Belbey Blogs: FINRA Annual Conference 2013 – Part III of III (Ask FINRA Senior Staff, Social Media Considerations, and Communications with the Public)

Today’s blog is authored by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn.

To continue with my prior blogs Belbey Blogs: FINRA Annual Conference 2013 – Part I of III (Suitability, Elisse Walter, Fraud) and Belbey Blogs: FINRA Annual Conference 2013 – Part II of III (Cyber Security, Using Social Media Tools), this is the third in a three part series that highlights the sessions that I attended:

FINRA Annual Conference (Part III of III)

Ask FINRA Senior Staff session

This is a popular session where the live and virtual audiences pose questions to a stage full of regulators.  Topics are varied, but there was some discussion regarding social media.

Tom Selman, EVP FINRA Regulatory Policy, explained that some states have recently enacted legislation that limits how a firm may monitor employees’ personal use of social media. In response, FINRA is working with the states to explain the importance of allowing supervision of social media used for business purposes by regulated persons. As a result, a number of states have added an exemption for financial services. However, at the end of the day, if certain states prohibit firms from supervising regulated persons using social media, than employees in those states should be prohibited from using social media.

Social Media Considerations session

At this point, it’s been three years since FINRA has provided guidance of the use of social media by regulated persons. This panel provided an overview of regulatory guidance (FINRA Regulatory Notice 10-06, 11-39, 11-29) and then focused on four reoccurring questions impacting social media: Recordkeeping, Supervision, Third Party Content, and Training.

One topic included additional guidance on regulatory requirements for third party content.  Joseph Price, SVP and Counsel FINRA Corporate Financing / Advertising Regulation stated that hyperlinks to a third party site require advance due diligence, as by drawing attention to third party content, you have “adopted” it and therefore record keeping and suitability requirements apply. (Editor’s Note: “Adoption” and “Engagement” is a SEC concept defining the relationship and associated responsibility when sharing content from a third party. Without going into legal details here, adoption is akin to using someone else’s content “as is” and “entanglement” refers to when you participated in the creation of the content.) Price continued, if your firm links to a specific article, you are only responsible for that article, not the entire site. (Editor’s Note: That being said, caution is advised. Best to stick with reputable websites.)

Debbi Corej, Specialist Leader, Deloitte& Touche LLP, noted that adoption of social media was still low and stressed the importance of developing plans in advance. Corey suggested that compliance departments draw the line between personal and professional usage for their employees and registered persons, develop processes, training, and attestations, include social media in annual meetings and focus on red flags.

Another topic was the handling of videos. FINRA gave an example that if a public appearance is recorded and the reused for marketing, it become sales literature and preapproval and supervision apply.

The panel also discussed endorsements on LinkedIn. It was suggested that as a best practice it is best to hide skills endorsements entirely to avoid the impression of a testimonial (Editor’s Note: Testimonials are prohibited for Investment Advisors and the difficult to justify for Registered Representatives.  Broker Dealers typically outright prohibit or are very careful when allowing testimonials). As per Amy Sochard, Director FINRA Advertising Regulation, if you “groom” endorsements, you’ve “adopted” the ones you’ve left on the site. Alexander Gavis, Vice President and Associate General Counsel, Fidelity Investments added when it comes to social media “Use policy or technology, preferably both”.

Finally, Price reminded the audience that interpretation of the rules and regulations is based on the risk tolerance and culture of compliance at each firm, and concluded that “It’s ok for firms to have policies more conservative than the Guidance to protect their reputation”.

For those of you who are just getting started, here are some of the resources that were provided at this session:

FINRA Regulatory Notices:

FINRA Regulatory Notice 11-39, Guidance on Social Networking Communications (August 2011)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p124186.pdf

FINRA Regulatory Notice 10-06, Guidance on Blogs and Social Networking (January 2010)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf

SEC Resources

Securities Exchange Act Release No. 69279 (April 2, 2013) (Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: Netflix, Inc., and Reed Hastings)

http://www.sec.gov/litigation/investreport/34-69279.pdf

IM Guidance Update: Filing Requirements for Certain Electronic Communications (March 2013)

http://www.sec.gov/divisions/investment/guidance/im-guidance-update-filing-requirements-for-certain-electronic-communications.pdf

Communications with the Public session

This session addressed some of the specific questions around the communications rules that became effective in February. As it was covered at other sessions, social media was mostly excluded. See Belbey Blog: New FINRA Communications Rule 2210  for more information. In general, the audience learned that leading communications volitions were failure to disclose a firm name, not fair or unbalanced communications, information that was misleading or exaggerated, material information in the footnotes and various SEC Rule 482 violations. The panel stated that supervision of communications should be flexible and risk-based and that proper training, surveillance, and follow-thru to correct issues was important. Specifically for public appearances, training, documentation and an occasional in-person spot check was suggested.

