Skip to content

Three common misconceptions about social media regulations for the securities industry

Laws, regulations, and guidelines that govern social media usage for financial institutions sometimes cause confusion. In addition, the application of such rules can often be unclear as social networks continue to evolve and the types of engagement available to users change. Here we address the top three most commonly heard misconceptions:

Misconception #1: Firms have strict liability for their reps’ social media rule violations.

Reality: A combination of documented policy, process, and training can protect a firm, even if its registered representatives violate the securities rules governing the use of social media.
Many firms believe that since they are responsible for supervising the business-related activities of their registered representatives (RRs) on social media, they will be held liable for inappropriate use of social media outlets by their RRs. As a result, some firms have summarily decided it’s easier to completely ban or materially limit the use of social media.
However, the Federal securities laws and regulations and the rules of the Financial Industry Regulatory Authority (FINRA) relating to communications on social media do not impose strict liability on a firm for violations of these rules by their RRs. The disciplinary actions and fines imposed on firms for individual RRs violations of such rules are the result of a firm’s failure to establish, maintain, and enforce an adequate supervisory system.
Oppositely, securities firms will not be held liable when they have put in place and followed competent supervisory procedures designed to address the use of social media. For example, although the use of social media was not at issue, in the matter of the Department of Justice (DOJ) investigation of a former director of Morgan Stanley who pleaded guilty to a charge of evading Internal Controls required by the Foreign Corrupt Practice Act (FCPA), DOJ declined to bring an enforcement action against Morgan Stanley because it found that Morgan Stanley had regularly updated internal policies to reflect regulatory developments and specific risks, frequently trained its employees on its internal policies, and followed through on suspected violations and misconduct. Because Morgan Stanley constructed and maintained a system of internal controls, which provided reasonable assurances that its employees were not breaking the law, the DOJ declined to bring any enforcement action against Morgan Stanley related to its director’s conduct.
Similarly as long as firms have a clear and concise social media policy with a governance structure that identifies roles and responsibilities and incorporates controls for the use and monitoring of social media, an employee training program, and appropriate oversight and monitoring of social media use, they should not have liability for an individual RR’s violation. There should be no need to take the drastic view that all social media use must be banned if such policies and procedures are implemented and followed.

Misconception #2: Regulations require firms to block the ‘like’ button.

Reality: Not all ‘likes’ are inappropriate, so it isn’t necessary to block the button entirely.
Because a ‘like’ could be construed as an endorsement or testimonial, many firms have come to the conclusion that regulations require them to block representatives from ‘liking’ posts on Facebook and LinkedIn or ‘favoriting’ tweets on Twitter.
The regulators’ concern is that activation of the ‘like’ button amounts to an endorsement of some product, person, or service. But would they really consider it inappropriate if an advisor ‘likes’ a picture of their granddaughter or their favorite sports team’s page?
Facebook’s ‘like’ feature received special attention in the SEC’s January 4, 2012 National Examination Risk Alert. Testimonials are prohibited by the Investment Advisers Act of 1940, and thus investment advisory firms and dually registered broker-dealers and investment advisers must have policies and procedures for the prevention of testimonial posts about the firm, its advisers, or solicitors.
Depending on the facts and circumstances, the use of “social plug-ins,” such as the ‘like’ feature, might be construed as a testimonial. In a footnote, the SEC stated that some social media sites do not permit an adviser to disable the ‘like’ button or a similar feature. Therefore, the firm should develop a system to monitor these sites and remove third-party postings if necessary. At the 2012 FINRA Annual Conference, there was more discussion on this topic, and the consensus was that a client or adviser liking a page isn’t a problem, but, liking a specific post could be considered a prohibited testimonial.

