Belbey Blogs: FINRA Annual Conference 2013 – Part III of III (Ask FINRA Senior Staff, Social Media Considerations, and Communications with the Public)

Today’s blog is authored by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn.

To continue with my prior blogs Belbey Blogs: FINRA Annual Conference 2013 – Part I of III (Suitability, Elisse Walter, Fraud) and Belbey Blogs: FINRA Annual Conference 2013 – Part II of III (Cyber Security, Using Social Media Tools), this is the third in a three part series that highlights the sessions that I attended:

FINRA Annual Conference (Part III of III)

Ask FINRA Senior Staff session

This is a popular session where the live and virtual audiences pose questions to a stage full of regulators.  Topics are varied, but there was some discussion regarding social media.

Tom Selman, EVP FINRA Regulatory Policy, explained that some states have recently enacted legislation that limits how a firm may monitor employees’ personal use of social media. In response, FINRA is working with the states to explain the importance of allowing supervision of social media used for business purposes by regulated persons. As a result, a number of states have added an exemption for financial services. However, at the end of the day, if certain states prohibit firms from supervising regulated persons using social media, than employees in those states should be prohibited from using social media.

Social Media Considerations session

At this point, it’s been three years since FINRA has provided guidance of the use of social media by regulated persons. This panel provided an overview of regulatory guidance (FINRA Regulatory Notice 10-06, 11-39, 11-29) and then focused on four reoccurring questions impacting social media: Recordkeeping, Supervision, Third Party Content, and Training.

One topic included additional guidance on regulatory requirements for third party content.  Joseph Price, SVP and Counsel FINRA Corporate Financing / Advertising Regulation stated that hyperlinks to a third party site require advance due diligence, as by drawing attention to third party content, you have “adopted” it and therefore record keeping and suitability requirements apply. (Editor’s Note: “Adoption” and “Engagement” is a SEC concept defining the relationship and associated responsibility when sharing content from a third party. Without going into legal details here, adoption is akin to using someone else’s content “as is” and “entanglement” refers to when you participated in the creation of the content.) Price continued, if your firm links to a specific article, you are only responsible for that article, not the entire site. (Editor’s Note: That being said, caution is advised. Best to stick with reputable websites.)

Debbi Corej, Specialist Leader, Deloitte& Touche LLP, noted that adoption of social media was still low and stressed the importance of developing plans in advance. Corey suggested that compliance departments draw the line between personal and professional usage for their employees and registered persons, develop processes, training, and attestations, include social media in annual meetings and focus on red flags.

Another topic was the handling of videos. FINRA gave an example that if a public appearance is recorded and the reused for marketing, it become sales literature and preapproval and supervision apply.

The panel also discussed endorsements on LinkedIn. It was suggested that as a best practice it is best to hide skills endorsements entirely to avoid the impression of a testimonial (Editor’s Note: Testimonials are prohibited for Investment Advisors and the difficult to justify for Registered Representatives.  Broker Dealers typically outright prohibit or are very careful when allowing testimonials). As per Amy Sochard, Director FINRA Advertising Regulation, if you “groom” endorsements, you’ve “adopted” the ones you’ve left on the site. Alexander Gavis, Vice President and Associate General Counsel, Fidelity Investments added when it comes to social media “Use policy or technology, preferably both”.

Finally, Price reminded the audience that interpretation of the rules and regulations is based on the risk tolerance and culture of compliance at each firm, and concluded that “It’s ok for firms to have policies more conservative than the Guidance to protect their reputation”.

For those of you who are just getting started, here are some of the resources that were provided at this session:

FINRA Regulatory Notices:

FINRA Regulatory Notice 11-39, Guidance on Social Networking Communications (August 2011)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p124186.pdf

FINRA Regulatory Notice 10-06, Guidance on Blogs and Social Networking (January 2010)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf

SEC Resources

Securities Exchange Act Release No. 69279 (April 2, 2013) (Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: Netflix, Inc., and Reed Hastings)

http://www.sec.gov/litigation/investreport/34-69279.pdf

IM Guidance Update: Filing Requirements for Certain Electronic Communications (March 2013)

http://www.sec.gov/divisions/investment/guidance/im-guidance-update-filing-requirements-for-certain-electronic-communications.pdf

