Social Media And A Day In The Life Of A Compliance Officer


I help regulated firms use social media effectively.  Opinions expressed by Forbes Contributors are their own.


TWEET THIS
  • Securities regulators such as FINRA, the Securities Exchange Commission (SEC) and Investment Industry Regulatory Organization of Canada (IIROC) are all focused on protecting the individual investor, the firms themselves and the integrity of the markets.


The first question that compliance asks when marketing and sales want to use social media is, "How can we use social media while complying with the various rules and regulations that govern our industry?” As an example, although the financial industry received regulatory guidance around social media starting in 2010, many firms hesitated because they were concerned about compliance risks. Instead, financial advisers (or "associated persons") were prohibited from using social media for business. This is slowly changing. But, before it can change at your firm, marketing and sales need to understand some regulatory concerns, so you can better create a social media program that is accepted by compliance and rolled out successfully.

The role of the Compliance officer

Compliance officers at financial services firms are charged with protecting the reputation of their firm. Their job is to make sure their firm doesn’t appear in a scandal on the front page of the Wall Street Journal. Depending on the complexity of the firm, there could be tens of thousands of rules and regulations pertaining to electronic communications (which includes social media) that compliance professionals must understand and interpret. And because these rules are not set in stone, compliance officers are continually challenged to stay up to date. Compliance professionals are also responsible for creating and implementing processes to make sure their firms abide by these various regulations and to be able to demonstrate adherence to the requirements during exams conducted by regulators. That’s why many compliance professionals initially shy away from social media. It adds risk and complexity to an already full plate.

Social media guidelines from financial services regulators

There has been guidance from various securities regulators, but essentially, according to Financial Industry Regulatory Authority (FINRA), there are five areas that firms need to consider before allowing their employees to use social media:

  1. Record-keeping: Firms need to capture, archive and supervise all written business communications. That could include email, text messages, instant messages, industry specific networks, collaboration tools, social media and more. Because firms can’t rely on social networks for recordkeeping, this means that firms need to work with third party vendors.
  2. Testimonials: Testimonials are prohibited for Investment Advisers and allowed by Registered Representatives with restrictions. There has been some recent guidance that may allow some testimonials in some cases, so firms need to create social media polices that clearly define what is allowed at your firm (particularly for “Endorsements” and “Skills and Expertise” on LinkedIn).

  3. Suitability: General investing or specific product recommendations are prohibited unless you know your customers’ investing criteria and can make suitable recommendations based on their risk profiles and investing objectives. As it’s not possible to know all your followers on social media, that means that many firms prohibit their advisers from making any type of investing recommendations via social media.
  4. Advertising: There are a host of existing rules that firms must follow. It’s no surprise that communications with the public need to be appropriate, fair, truthful and disclose risks. FINRA also distinguishes between static advertising and interactive communications on social media. Advertising that is static, such as a profile on LinkedIn, when it includes promotional information about your firm, must be pre-reviewed by a registered principal of your firm. Whereas, interactive communications such as InMail, could be treated as correspondence and be reviewed before or after the fact, depending on its content and the risk profile of the firm. What this means for firms is that they must review social media profiles before they are used to conduct business, as well as, over time when they are updated. Firms also need to have clear work flow processes in place to ensure they are complying with advertising rules.
  5. Supervision: In my view, supervision is the most important. Firms need to demonstrate to regulators that they are supervising the activities of their associated persons. That means firms need to create procedures on supervising their associated persons before they are allowed to use social media.

Common themes among regulators 

Securities regulators such as FINRA, the Securities Exchange Commission (SEC) and Investment Industry Regulatory Organization of Canada (IIROC) are all focused on protecting the individual investor, the firms themselves and the integrity of the markets. Although each regulator’s guidance around social media is slightly different, there are some common themes. First, content is determinative. That is, regulators aren’t interested in personal communications, only communications pertaining to conducting business. This content, not device nor channel, determines whether firms are responsible for the communications. Secondly, postings must be truthful, not misleading, include risks and have proper disclosures. And finally, firms need to demonstrate to regulators that they are supervising the activities of their people to insure that they are following industry rules. That means that firms must be able to capture and be able to be review social media communications on demand.

Each firm interprets the rules and regulations based on its own risk tolerance, so they all approach social media differently 

In many cases, regulators are becoming “principle-based”, that is, instead of giving prescriptive instructions, they convey what they want to achieve. Firms are then advised to use their own risk tolerance when interpreting the rules to create in-house policies. That means that firms may move through various phases when adopting social media. Some firms elect to prohibit its use altogether, other allow employees to view social networks at work, but not post or engage in anyway, others allow limited engagement with pre-approved content. In 2017, more and more firms allow their associated persons to use social media in an "authentic voice" using one’s best judgment, after proper training on what’s allowed and what’s not. In my experience, firms tend to be conservative when they first start using social media and then evolve over time. Not every firm goes through every stage though. Every firm is different because their policies reflect their risk tolerance. At the end of the day, the regulators have provided enough guidance to help you get started. For all you newcomers, show your compliance officers that you understand their concerns and you will be more likely to create programs that are approved for roll-out.





Распечатать