Misconception #3: The first tweet or social media post by a rep. requires pre-approval

Reality: Tweets and Facebook, LinkedIn and Google+ status posts are considered dynamic content and do not require principal pre-approval.
Across the industry there has been an open question about which types of communications need to be pre-approved by a registered principal prior to posting on social media. FINRA Rule 2210(b)(1)(A), FINRA Notices (10-06, 11-39 and 12-29), and NASD Rules 2211(b)(1) and 3010(d) impose certain supervisory and pre-review requirements with regard to retail correspondence and institutional sales material by a registered principal of the firm before its public use. FINRA Rule 2210(b)(1)(D) excepts from the registered principal pre-approval requirements of Rule 2210(b)(1)(A) any communication that is posted on an online interactive electronic forum that does not make any financial or investment recommendation or otherwise promote a product or service of the firm.
So what does this mean in terms of social media? Essentially, it means that “static content” needs pre-review and approval, while “dynamic/interactive content” does not require pre-approval.
What’s the difference between ”static” content and “dynamic” content?
Consistent with FINRA Notice 10-06, “static content” is content that is an independent, stand-alone content item that remains posted until it is changed by the user (e.g. LinkedIn profile page). On the other hand, “dynamic content” is interactive content that is used to engage in real-time interactive communications (e.g. a LinkedIn share, Facebook wall posting, or a tweet).
As such, a RR’s dynamic social media content does not need pre-review and approval so long as it does not make any financial or investment recommendation or otherwise promote a product or service of the firm. Firms can choose not to require pre-approval prior to posting, but should continue to supervise after use in the same manner required for supervising correspondence to ensure that such posting is fair, balanced, and not misleading.


We recommend addressing social media risk with a thoughtful combination of policy and technology. It is important that a firm’s social media policy is a part of the organization’s overall operation and risk management policy. In addition, one of the most important pieces of social media risk mitigation is the regular practice of educating employees on the regulations and your firm’s policy.
If leveraged properly, social media can be a great business opportunity for financial institutions. Although the regulations can seem daunting, once decoded, social media regulations are easy to address with proper policy and technology.

Hearsay Social can help! Click here to learn more. 
Disclaimer: The material available on this blog is for informational purposes only and not for the purpose of providing legal advice. We make no guarantees on the accuracy of the information provided herein.

Understanding FINRA 2210, the latest financial communications rule that affects social media

As announced last June, new FINRA Communication Rules, including FINRA Rule 2210 (Communications with the Public), will take effect February 4, 2013. Hearsay Social participated in the recent FINRA Communication Rule seminar held at SIFMA’s headquarters in New York where industry and FINRA experts including, Tom Pappas, Vice President and Director Advertising Regulation, provide detailed guidance and clarifications on the changes to the Communications with the Public Rule.
Some of the key topics covered by FINRA and industry experts included:

  • Changes to Categories of Communications
  • Principal Approval Requirements
  • FINRA Filing Requirements
  • Content Standards

Categories of Communications

FINRA has reduced the six different categories of permissible communications to the public to three. The three new categories are now broader in scope and are as follows: (1) Retail Communication; (2) Institutional Communication; (3) and Correspondence. All communications must now be coded as one of the three categories.

  1. Retail Communication: Any communication (including electronic) to more than 25 “retail investors” within a 30 day time period. This includes the majority of social media activity. Communications made to less than 25 retail investors fall under the Correspondence category.
  2. Correspondence Communication: Any written (including electronic) communication distributed or made available to 25 or less “retail” investors within a 30 day time period. *An important change to note for both Retail and Correspondence Communication is that the communication limit includes both existing and prospective customers.
  3. Institutional Communication: Any written (including electronic) communication that is distributed or made available only to institutional investors. Institutional Communications should not be made available or distributed to Retail.

Summary FINRA Communication Category changes active as of February 4, 2013

Principal Approval Requirements

At the seminar, FINRA reaffirmed existing exceptions from the requirement for principal pre-approval of Retail Communications and added the following three categories:

  1. Retail Communication that is excluded from the definition of “research report” (see NASD Rule 2711(a)(9)(A))
  2. Any Retail Communication posted to an online interactive electronic forum including social media. There is no requirement for the pre-approval of social media interactive discussions such as tweets and interactive posts. However, static content such as a LinkedIn profile must be pre-approved. — Hearsay Social has and will continue to offer pre-review solutions for organizations seeking an extra level of security. As always, the supervision and retention/retrieval of all social media communications are standard.
  3. Any Retail Communication not making financial or investment recommendations or promoting a product or service of the firm.