Communications with the Public session

This session addressed some of the specific questions around the communications rules that became effective in February. As it was covered at other sessions, social media was mostly excluded. See Belbey Blog: New FINRA Communications Rule 2210  for more information. In general, the audience learned that leading communications volitions were failure to disclose a firm name, not fair or unbalanced communications, information that was misleading or exaggerated, material information in the footnotes and various SEC Rule 482 violations. The panel stated that supervision of communications should be flexible and risk-based and that proper training, surveillance, and follow-thru to correct issues was important. Specifically for public appearances, training, documentation and an occasional in-person spot check was suggested.

And finally, per FINRA Rule 2210, interactive social media communications were exempted from filing. See Belbey Blogs: Recent Guidnace from the SEC on Filing of Social Media for more details on that topic.

That’s it! I hope you found these highlights helpful and that I see you at FINRA Advertising Regulation Conference on October 10–11, 2013 in Washington DC.

Belbey Blogs: FINRA Annual Conference 2013 – Part II of III (Cyber Security, Using Social Media Tools)

Today’s blog is authored by Joanna Belbey, Social Media and Compliance Specialist, Actiance. Follow Joanna @Belbey or connect with her on LinkedIn.

To continue with my prior blog, Belbey Blogs: FINRA Annual Conference 2013 – Part I of III (Suitability, Elisse Walter, Fraud) here are the highlights of the sessions that I attended at the FINRA Annual Conference:

FINRA Annual Conference 2013 – Part II of III

Cyber Security session

The threats from cybercrime are increasing and constantly evolving. They are particularly dangerous for small broker dealers, as 60% of small firms go out of business after a cybercrime. There is no comprehensive federal law that exists to govern policy and a patchwork of state laws. However, 47 states have breach notification laws pertaining to unauthorized access to Personally Identified Information (PII). PII typically includes first name, last name, social security, account and driver’s license numbers.  Basic privacy protection principles include: providing notice of policies, allowing customers a choice to consent to their data being captured, access to participation, integrity and security of the data and enforcement and redress of a breach. Laurie Dzien, Chief Privacy Officer and Associate General Counsel from the FINRA Office of General Counsel, advises firms to 1) know and classify their data, 2) analyze appropriateness of access to PII, 3) collect only the data that is required and 4) destroy what you no longer need, 5) create a team to quickly handle data breaches before they happen, 6) conduct careful due diligence of third party vendors, and 7) create an information security incident response plan (team, communications, procedures, train and access effectiveness of response).

Denise Watson, Manager, Operational Risk & Privacy from Raymond James reiterated that firms need processes and controls in place for data protection and privacy. She offered some practical warnings as well. Your firm may need to wipe some printers’ hard drives before disposal and to unplug fax machines at night to avoid data leakage.

And finally, Gilbert “Gib” Sorebo of SAIC suggested that “firms should stay on top of evolving threats, engage cyber experts and secure your systems”.  Or simply put, Sorebo says “Don’t be the easiest to pick.”

Using Social Media Tools (Small Firm Focus) session

Back 20 years ago, firms were very careful and adopted email slowly. The same holds true for social media today. This seems particularly true for small firms if this session is any indication. From a show of hands in the room, very few of the attendees of this session were participating in social media. In fact when polled, (Editor’s Note: Yes, they used polling at the FINRA Annual Conference!), 33% of the audience chose “I wish the Facebook guy was never born”.  Mitchell Atkins, SVP and Regional Director for FINRA South Region confirmed low adoption for small firms saying, “Very few FAs are actually using social media, even though they have been approved by their firms. However a few have gone off the reservation.”

The overall theme of the session was that if you use social media for business at all, all the rules and regulations around record keeping, advertising and supervision apply. Per Atkins, firms also need processes in place to handle customer complaints and a possible social media crisis. It was also suggested that interns could use social media to search for FAs outside activities. Education, predefined processes and thoughtful compliance are essential. Or as Hardeep Walia, Chief Executive Officer, Motif Investing said  “When using social media and thinking ‘compliance’, it pays to be paranoid.”

