|This article is an excerpt from the The 2017 Financial Advisor’s Guide to Social Media. This guide contains practical steps that will help you develop a social media strategy and policy that meets social media recordkeeping and supervision regulatory requirements, while gaining maximum business value from your social efforts.
Download the full eBook here.
Social media has become a valuable extension of a company’s profile, keeping a business—and its services—top of mind with potential and existing customers.
With consumers using social media as a resource guide and first-touch experience, it’s increasingly important to make sure your company is positioned as an industry thought leader—while ensuring your strategies and policies meet the requirements of financial regulators.
How can you play within the boundaries, while staying engaged?
Smarsh recommends the following best practices when adopting and governing social media:
1. Create and implement a policy:
Implement the most up-to-date regulatory guidance into your firm’s social media policies and practices. Have a detailed, reasonable social media policy in place, and review all applicable guidance notices to ensure your firm’s policy reflects them. Your policy is a living document that should be signed by your firm’s representatives. Your policy should answer these important questions:
- Why are your representatives allowed to use social media?
- Which social media platforms and accounts can be used for business purposes?
- Who is authorized to use your firm’s social media accounts?
- Who is responsible for monitoring social media activities?
- How is your social media policy enforced?
- What are the consequences for violating the written policy
Your advisors need to know your firm’s official social media policy, and receive training on how to use social media in accordance with your rules. Ongoing employee training is a must, because platforms and practices change rapidly, and regulatory guidelines evolve quickly. Key training topics include:
- Personal vs. business social media
- Which social media messages need to be approved before posting
- Which messages need to be reviewed after posting
- How to manage third-party social media content
3. Supervise and archive activity:
An archiving solution will allow your firm to capture official records of posts, and search, supervise, and produce those records in their original format for production when necessary, such as during an audit, examination or eDiscovery event. You’ll want to archive and monitor content from your firm’s approved accounts on all of your different social media platforms, and accommodate new platforms as needed.
Your compliance team also needs to demonstrate they’ve reviewed your firm’s social media posts, documenting who has evaluated and approved each post. Make sure you can track the lifecycle of each social media message, including the exact date and time it was created (or deleted), and the precise actions taken by the firm if a message is escalated during review.
An automated audit trail can help substantiate and document your social media review actions taken, and provide read-only-format evidence that supervisors enforce policies.
This article is an excerpt from the The 2017 Financial Advisor’s Guide to Social Media. Download the full eBook here.
Last week, Smarsh attended FINRA’s premiere event in Washington D.C. The 2017 FINRA Annual Conference was jam-packed with FINRA and SEC regulators, financial titans from leading organizations, and exhibitors. Participants learned about the latest regulatory developments and gained practical guidance on today’s top compliance issues. The conference agenda included a focus on technology trends and challenges in the securities industry.
The biggest takeaway from the event was that firms must leverage technology to address compliance risk, as mentioned throughout panel discussions. The regulatory environment continues to rapidly evolve, and technology provides the compliance solution. FINRA is also leveraging technology and analytics to improve and support regulatory oversight.
With a focus on technology, here are the top tech trends and updates highlighted at the conference:
1. Firms need tighter control over electronic communications.
FINRA is actively thinking through how its rules and programs interact with technology and innovation. In its Communications with the Public session, FINRA reinforced that firms need to use electronic communications surveillance to govern and control their advisors’ communications with the public.
FINRA noted there’s still confusion about electronic communications among firms, and lingering questions remain about what requires supervision and retention. One highly discussed topic was personal versus business communications, including what firms should do to manage compliance in this area. FINRA representatives reiterated that:
- It’s the content of a message, not the device, operating system, or platform, that determines the status of a message as a business record. Firms must educate their advisors about the difference between business and personal communications, and be specific about which types of communication are subject to supervision and retention.
- Firms need solid controls in place to meet the requirement to retain, supervise, and produce business communications. Firms with a sound data governance structure in place incorporate the following: a) the right people, b) development of effective electronic communications policies, c) ongoing review of electronic communications policies, and d) distribution of a communications playbook to advisors. Firms need to let their employees know what’s expected and allowed regarding communication. Controls must be in place to capture business communications, from email to social media to text messaging.
- Firms must supervise their advisors’ social media communications with the public, in line with current regulations. FINRA noted that when a firm has the right technology tool in place to help with social media supervision, this can go a long way to help manage risk and give compliance professionals a sense of control. (See more below).
