There have been a lot of discussions lately regarding the regulatory landscape in the financial services sector. I know everyone has Dodd-Frank on the mind these days; however another significant hot topic is Social Media. It is a topic of discussion at every conference I have attended this year.
Over the last couple of months the IIROC (Investment Industry Regulatory Organization of Canada) has issued their guidance on social media, FINRA announced their examination priorities for 2011 and the SEC sent our sweep letters regarding the use of social media. It’s clear with all the attention social networking has generated that it is not a fad that’s going away and the regulators are serious about making sure it’s done in a compliant manner.
So what does it mean when I say “in a compliant manner”? Well first and foremost it means that you have policies and procedures that are reasonably designed to supervise and train your representatives and staff about how to use or not use social media sites. One thing that has been made perfectly clear is that a policy that says you do not allow social networking and attestations from your representatives stating they do not use social media is not considered sufficient by the regulators.
You need to make certain that your policy has addressed all the records retention requirements that arise from the use of social media sites. I would highly recommend using an automated solution for archiving these communications. However, you need to make certain that the solution can capture 100% of the data created on these sites. That way you can run word searches and other rules to minimize the number of posts you need to review. I can’t imagine a less productive use of time than to have to read every posting. I don’t know about you, but I have no desire to know who’s at the movies, or where someone is going for dinner.
So what have the regulators said recently? In a recent Wall Street Journal article, John Walsh, associate director and chief counsel of the SEC’s office of compliance inspections and examinations said “ misuse of social-networking sites is an issue that is cropping up during SEC examinations and enforcement actions. Problems include advisers who use false information in their LinkedIn profiles or overstate their experience. “Needless to say the Sweep letters from the SEC are finding issues that raise their level of concern. In the future, I expect to see fines as a result of their growing concerns and am hopeful that we will see a list of lessons learned and best practices from the regulators real soon.
So what can you do to stay off their radar screen? First find out how social media is being used at your firm. Then perform a risk assessment to determine how big a compliance problem you may have. Create your policy and procedures and make sure you have covered all the bases as outlined in FINRA NTM 10-06. Ideally you will be able to use an automated solution to help you monitor your policy. Create a training program for existing representatives and staff and make certain they understand what the firm’s policy is and how to adhere to it. Add this training program to the new hire orientation and new transition training program in your firm. Always document attendance and archive the information appropriately so you can deliver it to a regulator if the need ever arises. In other words, be proactive not reactive. It’s the best way to protect your firm.