My personal favorite moment of this session was when Patricia Bartholomew, Managing Partner, General Counsel and Chief Compliance Officer of Craig-Hallum Capital Group gave me a big shout out to follow my tweets for a summary of the session (@Belbey).

For more on the FINRA Annual Conference, check back here Friday for Belbey Blogs: FINRA Annual Conference 2013 – Part III of III (Ask FINRA Senior Staff, Social Media Considerations, and Communications with the Public).

PS. For those of you who are just getting started, here are resources that were provided at this session:

FINRA Regulatory Notices:

FINRA Regulatory Notice 11-39, Guidance on Social Networking Communications (August 2011)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p124186.pdf

FINRA Regulatory Notice 10-06, Guidance on Blogs and Social Networking (January 2010)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf

SEC Resources

Securities Exchange Act Release No. 69279 (April 2, 2013) (Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: Netflix, Inc., and Reed Hastings)

http://www.sec.gov/litigation/investreport/34-69279.pdf

IM Guidance Update: Filing Requirements for Certain Electronic Communications (March 2013)

http://www.sec.gov/divisions/investment/guidance/im-guidance-update-filing-requirements-for-certain-electronic-communications.pdf

What’s the Buzz? Tell Me What’s Happening

The buzz in the enterprise is Big Data. Pick up any publication covering technology or business these days and you will see articles about the proliferation of Big Data; how it happens and how it will impact our lives. Certainly, there is a ton of data flooding in, offering tremendous opportunity to predict new trends that can drive our business in exciting ways. But there are two important steps in the harnessing of Big Data to achieve its potential. First you have capture and store the data; second you need to analyze the data. Once you have visibility you can ‘listen’ to trends generated by your customers and marketplace.

But, while most companies are listening to what customers are saying, they’re often not listening to what their employees are saying.

The old adage “the CEO is the last to know” no longer has to hold true. Big Data can help you learn about your employees’ experiences as much as the customer experience. If we can leverage Big Data to create an experience for the customer that exceeds their expectations and results in higher satisfaction, can we not use Big Data to achieve the same with our employees?

With Big Data we can change how we engage our employees. We can understand the trending themes, the sentiment, who the key “connectors” and subject matter experts are, and even the high risk areas. We can safely project that this will result in:

• Higher job satisfaction
• A more engaged, enthusiastic workforce
• Longer employee retention
• Better productivity

Not unlike the customer experience we can create with insights from Big Data, we can create a better employee experience that results in a positive, transparent and more productive work environment. All of which gives us a competitive edge.

Isn’t that really the potential of Big Data for the enterprise?

Belbey Blogs: Recent Guidance from the SEC on Filing Social Media

Today’s blog is from Joanna Belbey, Social Media and Compliance Specialist at Actiance.

This month, the Division of Investment Management of the Securities and Exchange Commission issued the first in a series of “IM Guidance Updates” to clarify its positions on emerging legal issues. The first topic was social media.

Financial services firms are cautious by nature, and its both our experience and no surprise, that firms are taking a very conservative approach and are filing a huge amount of social media content with FINRA. The SEC is calling out that this may be unnecessary in a number of cases.

First some background. To ensure that communications from financial institutions are suitable, fair and balanced, the FINRA Advertising Regulation Department reviews the content of more than 100,000 communications every year. Some communications are submitted as required by FINRA rules, others are submitted voluntarily. Some are filed in advance, others within 10 days of publication. However in FINRA Rule 2210(c)(7)(M), effective February 2013, retail communications posted on an “online interactive electronic forum that is contained on a social media website” are specifically excluded from these filing requirements.

However, as firms have other filing requirements aside from FINRA, such as Section 24(b) of the Investment Company Act of 1940 (“1940 Act”) or Rule 497 under the Securities Act of 1933 (“1933 Act”), SEC has seen fit to provide guidance on what should and should not be filed.

As the SEC states “Whether a communication need be filed depends on the content, context, and presentation of the particular communication”. So nothing changes there. This is simply reiteration. But now the SEC goes a little further. The more specific, the more likely it needs to be filed. And as an aside, whether the communications are filed or not, they still need to captured, supervised, archived, made e-discoverable like any other written communication for “business as such”.