FINRA Filing Requirements

There are new filing requirements for communications after first use: structured type products; collateralized mortgage obligations; and closed-end funds.

*Exclusions from filing: Independently prepared article reprints and reports; Retail Communications posted on an online interactive forum including social media (previously considered Public Appearance and now categorized as Retail Communications); and Retail communications that do not make any financial or investment recommendation or promote a product or service of the firm.

Content Standards

  • Public Appearances–Under the new rule, disclosure requirements associated with recommendations apply to public appearances as well other Retail Communications. In addition, the presenter has to have a reasonable basis for making the recommendation.  The presenter has to disclose any conflicts of interest at the time of the public appearance, including if they have a financial interest in the securities recommended.
  • Promissory Statements- Expressly Banned! Hearsay Social can assist with establishing a Lexicon of promissory words such as “Guarantee”; provide surveillance and infraction mediation; and provide for pre-approval static content to avoid this violation by a Broker-Dealer.
  • Testimonials- Broker-Dealers and Regulated Firms must disclose that a testimonial is “paid” if the compensation value is more than $100.

Social Media Applicability

Although these updates may change the way we talk about communications, the general best practice for compliance on social media remain the same.  It is important for regulated firm or broker dealer communications to be truthful, not misleading and reviewed and pre-approved* when communications are related to financial or investment recommendations or otherwise promote financial products or services (*interactive forum not required).

Disclaimer: The material available on this blog is for informational purposes only and not for the purpose of providing legal advice. We make no guarantees on the accuracy of the information provided herein.

Reporting from the SIFMA Compliance and Legal Society Annual Seminar

It’s an exciting time to be working on social compliance at Hearsay Social. Not only are we a SIFMA strategic partner, but we also just announced today that we now power social marketing success and regulatory compliance for Ziegler, a specialty investment bank and a leading financial services organization.

Dedicated to serving Hearsay Social customers and leading the way in social compliance, I recently traveled to Miami, Florida to attend the SIFMA Compliance and Legal Society Annual Seminar. The panel on emerging technologies like social media was very well-attended with panelists from Vanguard, Fidelity, RBC Capital Markets, Bank of America Merrill Lynch, Bingham McCutchen, and FINRA.

Below, I share my five most important takeaways from the social media panelists and my conversations with compliance and legal professionals whom I met at the event.

1) Don’t fear the Like button (in most instances).

  • Since the SEC issued its Risk Alert on Investment Adviser Use of Social Media in January, many journalists have sensationalized the guidance, construing it to mean that all instances of the Like button in the financial industry would constitute prohibited client testimonials for SEC-registered Investment Advisers.
  • Panelists stressed that this alarm was not the intention of the SEC and that they expect FINRA to clear up the confusion surrounding the Like button in their next notice. Essentially, the Like button cannot be banned by financial services across the board.
  • Only in very limited and specific situations could a client clicking an adviser’s post (as opposed to an adviser’s overall page) create a problem. Even then, the content of the post would be determinative in whether or not liking a post would be considered a client testimonial.

2) Firms must consider employee privacy and provide sufficient disclosure about what will be retained by the firm.

  • Many publications have featured stories about job applicants being asked to provide social network passwords to potential employers, which has been quickly denounced as a breach of privacy.
  • Likewise, the panel discussed the NLRB’s second social media report, detailing cases in which employees were fired for protected, concerted activity, like talking about work conditions or pay with co-workers in the scope of employment around a virtual water cooler (i.e. social media sites).
  • The takeaway for financial firms is that they must clearly state a code of employee conduct in their social media policies. However, social policies cannot be overly broad so as to “chill speech.”