And finally, per FINRA Rule 2210, interactive social media communications were exempted from filing. See Belbey Blogs: Recent Guidnace from the SEC on Filing of Social Media for more details on that topic.

That’s it! I hope you found these highlights helpful and that I see you at FINRA Advertising Regulation Conference on October 10–11, 2013 in Washington DC.

Belbey Blogs: FINRA Annual Conference 2013 – Part II of III (Cyber Security, Using Social Media Tools)

Today’s blog is authored by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn.

To continue with my prior blog, Belbey Blogs: FINRA Annual Conference 2013 – Part I of III (Suitability, Elisse Walter, Fraud) here are the highlights of the sessions that I attended at the FINRA Annual Conference:

FINRA Annual Conference 2013 – Part II of III

Cyber Security session

The threats from cybercrime are increasing and constantly evolving. They are particularly dangerous for small broker dealers, as 60% of small firms go out of business after a cybercrime. There is no comprehensive federal law that exists to govern policy and a patchwork of state laws. However, 47 states have breach notification laws pertaining to unauthorized access to Personally Identified Information (PII). PII typically includes first name, last name, social security, account and driver’s license numbers.  Basic privacy protection principles include: providing notice of policies, allowing customers a choice to consent to their data being captured, access to participation, integrity and security of the data and enforcement and redress of a breach. Laurie Dzien, Chief Privacy Officer and Associate General Counsel from the FINRA Office of General Counsel, advises firms to 1) know and classify their data, 2) analyze appropriateness of access to PII, 3) collect only the data that is required and 4) destroy what you no longer need, 5) create a team to quickly handle data breaches before they happen, 6) conduct careful due diligence of third party vendors, and 7) create an information security incident response plan (team, communications, procedures, train and access effectiveness of response).

Denise Watson, Manager, Operational Risk & Privacy from Raymond James reiterated that firms need processes and controls in place for data protection and privacy. She offered some practical warnings as well. Your firm may need to wipe some printers’ hard drives before disposal and to unplug fax machines at night to avoid data leakage.

And finally, Gilbert “Gib” Sorebo of SAIC suggested that “firms should stay on top of evolving threats, engage cyber experts and secure your systems”.  Or simply put, Sorebo says “Don’t be the easiest to pick.”

Using Social Media Tools (Small Firm Focus) session

Back 20 years ago, firms were very careful and adopted email slowly. The same holds true for social media today. This seems particularly true for small firms if this session is any indication. From a show of hands in the room, very few of the attendees of this session were participating in social media. In fact when polled, (Editor’s Note: Yes, they used polling at the FINRA Annual Conference!), 33% of the audience chose “I wish the Facebook guy was never born”.  Mitchell Atkins, SVP and Regional Director for FINRA South Region confirmed low adoption for small firms saying, “Very few FAs are actually using social media, even though they have been approved by their firms. However a few have gone off the reservation.”

The overall theme of the session was that if you use social media for business at all, all the rules and regulations around record keeping, advertising and supervision apply. Per Atkins, firms also need processes in place to handle customer complaints and a possible social media crisis. It was also suggested that interns could use social media to search for FAs outside activities. Education, predefined processes and thoughtful compliance are essential. Or as Hardeep Walia, Chief Executive Officer, Motif Investing said  “When using social media and thinking ‘compliance’, it pays to be paranoid.”

My personal favorite moment of this session was when Patricia Bartholomew, Managing Partner, General Counsel and Chief Compliance Officer of Craig-Hallum Capital Group gave me a big shout out to follow my tweets for a summary of the session (@Belbey).

For more on the FINRA Annual Conference, check back here Friday for Belbey Blogs: FINRA Annual Conference 2013 – Part III of III (Ask FINRA Senior Staff, Social Media Considerations, and Communications with the Public).

PS. For those of you who are just getting started, here are resources that were provided at this session:

FINRA Regulatory Notices:

FINRA Regulatory Notice 11-39, Guidance on Social Networking Communications (August 2011)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p124186.pdf

FINRA Regulatory Notice 10-06, Guidance on Blogs and Social Networking (January 2010)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf

SEC Resources

Securities Exchange Act Release No. 69279 (April 2, 2013) (Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: Netflix, Inc., and Reed Hastings)

http://www.sec.gov/litigation/investreport/34-69279.pdf

IM Guidance Update: Filing Requirements for Certain Electronic Communications (March 2013)

http://www.sec.gov/divisions/investment/guidance/im-guidance-update-filing-requirements-for-certain-electronic-communications.pdf