The SEC provided some examples for clarity:

Do Not File

• Simple mention of a specific investment company or family of funds without discussion of merits
• Mention of word “performance” in connection with a specific investment company or family of funds without mention of returns
• Factual introductory statement / hyperlink to fund prospectus (ie, report available here)
• An introductory statement not related to investment merits of a fund that includes hyperlink to general information
• Response to an inquiry via social media that provides factual information and does not include merits of the fund

File (to meet requirements of Section 24(b) or Rule 482):

• Discussion of fund performance that provides specific mention of fund’s returns
• Issuer communications that discuss merits of an investment fund

The regulators continue to reinforce what we know to be best practices of social media. Pitching financial products, and discussing specific performance and returns is unwelcome on social media and may require pre-approval by a registered principal of the firm as well as filing requirements.

A better approach?

Provide compelling content, not sales pitches. Offer information that is informative, entertaining, and worth sharing. In a compliance-constrained industry like financial services, delivering compelling content can be challenging, but it’s by no means impossible.

The first step is to inventory your existing content to see what can be leveraged for social media. Start with pre-approved content that has been reviewed by the company’s compliance team for both corporate governance and regulatory compliance. Use this content to develop a library of interesting insights on investment strategies, wealth management, saving for college or retirement, and similar topics. These articles can provide a foundation for social media newcomers who are looking to start building their online networks.

This Spring is a great time to get started!

Other information you may find helpful:

Belbey Blogs: New FINRA Communications Rule 2210

http://blog.actiance.com/2013/02/13/belbey-blogs-new-finra-communications-rule-2210/

Division of Investment Management of the Securities and Exchange Commission Issues Guidance Update on Social Media Filings by Investment Companies

http://www.sec.gov/news/press/2013/2013-40.htm

IM Guidance Update March 2013

http://www.sec.gov/divisions/investment/guidance/im-guidance-update-filing-requirements-for-certain-electronic-communications.pdf

FINRA Rule 2210

http://finra.complinet.com/en/display/display_main.html?rbid=2403&element_id=10648

Regulatory Notice 12-29 Communications with the Public

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p127014.pdf

Regulatory Notice 10-06, Social Media Web Sites: Guidance on Blogs and Social Networking Web Sites (January 2010)

http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf

Guide to the Web for Registered Repre­sentatives

http://www.finra.org/Industry/Issues/Advertising/p006118

FINRA: RCA – March 1999 – Ask the Analust – Electronic Communications

https://www.finra.org/Industry/Regulation/Guidance/RCA/p015326

 

 

 

Social eDiscovery is alive and well

Today’s post comes from Norv Leong, Director of Product Marketing at Actiance.

Ahh, another LegalTech in the history books.  As usual, there was an interesting mix of suits, vendors, and swag-hunters trolling the floors of the Hilton.  One difference from last year was the very noticeable feeling that in-house counsel, law firms, and compliance officers alike – across all industries – acknowledging (sometimes reluctantly) that they have to include social media and social-ish communications (think IMs, collaboration, texts, etc.) in their legal hold and eDiscovery strategies.

For instance, over the last twelve months, the body of case law involving social media eDiscovery has mushroomed exponentially.  Everywhere you turn you see a wide variety of cases – personal injury, harassment, copyright infringement, wrongful death, even assault and rape – where social media content played a critical role in the outcome.

Upon finding out that Facebook content is admissible evidence.

More and more, judges are allowing the admissibility of instant messages, Facebook posts, and Tweets.  Judging by the conversations we had at our booth, there was also much concern over what to do with data such as Jive, SharePoint, and Chatter.  These tools are like Facebooks for the enterprise, which researchers, engineers, and partners use to exchange information, product plans, and other business records.

Our presentation on the first day, “Social Business is booming:  Are you really prepared for eDiscovery?”, generated heaps of questions, such as “Can you inspect files for sensitive keywords?”, “How do you speed up eDiscovery searches?”, and “Do you capture content in context?”  Given the number of folks that stuck around after my presentation to ask me questions, I felt pretty optimistic that the market was indeed ripe for solutions that could help organizations manage this array of communications channels while slashing their legal costs and reducing their overall risk exposure.