3) Employee collaboration tools and compliance solutions to support them are top of mind with the FINRA Social Media Taskforce and several member firms.

4) Firms want more retrieval functionality to quickly access their social data for audits or e-discovery requests.

  • One panelist said that technology integrations are key to efficient retrieval of social data.
  • Compliance officers want to be able to pull up archived content and approval records quickly with full threads, lots of filtering functionality, and more.
  • Hearsay Social financial services customers use our compliance module, which shows comments to reviewers in context, classifies social media content by type, and offers instantaneous, self-service export of archived data, along with several other features for complete compliance.

5) Revisions to proposed FINRA Rule 2210 are out now.

  • Last week FINRA issued a response to comments on its Proposed FINRA 2210, which we wrote about in an article for Financial Advisor Magazine back in August.
  • Under the new rule, interactive posts/tweets will no longer be classified as “public appearances” but the distinction between static and interactive content and their differing pre-approval requirements will remain.
  • Posts/tweets will not need to be pre-approved or filed with the FINRA Department of Advertising (but must still be monitored).
  • Advisers’ social media profiles and other static content must still be pre-approved and monitored.

Many thanks to the panel’s moderator and our strategic partner, SIFMA, for putting on such a candid and timely panel. We look forward to attending more of these events and working every day to better serve you, our customers in the financial services industry.

Hearsay Social and SIFMA join forces to empower financial organizations on social media

Today Hearsay Social announced a strategic partnership with the Securities Industry and Financial Markets Association (SIFMA), a leading voice for the financial industry.

Representing hundreds of the most prominent securities firms, banks, and asset managers, including Bank of America Merrill Lynch, Wells Fargo Advisors, and Goldman Sachs, SIFMA has strived to develop policies and practices that empower nearly 800,000 people nationwide working in the industry. 
In this new era, it cannot be denied that one policy in particular has dominated the conversation: the broker-dealer’s “social media policy.”
While in prior years many banks and other financial organizations typically defaulted their policy to blocking employee use of social media, our increasingly social and mobile era has proven that blocking business use of social media is no longer a viable option. In the wake of FINRA issuing its first social media fine in March last year, SIFMA hosted two events–featuring thought leadership keynotes from Hearsay Social–that spotlighted social media as a growing force in the financial industry and what firms must do to address regulatory compliance.
At the SIFMA Annual Operations Conference and Exhibit in May, Hearsay Social CEO Clara Shih, Dr. Robert Ellis (former SVP of Technology Innovation at Bank of America), and I co-presented a session entitled Compliance Hurdles and Business Value for Financial Firms. The next month, social media once again took center stage at the SIFMA Tech Leaders Forum, where our Director of Sales Kristin Shevis joined Brian Tietje (SAE, Financial Services at LinkedIn) and Dr. Ellis in a conversation around compliance and social media ROI.
As you can see, we’ve worked with SIFMA for some time, but are now excited to formalize our relationship through a strategic partnership.

Empowering the financial services industry

Hearsay Social will continue to offer our customers trustworthy technology solutions that promote sound supervision, recordkeeping, and reporting while allowing reps to embrace the immense business value of social media. As the only compliance solution provider that integrates with all four major social networks–LinkedIn, Facebook, Google+, and Twitter–we are the only truly comprehensive enterprise social marketing platform for financial services organizations.
Our platform offers five main components:

  • Hearsay Social Content Publisher for scheduling posts and campaigns across firm, business unit, and individual employee profiles
  • Hearsay Social CRM for deepening customer relationships
  • Hearsay Social Analytics to roll-up metrics across all firm and employee profiles
  • Hearsay Social Compliance Module for FINRA/SEC compliance and infraction monitoring, brand protection, and Rogue Page Finder
  • Hearsay Social Enterprise Architecture including enterprise scale and single sign-on