2. Firms should implement effective practices to prevent risk related to senior investors.
FINRA views the protection of senior investors as a top priority, and devotes considerable resources to mitigate risk to this demographic. During the conference, FINRA encouraged firms to review and, where needed, enhance their policies to address specific issues common to many seniors. Highlights included:
- New Rule 2165 and its accompanying amendments to Rule 4512 become effective February 5, 2018. To protect seniors from financial exploitation, FINRA broker-dealers will soon be required to obtain the name and contact information of a Trusted Contact Person for each customer’s account. Also, FINRA broker-dealers will be permitted to place a temporary hold on the disbursement of funds or securities from accounts where there’s a reasonable belief of financial exploitation of seniors.
- Firms should use technology to help pinpoint risk to senior investors. Firms that use automated supervision technologies are in the best position to address financial exploitation of seniors. Firms can use The Archiving Platform from Smarsh to set up policies that flag questionable behavior and communication related to investors. Data analytics can also help firms find changes in pattern behavior of a senior investor’s account.
3. Social media and mobile communications are key to compliance practices.
At the Social Media and Digital Communications Trends session, FINRA again addressed the distinction between personal and business communications. The panelist highlighted that firms must ensure business communications are retained and supervised, whether messages are sent on business or personal devices. A panel survey revealed 66% of firms allow Bring Your Own Device scenarios, where advisors use their personal smartphones and other devices for business communications. This creates a unique challenge, and firms must enable their compliance teams to capture and supervise the business communications on those devices, to satisfy current regulatory requirements. Other highlights include:
- It’s not realistic to prohibit text messaging. Prohibiting the use of text messaging for business communications is no longer practical. It’s often the client who initiates contact via text, so firms must have a system to supervise and retain these communications. Panelists emphasized clients want and expect to communicate with their advisors via text, because it’s convenient, easy, and immediate. Millennial investors are the most likely to expect text communication, and interaction on social media.
- Training and education are critical. Again, firms must educate advisors about the difference between personal and business communications for the purposes of supervision, review, and archiving of business content. Compliance professionals and others who review business communications should also receive ongoing training as technology evolves. In April, FINRA issued more guidance on the use of social networking sites, which firms should review to ensure compliance.
The annual conference was a clear indication that as the industry changes, FINRA and financial services firms are managing risk with technology. Firms need to move quickly to update compliance procedures and implement sophisticated technology solutions. The Archiving Platform from Smarsh allows firms to supervise the activity of specific brokers, and spot fraudulent or questionable activities. The platform tools help firms comply with the regulatory obligations, and identify potential deficiencies that would go unnoticed otherwise. As emphasized at the FINRA conference, firms cannot do it alone; it’s simply unrealistic and too costly to manage risk in any other way.
Results from the 2017 Electronic Communications Compliance Survey show that the current compliance landscape has continued to become increasingly broad, complex, and heavily scrutinized. In addition to trying to keep up with an ever-expanding number of non-email communication options, firms are dealing with an unprecedented increase in regulatory actions, with 2016 shattering the record for the amount of fines levied on the financial services industry. With more employees than ever clamoring for the collaboration and knowledge sharing communication tools that have become essential to growing a successful business, it’s increasingly important for compliance teams to understand how other firms are managing the challenges posed by supervising new channels and platforms. In this report, you’ll find out: Want to compare against last year’s survey report? You can find it here.
Results from the 2017 Electronic Communications Compliance Survey show that the current compliance landscape has continued to become increasingly broad, complex, and heavily scrutinized. In addition to trying to keep up with an ever-expanding number of non-email communication options, firms are dealing with an unprecedented increase in regulatory actions, with 2016 shattering the record for the amount of fines levied on the financial services industry.
With more employees than ever clamoring for the collaboration and knowledge sharing communication tools that have become essential to growing a successful business, it’s increasingly important for compliance teams to understand how other firms are managing the challenges posed by supervising new channels and platforms.
In this report, you’ll find out:
Want to compare against last year’s survey report? You can find it here.
On-Demand Webinar: Key Findings from the 2017 Electronic Communications Compliance Survey
It’s time to take stock of the compliance landscape, and to understand how other firms are managing the challenges posed by supervising new channels and platforms.