It could be that attorneys are a nervous, worrying lot, but still, it’s no coincidence that patent litigation continues to skyrocket, eDiscovery sanctions are on the rise, and law firms still continue to do big business.  I’m sure I’ll be back next year to see if the same folks I saw this year look a bit grayer up top.

Belbey Blogs: Before you go social, check with Uncle Sam

Today’s post is a collaboration between Richie Etwaru, Director, UBS and Joanna Belbey, Social Media and Compliance Specialist, Actiance

It’s difficult to debate the value of installing enterprise social networks.

Richie Etwaru, a futurist and avid speaker, covered the current state, business value, and future thinking needed around the construct of what he phrases the #ENTSOCNET (an internal enterprise social network). Mr. Etwaru titled the piece Solving for building backlash of Enterprise Social Networks and covers the 1^st, 2^nd and 3^rd generation of the #ENTSOCNET. Installing an internal social network, driving, adoption and extracting business value as Mr. Etwaru describes, is complicated and difficult work. Leaders must ensure that said complicated and difficult work is being done under the auspices of regulatory guidelines.

There are regulatory compliance, corporate governance, and legal requirements organizations must address before deploying social. There however, is an impedance mismatch and some amount of misinterpretation between what the regulators consider enterprise social media, and what leaders in the enterprise consider to be enterprise social media. The spirit of the regulations suggest that whether an enterprise in installing an internal social network (what Mr. Etwaru describes as the #ENTSOCNET) for its employees only, or leveraging external social networks such as Facebook, LinkedIn or Twitter; all communications, messages, inboxes, comments, endorsements, DMs, tweets retweets etc. are governed under the regulations.

What Regulators want

More than 2 years ago, regulators of the securities industries began to issue guidance on how to use social media. The Financial Industry Regulatory Authority (FINRA), The Securities and Exchange Commission (SEC), Investment Industry Regulatory Organization of Canada (IIROC), National Association of Insurance Commissioners (NAIC) and others view social media, whether it’s external or internal, as just another form of business communications, such as email or instant messages. They remind us that it’s the content that is determinative, not the platform. Regulators also expect that firms demonstrate that they are supervising, or reviewing, a pre-defined portion of these communications. Other more general legislation may also apply such as Sarbanes-Oxley (SOX) Gramm-Leach-Bliley Act, and the data breach notification laws (PCI, DSS).

What this all means

In short, whether internal or external, firms need to ensure that all business communications (or “business as such”) are captured, archived, supervised and made easily e-discoverable. There is nothing new here as this has been an evolution. First paper, then email, instant messages, now both internal and external social media, firms continue to be challenged to capture, retain and review a portion of all business records in whatever form they appear. As a first step, firms may use their existing email and instant message retention policies as a framework to develop policies for internal and external social media. Governing said policies is a separate and pronounced challenge.

Governance is key

Firms are increasingly committed to comprehensive corporate governance to avoid scandal and to comply with regulations. The development of sound policies and procedures before deployment is key, given the vast amount of data stored in most collaboration environments and the free ranging conversations among employees, contractors and even clients that can ensue, policies must be defined.

Specifically policies should address: records management (retention, litigation readiness, privacy), information management (making sure that records are tamper proof, and easily accessible), data deposition (disposal of data) and conflict management.  Where possible, firms should automate policies with technology to protect their intellectual property, prevent the creation and distribution of inappropriate content and provide an audit trail of all activity to ensure accountability.

It’s a serious legal matter

When learning of pending litigation, firms must be able to preserve all records  (“legal hold” or “ligation holds”) that may relate to legal action against the company, including records of social activity. According to the Federal Rules of Civil Procedures (FRCP), firms must meet discovery requests for paper as well as electronic documents (spreadsheets, slide decks), emails, posts, and conversations across social media in a timely fashion. Therefore, firms need plans and the means to retain and produce such data upon request. Email was new and difficult, social is not yet understood, complex and mindboggling.