What makes our Compliance Module so robust, of course, is our keen attention to evolving FINRA guidance. Because we live and work in The Facebook Era, social media is still evolving. How regulators interpret rep use of social media to fit to existing regulations, or rather revise these regulations to fit new modes of communication, will continue to develop. Similarly, industry norms on data retention will continue to evolve.
Hearsay Social plans to stay at the forefront of innovation by closely following industry developments with SIFMA as a close ally. Representatives from our company will continue to appear at SIFMA events in New York and Washington, DC, as well as other industry conferences. We’ll work towards training SIFMA members on the lessons we’ve learned from our customers while maintaining an active dialogue with regulators, so that we aren’t just responding to Regulatory Notices, but also informing and shaping them. And, perhaps most importantly, we will use what we learn from our extensive research and discussions to iterate upon the best possible compliance solutions for our customers.
As a SIFMA Strategic Partner, we hope to serve our customers even better and delight compliance officers across the enterprise.

Recent action by SEC – What it means for Compliance Officers

Last Wednesday the U.S. Securities and Exchange Commission (SEC) charged Anthony Fields, an Illinois-based independent advisor, with offering more than $500 billion in fictitious securities to his LinkedIn connections. (The SEC simultaneously issued three Risk Alerts. More on those can be found here.)

According to the SEC, Fields made “guarantees” to potential investors and tried to sell them specific financial products via LinkedIn. He also provided false and misleading information to the public concerning his company’s assets, clients, and operations. He projected himself as a FINRA-registered broker-dealer, even though he wasn’t licensed.
This was a case of attempted fraud, pure and simple: the man was not registered with the SEC, and the securities he attempted to sell did not exist.
Robert B. Kaplan, co-chief of the SEC Enforcement Division’s Asset Management Unit, released a statement saying “Fraudsters are quick to adapt to new technologies to exploit them for unlawful purposes.” Some reporters misinterpreted that statement and sounded the alarms on social media—citing new platforms of communication as breading grounds for consumer exploitation.
Let us be clear. New channels of communication are not the problem. Consumers/investors can’t be defrauded without a person behind the deceit. And fraudsters will find a way to approach their victims, if not via social media, then through in-person meetings, phone calls, email, or any other mode of communication.
So, even though social media isn’t the cause of the fraud, what can consumers can do to protect themselves? Understanding any platform that one uses, implementing appropriate privacy controls, and using the same common sense and intuition that we would for in face-to-face interactions are key.
Key Takeaways
Financial institutions can also protect consumers by closely monitoring advisor use of social media. In the case of enterprise-scale use of social media, technology is crucial to preventing infractions of SEC and FINRA regulations and preventing fraud. Equally important, social media empowers advisors to communicate with consumers through a new productivity tool.
The Hearsay Social Compliance Module is designed to prevent this type of incident for our customers. If Fields had worked for a Hearsay Social customer, his “guarantees” to potential investors would have been picked up as potential infractions and the specific product recommendations would have been flagged in our Supervision and Real-time Remediation features. And if Fields had projected himself as working for a Hearsay Social customer but didn’t, our patent-pending Rogue Page Finder would have picked up his profile.
The SEC and FINRA have made it it clear that they will not tolerate fraud, no matter whether it occurs over the phone, over email, or over social media. Compliance Officers should make sure they are deploying an enterprise-wide compliance solution soon.

FINRA Breaking News: Regulatory Notice 11-39 on Social Media

FINRA 11-39Today FINRA released the highly anticipated second round of social media guidance Regulatory Notice 11-39. The new guidance supplements Notice 10-06, which was issued by FINRA in January 2010. Notice 11-39 is not meant to alter the principles of 10-06, but rather answers additional questions that firms have raised regarding the application of the rules to social media during the past 21 months.
Below are some key clarifications to questions impacting our customers in FINRA’s own words. To help our readers digest Notice 11-39 and understand it in more concrete terms, I’ve included my regulatory interpretations/translations as Hearsay Social’s Compliance Manager under each provision.