The blizzard of bad press after United Airlines ejected a boarded passenger has died down, but if airlines were people (and had obituaries), United’s would surely include the April 9, 2017 episode. The outrage was immediate and international, but outrage wasn’t the only consequence. United was vilified on social media, mocked on national TV and on the web, threatened with a Congressional investigation and consumer boycotts, and criticized by everyone from bloggers to the president. The press reported that United’s stock took a $1.4 billion hit the day after Dr. Dao was violently dispossessed of his seat. That plunge was short-lived, but there are only a handful of large airlines in the United States, so flyers have limited choices. On the other hand, there are thousands of mortgage providers. In an industry as competitive as mortgage lending, a calamity as big as United’s could mean game-over.
So what can mortgage companies learn from United about how to handle social media meltdowns?
The lesson can be summed up briefly: acknowledge, apologize, ameliorate and amend.
Acknowledge. Everyone makes mistakes. And with universal real-time social media connections, mistakes are visible virtually everywhere, virtually instantly. The old saying, “pictures speak louder than words” rang true when we saw the bleeding doctor being dragged down the airplane aisle. Anyone would look at those images and say simply, “That’s wrong.” Speaking up about what’s wrong: acknowledgment.
Apologize. When mistakes happen, an apology is in order. United eventually got around to apologizing to its passenger, but not before the CEO blamed the victim, calling him “defiant” and claiming he tried to strike officers sent to unseat him. Later, United blamed the police officers. Its eventual apology rang hollow with a lot of people. Dr. Dao’s settlement figure is undisclosed, but as a lawyer I can’t help thinking it would have been lower had the words “we’re sorry and we’ll make this right” been the first words from United, not the last.
Ameliorate. Long word, simple meaning. Ameliorate means “make it better.” Postponing the decision to make something better often means the situation worsens in the meantime. Think putting off regular visits to the dentist, ignoring mold in the shower enclosure, or failing to take out the garbage for two days after a shrimp dinner. So many things just get worse while we’re waiting to decide how (or if) to make them better. Waiting is risky; public opinion hardens, the injured party digs in, and if the story is big enough (like United’s), the press keeps picking at the wound.
Amend. The last lesson is to amend the pattern, culture, procedures or whatever led to the problem. To its credit, United did this. It eventually announced changes prompted by the April 9 incident. Its CEO said the airline “can never apologize enough” and United changed its involuntary denied boarding process, vowed not to use law enforcement to deplane passengers, said it would not require boarded passengers to disembark, and would increase compensation for voluntary denied boarding. It will set up a customer solutions team, train its agents more, and reduce overbooking. These are significant amendments to its pre-April 9 operation.
The home mortgage industry has had plenty of United moments. Remember robo-signing? ARM-resets? Teaser rates? 125% LTVs? “No docs” underwriting? Appraisal collusion? Dual tracking of foreclosure and loan modification? The loan servicing settlement? The list could go on … but my point is that these situations could have turned out better for the industry, with fewer expensive settlements and less regulatory backlash if problems had been addressed with a view to acknowledge, apologize, ameliorate and amend. The consumer financial industry depends on trust. Treating customers right is obviously the best way to earn and keep trust – but when things go wrong, making it right again is the best way to rebuild broken trust. And that’s what the mortgage business can learn from United.
Many financial services firms still struggle to understand and fully embrace social media and mobile communication rules. In light of the emerging technologies and communications, FINRA recently published Regulatory Notice 17–18: Social Media and Digital Communications, providing further guidance on the FINRA rules governing social media and text messaging communications for member firms.
FINRA’s updated guidance further clarifies the rules governing communications with the public via social media, and the use of personal devices for business communications. The Notice also reminds firms of the recordkeeping, supervision, and content requirements for such communications.
Here are some important takeaways:
- Recordkeeping. Firms are reminded of their obligation to keep records of business communications under SEA Rule 17a-4(b)(4). Also, firms must train and educate their advisors regarding the distinction between business and personal communications, and the requirements to retain, supervise and produce business communications.
- Text messaging. Firms that communicate or allow advisors to communicate through text messaging or chat services for business purposes must retain records of those communications, in compliance with SEC and FINRA rules.
- Personal communication. Advisors can share firm information that is not related to their firm’s product or services without becoming subject to FINRA Rule 2210. For example, an advisor may share their firm’s post about a charity event that the company sponsors. However, if the communication does pertain to the firm’s products and services, then the content is subject to FINRA Rule 2210.