Social, not my grandma’s email

Social media, due to its nature, adds complexity to these requirements as interactions occur over time. For example, a blog starts with an initial post, then readers may add comments, or change their minds and revise and delete their comments and the original author may respond. These interactions could go on for months in some cases. Firms should have the ability to produce all of these threads of posts, comments and replies “in context” to give meaning to the conversations. By providing context, firms may reduce litigation costs by reducing the number of hours required by attorneys to sort through records to determine the sequence of events and the true essence of the conversations. Preserving context requires intelligent software solutions.

What now

Enterprise-wide “social business” tools were designed to facilitate collaboration, not necessarily to meet the legal and compliance requirements of regulated firms or public corporations. They offer basic functionality to capture and archive communications, but not the reporting, contextual view of information, nor granular policy setting that may be desired. Firms are therefore advised that before deploying enterprise wide collaboration tools, they look to third party vendors to ensure their compliance requirements are met.

Collaboration, no pun intended

I reached out to Mr. Etwaru (whom I met a few years ago at a conference in NYC) and shared this perspective. His response is below.

~~~~~~~~~~~~~~~~~~~~~

Hi Joanna,

            Your thoughts are spot on. From the regulators (who are doing a great job) point of view social, email, chat, etc. all carry similar risk and hence are metaphorically bucketed from a guidance standpoint. In the enterprise however, the risk with social is multiples higher for a multitude of reasons. One reason is employees learned of social in their personal lives where regulations are by and large absent. Hence, when using social in the enterprise (or in a commercial manner) employees (fallible as we are) tend to assume the same “free range” comes with social. The policy, governance and education you suggested is paramount, I could not agree more.

That being said …

However daunting all of this may be, the biggest risk is not using internal social media to break down silos and to unleash the intellectual power of the enterprise while driving innovation.

BTW, love your diagram, I can help you make it pretty

Hope this helps,

-R

~~~~~~~~~~~~~~~~~~~~~

Diagram above rendered by Mr. Etwaru,

-Joanna

Belbey Blogs: New Guidance on Using Social Media at Retail Banks

This week, the Federal Financial Institutions Examination Council (FFIEC) released “Social Media: Consumer Compliance Risk Management Guidance.  The FFIEC is asking for comments within sixty days.  You can download the 31-page document here.

Its release has created quite a stir within the banking industry.  A comprehensive article appeared on TheFinancialBrand.com, “Regulatory Shocker on Social Media in Banking Coming Soon” that summarizes the guidance quite nicely.

But . . . what’s so shocking?

We’ve been having the same conversations in the securities industry for three years.  And in those three years, firms have learned that there are three major areas of risk that need to be mitigated before deploying social media:

• Security:  your IT department needs to prevent your firm’s proprietary and client information from being leaked out either inadvertently or maliciously from the enterprise.  They also need to ramp up malware protection.  That’s because social media users are susceptible to incoming threats as they view themselves as part of a tribe and tend to click on any link sent by a “friend.”
• Compliance and Governance:  your legal and compliance departments already know that there are thousands of rules and regulations that govern the communications and advertising of publicly held corporations, firms in general, and bank specifically.  Take the securities industry as an example – the banking regulators aren’t issuing new rules and regulations around social media.  Social media is viewed as just another form of written communications.  Your compliance department is therefore challenged to interpret existing rules as they apply to social media and to develop and enforce firm policies.
• Enablement:  your executive team is concerned about productivity and the bottom line.  Now that every employee can be the face of the business, you either have a powerful marketing tool or your worst nightmare.  Employees will need to be trained on how to use social media effectively to meet the firm’s goals, such as nurturing existing clients, attracting new business, recruiting, and brand awareness.

However, during the last three years, we’ve learned that all these risks can be mitigated by strong corporate polices, backed up with technology and training.

So far, so good.  Nothing new here.  Or is there?  In addition to what we’ve already seen from other regulators, the FFIEC specifically also calls for:

• Creation of policies to address negative feedback or customer complaints, even if a financial firm chooses not to actively engage in social media.
• Monitoring to protect the firm’s brand identity
• Due diligence and oversight for third-party vendors that firms may hire in connection with social media

And the one that I find most interesting:

• Processes and reporting to demonstrate how social media “contributes to the strategic goals of the institution.”

