Today’s blog is authored by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn.
To continue with my prior blog, Belbey Blogs: FINRA Annual Conference 2013 – Part I of III (Suitability, Elisse Walter, Fraud) here are the highlights of the sessions that I attended at the FINRA Annual Conference:
FINRA Annual Conference 2013 – Part II of III
Cyber Security session
The threats from cybercrime are increasing and constantly evolving. They are particularly dangerous for small broker dealers, as 60% of small firms go out of business after a cybercrime. There is no comprehensive federal law that exists to govern policy and a patchwork of state laws. However, 47 states have breach notification laws pertaining to unauthorized access to Personally Identified Information (PII). PII typically includes first name, last name, social security, account and driver’s license numbers. Basic privacy protection principles include: providing notice of policies, allowing customers a choice to consent to their data being captured, access to participation, integrity and security of the data and enforcement and redress of a breach. Laurie Dzien, Chief Privacy Officer and Associate General Counsel from the FINRA Office of General Counsel, advises firms to 1) know and classify their data, 2) analyze appropriateness of access to PII, 3) collect only the data that is required and 4) destroy what you no longer need, 5) create a team to quickly handle data breaches before they happen, 6) conduct careful due diligence of third party vendors, and 7) create an information security incident response plan (team, communications, procedures, train and access effectiveness of response).
Denise Watson, Manager, Operational Risk & Privacy from Raymond James reiterated that firms need processes and controls in place for data protection and privacy. She offered some practical warnings as well. Your firm may need to wipe some printers’ hard drives before disposal and to unplug fax machines at night to avoid data leakage.
And finally, Gilbert “Gib” Sorebo of SAIC suggested that “firms should stay on top of evolving threats, engage cyber experts and secure your systems”. Or simply put, Sorebo says “Don’t be the easiest to pick.”
Using Social Media Tools (Small Firm Focus) session
Back 20 years ago, firms were very careful and adopted email slowly. The same holds true for social media today. This seems particularly true for small firms if this session is any indication. From a show of hands in the room, very few of the attendees of this session were participating in social media. In fact when polled, (Editor’s Note: Yes, they used polling at the FINRA Annual Conference!), 33% of the audience chose “I wish the Facebook guy was never born”. Mitchell Atkins, SVP and Regional Director for FINRA South Region confirmed low adoption for small firms saying, “Very few FAs are actually using social media, even though they have been approved by their firms. However a few have gone off the reservation.”
The overall theme of the session was that if you use social media for business at all, all the rules and regulations around record keeping, advertising and supervision apply. Per Atkins, firms also need processes in place to handle customer complaints and a possible social media crisis. It was also suggested that interns could use social media to search for FAs outside activities. Education, predefined processes and thoughtful compliance are essential. Or as Hardeep Walia, Chief Executive Officer, Motif Investing said “When using social media and thinking ‘compliance’, it pays to be paranoid.”
My personal favorite moment of this session was when Patricia Bartholomew, Managing Partner, General Counsel and Chief Compliance Officer of Craig-Hallum Capital Group gave me a big shout out to follow my tweets for a summary of the session (@Belbey).
For more on the FINRA Annual Conference, check back here Friday for Belbey Blogs: FINRA Annual Conference 2013 – Part III of III (Ask FINRA Senior Staff, Social Media Considerations, and Communications with the Public).
PS. For those of you who are just getting started, here are resources that were provided at this session:
FINRA Regulatory Notices:
FINRA Regulatory Notice 11-39, Guidance on Social Networking Communications (August 2011)
http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p124186.pdf
FINRA Regulatory Notice 10-06, Guidance on Blogs and Social Networking (January 2010)
http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf
SEC Resources
Securities Exchange Act Release No. 69279 (April 2, 2013) (Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: Netflix, Inc., and Reed Hastings)
http://www.sec.gov/litigation/investreport/34-69279.pdf
IM Guidance Update: Filing Requirements for Certain Electronic Communications (March 2013)
Actiance 