- Third-party content. Regulatory Notice 10–06 states that posts by customers or other third-parties on a firm’s social media accounts are not considered ‘communications with the public’ by the firm or advisor, under FINRA Rule 2210. Regulatory Notice 17–18 reiterates this point. However, there are some exceptions, including situations where a firm pays for, prepares, controls, or explicitly endorses content posted by third-parties. In these scenarios, a firm must comply with FINRA Rule 2210.
- Hyperlinks to third-party websites. FINRA reminds firms that Regulatory Notice 11–39 states firms cannot link to any third-party website that contains false or misleading content. The Notice further clarifies that a firm ‘adopts’ third-party content when it shares or links to it, and as a result must ensure the content complies with communications rules.
- Endorsements and testimonials. Unsolicited third-party comments or opinions posted on a firm’s social media aren’t firm communications, or testimonials under FINRA Rule 2210. However, if the firm or advisor likes or shares a comment/testimonial, that is considered adoption of content, and is subject to the communications rules.
- Note: Registered Investment Advisors should still comply with SEC Rule 206(4), which prohibits promotion of client testimonials and endorsements.
- Native advertising. Firms may use native advertising if it complies with the provision of FINRA Rule 2210. In particular, native advertising must disclose the firm’s name, disclose any relationship between the firm and any other entity or individual who is also named, and mention the products or services offered by the firm.
What does this mean for firms?
FINRA makes it clear that firms must archive all electronic communications, including content from social media, text messaging, and other mobile platforms.
In response to the guidance, firms should review their social media and mobile policies and procedures. Specify the difference between personal communications and business communications. Training and ongoing education are critical, especially as advisors become acclimated to social media, text messaging and mobile apps to communicate with prospects and clients.
The digital landscape continues to evolve and firms must leverage technology for compliance and supervision. Smarsh provides the tools and platform to capture and supervise all incoming and outgoing business communications. It’s simply not realistic or cost effective for a firm’s compliance officer to manually spot check all of their firm’s social media profiles and mobile messages. The Archiving Platform from Smarsh automatically captures social media and mobile content in its native format and flags communications based on client-set lexicon policies if further review is needed. As a result, a compliance officer can focus their time and energy on the most pressing items for review, rather than searching for risk in all the wrong places.
As an advisor, do you have one or more accounts on social media platforms, such as Twitter, Facebook or LinkedIn?
If so, are you ready for the SEC’s adopted amendments to Form ADV and the Advisers Act books and records rule?
Registered investment advisors filing an initial Form ADV or an amendment to an existing Form ADV on or after October 1, 2017 will be required to provide responses to the adopted form revisions. This includes the new requirement that advisors disclose their firm’s social media platforms in Section 1.I of Schedule D in Form ADV.
The change in social media disclosure signifies a big shift in the way that the SEC will approach and evaluate an advisor’s risk profile.
What’s the big deal?
Up until now, advisors only needed to list their corporate websites on Form ADV. However, advisors will now be required to list all their corporate social media accounts, including corporate social media pages and other publicly-available, business-related profiles on LinkedIn, Twitter, Facebook, and so on.
This has implications for an advisor’s compliance procedures and risk exposure. The specific inclusion of social media signifies the SEC will heavily scrutinize an advisor’s corporate social media accounts during an examination or audit, which is stated in the final Form ADV and Investment Advisers Act Rules.
It’s not too late to prepare
Now that social media accounts are under the microscope, it’s critical that advisors archive and supervise their corporate accounts. The SEC will ask for social records, so firms must find the most efficient and thorough way to retain and produce this type of content.
A comprehensive archiving platform provides the solution that allows firms retain and produce social media alongside other frequently requested communication records, including email, text messages, and website content. Records can be located and produced quickly in the event of an examination, so regulators can review social media conversations and information exchanged with clients or prospects across various communications channels.
For instance, if a conversation between an advisor and a prospective client starts on a website, moves to email, and concludes on Facebook, records within a firm’s comprehensive archive will show the entire interaction with across multiple content channels.
If you use Facebook, Twitter, LinkedIn, or any other publicly-available social media platform to communicate with clients and prospects, now is the time to revisit your social media policies and recordkeeping processes and ensure they are ready for regulatory scrutiny.