In other words, the FFIEC recommends that firms measure the ROI of social media.

It will be interesting to see the reaction that FFIEC gets from the industry.  I just hope that the banking industry can use some of the key learnings from the securities industry to streamline the processes to reap the benefits of “getting social.”

For more details on how to deploy social media within retail banking, you can also check out Belbey Blogs: Upcoming Guidance for the Use of Social Media for Retail Banking from FFIEC.

Would I lie to you?

Last week the head of internet security at the Cabinet Office, Andy Smith, was quoted as having said that users should give fake details to websites to protect their identity. Putting aside the fact that this violates sites such as Facebook’s usage policy, it demonstrates a lack of understanding about how these identities will evolve in the future and how social media functionality and privacy settings should be used to control misuse.

As social becomes more interwoven into our everyday lives, it starts to make sense to use real information in interactions. Most people don’t pretend to be someone else when they’re out on a Friday night meeting new people face to face, so why should it be any different online?

However, offline we are more careful with what information we tell people and question what we are told in return. It’s that instinct that needs to be developed when using social and that’s where privacy settings can help. As Actiance’s Chris Mannon says in Social Media Scammers – New Frontiers of Aggravation – The goal should be to make sure that your information is not accessible without your explicit knowledge.

Ironically for Andy Smith, the UK Government is soon to launch its ID Assurance scheme that enables people to interact with Government services using login from third parties, one of which is rumoured to be a social network as I mentioned in a recent blog post. Whether this will happen is yet to be seen, but it is expected that companies such as Paypal will sit alongside the Post Office and BT.

But using third parties does give people a choice as to who they trust with their identify and force those organisations that don’t come up to scratch or offer the right privacy settings out of the picture or to up their game.

What is required is an education programme in the same way that we were all advised to shred or burn personal information such as credit card bills that we no longer require to keep. Helping people understand the implications of different privacy settings and the best use of features such as Facebook’s lists and Google+’s circles, will do far more for everyone’s protection than fake identities.

Whilst one could argue that trusting Facebook et al with your date of birth and mobile phone number sounds alarming, when you consider the vast number of data loss and theft incidents incurred by the UK Government in the last year alone it doesn’t seem that bad.

LinkedIn Endorsements: What should you do?

Sarah Carter contemplates a particular new Social Network feature set, that is causing some concern in certain sectors.

You can’t have helped but notice all the new features delivered by the social networks in recent months.  As a point in fact, here at Actiance, we’ve tracked a whole lot so far this year.   In 2012, we’ve tracked 150 changes on Twitter, 178 on LinkedIn and a whopping 1272 on  Facebook.

In today’s blog entry, I wanted to touch on one of the recent new features from LinkedIn:  Skills and Endorsements – the very term “endorsement” raises particular issues in the financial services industry, so I wanted to explain more about how you can deal with this.

With LinkedIn, there are two elements to Endorsements.

1)      Skills

2)      Endorsements of those Skills.

SKILLS:

As a LinkedIn user I can add a skill to my profile.  Once I have added this skill to my profile, ANYONE that I am connected to can endorse that skill.  Right now, I have no control over who can or cannot endorse me.  I can however, hide that endorsement.    Once I have hidden that endorsement, there is no current way to unhide it.

In addition to skills that I might add to my own profile, any of my connections can suggest a skill for my profile, with this suggestion comes an attached endorsement.  This skill (and endorsement) does not attach itself to my profile until I add that to my profile.  In other words,  I have to take affirmative action to make this happen.

ENDORSEMENTS:

Any connection I have may endorse skills that I have against my profile.  As the owner of that profile, I have no control available over these people adding this endorsement to my profile.

BEST PRACTICE RECOMMENDATIONS:

1)      Specify in your social media policy that items such as endorsements are considered recommendations and are expressly prohibited.  Advise regulated users that they should NOT apply or accept skills on their profile and should hide all endorsements if any are present.

2)      Enforce your written policy with technology and do not allow individuals to add Skills to their LinkedIn profile (i.e. control with technology, moderate all profiles and ensure that these additions are rejected).

3)      Search all existing (relevant) users to provide a report on who has Skills against their profile.