As part of [his or her] responsibility, a registered principal must review prior to use any social media site that an associated person intends to employ for a business purpose. The registered principal may approve use of the site for a business purpose only if the registered principal has determined that the associated person can and will comply with all applicable FINRA rules, the federal securities laws, including recordkeeping. requirements, and any additional requirements established by the firm.

Translation: If a registered rep has a history of communicating with the public in a dishonest or misleading manner, a principal should not permit him/her to use social media for business purposes.

The registered principal must review an associated person’s proposed social media site in the form in which it will be ‘launched.’ Some firms require a registered principal to review the first posting by an associated person on an interactive forum within the site. This approach can help to ensure that the registered principal will be reviewing not only the initial communication, but the social media site itself in its completed design.

Translation: Still ambiguous what “the form in which it will be ‘launched’” means. It could mean that the content must be identical to the published version of say, a profile. Or it could mean that a principal must review a draft of the profile on the native interface or a pdf of a draft profile in its entirety before it can be published.

FINRA considers unscripted participation in an interactive electronic forum to come within the definition of “public appearance” under NASD Rule 2210. Public appearances do not require prior approval by a registered principal.

Translation: Spontaneous commenting on another’s post will be considered a “public appearance” and need not be pre-approved by a firm principal. Same goes for Facebook Chat.

[Interactive content can become static.] For example, interactive content could be copied or forwarded and posted in a static forum, such as a blog or static area of a Web page, in a manner that renders it static content. It then would constitute an advertisement under NASD Rule 2210, requiring prior approval by a registered principal of the firm. A static posting is deemed an “advertisement” under NASD Rule 2210 and therefore requires a registered principal to approve the posting prior to use.

Translation: If you repost or redistribute an interactive post or tweet to a static forum, the content changes from interactive to static and must be pre-approved.

Some firms require each associated person to certify on an annual or more frequent basis that the associated person is acting in a manner consistent with such policies.

Translation: You should probably consider adding an annual certification of the firm’s social media policy to your employee training program.

If a third party posts a business-related communication, such as a question about a security, on an associated person’s personal social media site, …the associated person [may] respond to the communication … provided that the response does not violate the firm’s policies concerning participation on a personal social media site. If a firm has a policy that associated persons may not use a personal social media site for business purposes, then a substantive response by the associated person would violate this policy. Some firms permit a non-substantive response, and pre-approve statements that their associated persons may make to respond to such posts and that direct the third party to other firm-approved communication media, such as the firm’s email system.

Translation: Notwithstanding other factors, if your firm allows you to use your personal account for business purposes, then you can answer inquiries related to the firm’s products and services without violating FINRA rules. The firm’s policy is the final word on this.

Under NASD Rule 2210, a firm that co-brands any part of a third-party site, such as by placing the firm’s logo prominently on the site, is responsible for the content of the entire site.

Translation: If you allow your firm’s logo to go on a site, you are “adopting” or “becoming entangled with” the content on that site; the firm can be held responsible for any non-compliant content as if it distributed that content itself.

In order to ensure that the business communications are readily retrievable without necessitating the capture of personal communications made on the same device, firms should have the ability to separate business and personal communications, such as by requiring that the associated persons use a separately identifiable application on the device for their business communications. If possible, this application should provide a secure portal into the firm’s own communication system, particularly if confidential customer information may be shared. If the firm has the ability to separate business and personal communications, and has adequate electronic communications policies and procedures regarding usage, then the firm is not required to supervise the personal emails made on these devices. Of course, firms also are free to treat all communications made through the personal communication device as business communications.

Translation: If you develop and implement steps to have your people separate their personal profiles from their business accounts, you don’t have to monitor and archive your employees’ personal Facebook Pages. Include your expectations in your social media policy. Retain a social media vendor that supports APIs and provides a secure portal from which to access social media sites.
Disclaimer: This blog post and any resulting transmissions between you and Hearsay Social are not intended to provide legal or other advice or to create an attorney-client relationship. Please consult your legal and/or compliance departments for their interpretations of FINRA regulations and instructions on how to modify your social media policy accordingly.