulation at FINRA and co-author of the regulatory notices on social media 10-06 and 11-39), Tom Selman (EVP of Regulatory Policy), Joe Price (SVP Corporate Financing/Advertising and co-author of the Notices 10-06 and 11-39), and Joe Savage (VP Investment Companies Regulation).
The session kicked off with some interesting stats related to the conference and social media:

  • 470 paid attendees.
  • Entire FINRA advertising staff is here.
  • Social media is the topic that received the most attention for the second year in a row.
  • In addition to Day 2 General Session, the Nuts and Bolts panel will have info on social media/electronic communications. (Stay tuned!)
  • New panel added on how marketing and compliance departments can work together. (Content will likely mirror the WOMMA conference at which I’ll be speaking later this year.)
  • Due to demand, increased number of social media vendors this year.

The panel then transitioned to updates on the consolidation of NASD and NYSE Communications Rules, which we reported in a Financial Advisor Magazine article last month. As a result of the Dodd Frank Consumer Protection Act, deadlines have been imposed on the SEC to pass rules more quickly.
The big news is that the SEC is expected to pass FINRA Rule 2210 next week, which will combine NASD Rule 2210 and 2211 and their interpretive materials. The new rule lays out an exception to the preapproval requirement for social media: firms and reps will not need to have a principal approve the content of a status update, post, or tweet prior to it being posted on an online interactive forum such as a LinkedIn/Twitter feed or Facebook Wall. This rule change would essentially codify the positions laid out in Regulatory Notice 11-39.
Notably, yesterday Morgan Stanley Smith Barney’s Director of Social Media, Lauren Boyle, and Socialware’s Chad Bockius discussed their take on FINRA Rule 2210 in a webinar.
Boyle was quoted as saying, “’We consider every tweet to be static content requiring preapproval at this point.”
Today, FINRA disagreed with that analysis: the panelists went on record to confirm that tweets and posts are indeed not considered static content under 11-39 and therefore need not be preapproved. Many thanks to FINRA for definitively answering the question we’ve been asking. (Find our analysis on this from the recent CEFLI/NAIC/FINRA social media forum here.)
Hearsay Social has the workflow technology to route and timestamp the approval of each and every post should a customer want to keep tighter controls on their advisors than is necessary under FINRA’s rules. Preapproval of both static and interactive social media communications, however, requires tons of resources and a huge time commitment from firm principals and the compliance department. Such a policy would make widespread adoption by reps and advisors less likely and detracts from the timeliness of posts (and ultimately the business value that social media networks can provide). With FINRA’s clarification today, it is unlikely that many other firms will require that posts and tweets be preapproved.
More on the social media panel coming tomorrow.

Kevin Eversen and Ally Basak Russell at the FINRA Advertising Regulation Conference

To pre-approve, or not to pre-approve, that is the life insurer’s question

Yesterday Kevin Zellmer and I traveled to DC to participate in a rare opportunity: giving regulators our live feedback about the social media regulations they draft. The Compliance and Ethics Forum for Life Insurers (CEFLI) Social Media Summit Meeting was attended by regulators from FINRA, the National Association of Insurance Commissioners (NAIC), several state insurance commissioners, “middleware vendors” (aka us), and compliance executives from leading life insurance companies.

The morning started out with a brief overview and discussion of FINRA Notices 10-06 and 11-39 from the author of both: Tom Pappas. I applaud his willingness to attack social media head-on, accepting feedback that may shape the content of the next notice on social media and making the process of laying out these rules so transparent.
The most common questions on the Notices revolved around whether tweets and posts are static or interactive content. Like any lawyer worth her salt, I can make the case for either classification. By definition, content is static if it remains posted and visible to the public (unless someone takes it down); alternatively, content is interactive when spontaneously posted and meant to lead to a larger multiple-party discussion.
The problem with these definitions is that they blur in the realm of social media. On the Facebook Wall, for example, a running record of spontaneous (interactive) content is kept on the user’s account and is visible to the public. And, it stays on the Wall unless the user manually deletes it from the Page. But if they were to prohibit advisors and agents from posting spontaneously, regulators understand that they would be impeding the timeliness of posting, which inhibits the power of social media. On the other hand, this concern must be balanced against the risk that agents and advisors could abuse the opportunity to communicate with the public by misleading people into buying products or services that they don’t want or need.
I wasn’t the only one who wanted a firm answer to alleviate the confusion. Some participants confessed that they’ve decided to be even more conservative than the strictest interpretation of the rules require, to the point where they pre-approve every post or tweet that gets pushed out by their advisors. This necessitates a solid workflow tool like Hearsay Social to manage all those requests for approval, using a single sign-on vendor to avoid signing in and out of 20 different platforms and email accounts to resolve the approval request, and making sure the approval requests are addressed in a timely manner.
Other life insurance companies thought that approving every single post would be unfeasible, leading them to only pre-approve the initial Facebook profile content and then trusting their advisors to tweet and post responsibly. We’ve heard our competitors advocating a “first post” pre-approval policy, in which the profile and the first post, tweet, or status message ever posted on the Facebook, Twitter, or LinkedIn account would be pre-approved and all posts thereafter would not be pre-approved, but rather reviewed post-publication. I’m not sure how this type of policy advocates responsible posting. It seems arbitrary to me to approve the first post and no others, but I digress.
Another notable development involves the social media use of back-office operations professionals. As Clara and I predicted at the SIFMA Ops Conference, FINRA Rule 1230 was just passed to regulate professionals’ activities for broker-dealers. At the Summit Meeting, FINRA opined that not only will customer-facing reps’ business activity on social media be captured and retained, but so will operations professionals’ activity.
We then transitioned into a working session in which we could give the NAIC social media taskforce feedback on a draft of their whitepaper, titled “The Use of Social Media in Insurance.” This whitepaper is the beginning of a larger discussion that may turn into formal guidance or even model rules that the states can adopt.
Some of the issues facing the insurance industry are testimonials, whether or not to post disclosures for certain types of products or licensing information in each and every post versus simply posting the disclosure somewhere on the site, and who will be pre-approving static content (managers, the compliance department, etc.).
It’s still a work in progress, but we’re honored to have been present at the discussion. Many thanks to John Travagline and CEFLI for the invitation to present, and MassMutual, Northwestern Mutual, Guardian Life, and Kip Gregory for their candid presentations. We hope it’s the first of many such discussions in the future.