4)      Request the removal of skills against those relevant users  and/or hide any endorsements that are present.

Actiance provides technical controls to report on the addition of Skills and Endorsements to LinkedIn profiles for regulated users, the Socialite platform also enables firms who require additional controls in this area to pre approve changes to areas of static content, such as LinkedIn Profiles.

Through a combination of teams at Actiance, from our Social Media Labs to our Social Engagement Team, Actiance provides alerts and best practice notifications to customers of changes on social networks, that positively or negatively impact a best practice approach.  If you’d like to speak to one of our social engagement team, drop us a line social@actiance.com or drop us a message through @Actiance

Enterprise Collaboration: Debunking Common Misperceptions

Today’s post comes from Norv Leong, Director of Product Marketing at Actiance.

As social software becomes entrenched on the enterprise scene, now would be a good time to put to rest some common misperceptions and myths that have hung ominously over the space.  The Jive IPO and Microsoft’s acquisition of Yammer speak to the validation and adoption of social software as a viable means to enhance productivity and foster engagement.

So, with that as a backdrop, let’s take a look at some common misperceptions and see how we can’t allay these concerns:

Myth #1:  Social software isn’t subject to regulatory guidelines

Social media and social software may be new forms of communication, but that doesn’t mean they shouldn’t be logged and archived for regulatory compliance purposes.  In the eyes of the regulatory bodies (think SEC, FINRA, FERC, and similar), social software is just another form of electronic communication to be treated no differently than email.  That means that content posted to social software platforms needs to be supervised, logged, and archived to ensure compliance with applicable recordkeeping and monitoring provisions.  Since social software greatly facilitates collaboration, it’s very easy for individuals to bounce ideas (sometimes sensitive or unauthorized information) off each other and exchange files.  That’s why the regulators are interested.

Myth #2:  No one cares about social software eDiscovery

Anyone who’s lived in the US for any length of time will quickly and vigorously nod their head when asked, “Do you think the US is a litigious society?”  That’s like asking the Pope if he’s religious.  People do care about social software eDiscovery, and over the last few years, we’ve begun to see several cases emerge involving social.  Lester v Allied and Crispin v Audigier come to mind as particularly relevant cases involving social media eDiscovery.

In fact, Duke University conducted a comprehensive study and found that the number of eDiscovery cases jumped from 7 in 2003 to 111 in 2009.  The study cited that the #1 reason for courts issuing sanctions was a failure to produce electronic evidence (social software included).  And, like litigation in general, there seems to be no end in sight.

Myth #3:  Corporate governance has nothing to do with social software  

Au contraire.  Social software has everything to do with corporate governance, especially in an era where news travels lightning fast via social channels.  You needn’t look further than the Arab Spring to see the speed and power of social in action.

Good corporate governance entails having the appropriate policies and procedures in place for records retention, information governance, and conflict management.  It’s wide-ranging with the objective of instilling a sense of accountability throughout the company.  And this includes social software communications.  People use social software to brainstorm, debate, and even vent.  Say or write the wrong thing, and all of a sudden, it becomes a corporate governance issue.

Myth #4:  Plain ol’ capture is sufficient

Well, not exactly.  Following on from the discussion above, responding in a timely fashion to discovery requests sounds easy but comes with some challenges.  When you think about the volume of data floating around out there (emails, social software content, Facebook posts, Skype IMs, etc.), you’ll get a headache right quick.  Those headaches are compounded by the manner in which this content is logged and archived.

Many of today’s archiving systems just capture the content without regard to context.  We all know that people like to respond to blogs or other posts on social media.  When you’ve got a couple dozen people chiming in with their thoughts, feedback, even deleted comments, it’s easy to see the importance of capturing conversations in context.  There are just too many regulatory, legal, and corporate governance issues at stake to risk a substantial sanction or fine.

Off my soapbox now…

So there you have it – this author’s version of Mythbusters.  Like with most things social, it’s all quite fluid and dynamic.  What I just wrote today may be old hat tomorrow.  But, given that old-school concepts such as law and compliance still hold valid today, I gotta believe that the myths debunked above has some legs.

What kinds of myths are you seeing in your enterprise?