FINRA Breaking News: Regulatory Notice 11-39 on Social Media

FINRA 11-39Today FINRA released the highly anticipated second round of social media guidance Regulatory Notice 11-39. The new guidance supplements Notice 10-06, which was issued by FINRA in January 2010. Notice 11-39 is not meant to alter the principles of 10-06, but rather answers additional questions that firms have raised regarding the application of the rules to social media during the past 21 months.
Below are some key clarifications to questions impacting our customers in FINRA’s own words. To help our readers digest Notice 11-39 and understand it in more concrete terms, I’ve included my regulatory interpretations/translations as Hearsay Social’s Compliance Manager under each provision.

As part of [his or her] responsibility, a registered principal must review prior to use any social media site that an associated person intends to employ for a business purpose. The registered principal may approve use of the site for a business purpose only if the registered principal has determined that the associated person can and will comply with all applicable FINRA rules, the federal securities laws, including recordkeeping. requirements, and any additional requirements established by the firm.

Translation: If a registered rep has a history of communicating with the public in a dishonest or misleading manner, a principal should not permit him/her to use social media for business purposes.

The registered principal must review an associated person’s proposed social media site in the form in which it will be ‘launched.’ Some firms require a registered principal to review the first posting by an associated person on an interactive forum within the site. This approach can help to ensure that the registered principal will be reviewing not only the initial communication, but the social media site itself in its completed design.

Translation: Still ambiguous what “the form in which it will be ‘launched’” means. It could mean that the content must be identical to the published version of say, a profile. Or it could mean that a principal must review a draft of the profile on the native interface or a pdf of a draft profile in its entirety before it can be published.

FINRA considers unscripted participation in an interactive electronic forum to come within the definition of “public appearance” under NASD Rule 2210. Public appearances do not require prior approval by a registered principal.

Translation: Spontaneous commenting on another’s post will be considered a “public appearance” and need not be pre-approved by a firm principal. Same goes for Facebook Chat.

[Interactive content can become static.] For example, interactive content could be copied or forwarded and posted in a static forum, such as a blog or static area of a Web page, in a manner that renders it static content. It then would constitute an advertisement under NASD Rule 2210, requiring prior approval by a registered principal of the firm. A static posting is deemed an “advertisement” under NASD Rule 2210 and therefore requires a registered principal to approve the posting prior to use.

Translation: If you repost or redistribute an interactive post or tweet to a static forum, the content changes from interactive to static and must be pre-approved.

Some firms require each associated person to certify on an annual or more frequent basis that the associated person is acting in a manner consistent with such policies.

Translation: You should probably consider adding an annual certification of the firm’s social media policy to your employee training program.

If a third party posts a business-related communication, such as a question about a security, on an associated person’s personal social media site, …the associated person [may] respond to the communication … provided that the response does not violate the firm’s policies concerning participation on a personal social media site. If a firm has a policy that associated persons may not use a personal social media site for business purposes, then a substantive response by the associated person would violate this policy. Some firms permit a non-substantive response, and pre-approve statements that their associated persons may make to respond to such posts and that direct the third party to other firm-approved communication media, such as the firm’s email system.

Translation: Notwithstanding other factors, if your firm allows you to use your personal account for business purposes, then you can answer inquiries related to the firm’s products and services without violating FINRA rules. The firm’s policy is the final word on this.

Under NASD Rule 2210, a firm that co-brands any part of a third-party site, such as by placing the firm’s logo prominently on the site, is responsible for the content of the entire site.

Translation: If you allow your firm’s logo to go on a site, you are “adopting” or “becoming entangled with” the content on that site; the firm can be held responsible for any non-compliant content as if it distributed that content itself.

In order to ensure that the business communications are readily retrievable without necessitating the capture of personal communications made on the same device, firms should have the ability to separate business and personal communications, such as by requiring that the associated persons use a separately identifiable application on the device for their business communications. If possible, this application should provide a secure portal into the firm’s own communication system, particularly if confidential customer information may be shared. If the firm has the ability to separate business and personal communications, and has adequate electronic communications policies and procedures regarding usage, then the firm is not required to supervise the personal emails made on these devices. Of course, firms also are free to treat all communications made through the personal communication device as business communications.

Translation: If you develop and implement steps to have your people separate their personal profiles from their business accounts, you don’t have to monitor and archive your employees’ personal Facebook Pages. Include your expectations in your social media policy. Retain a social media vendor that supports APIs and provides a secure portal from which to access social media sites.
Disclaimer: This blog post and any resulting transmissions between you and Hearsay Social are not intended to provide legal or other advice or to create an attorney-client relationship. Please consult your legal and/or compliance departments for their interpretations of FINRA regulations and instructions on how to modify your social media policy accordingly.