Social Media Triggers Ongoing Compliance Requirements

Before social media gained popularity, Registered Investment Advisers (“RIAs”) launched a website and often did little else to market their firms. In many instances, the website content remained stagnant for years. Each firm’s Chief Compliance Officer (“CCO”) was to preapprove all content posted and to review it periodically. As RIAs now rely more on communications and advertisements using social media, CCOs’ compliance responsibilities are increasing dramatically.

The most recent version of the Form ADV took note of the growing use of social media by RIAs. Firms must disclose all of their websites, as well as any publicly available social media platforms they utilize. These disclosures must be updated promptly as changes occur.

General compliance rules may not fit specific facts and circumstances

Though investment advisers usually understand broad compliance principles, there are nuances to the rules that govern RIAs’ activities that may be overlooked. Most CCOs are aware that advertisements must not contain testimonials and misleading statements; however, the devil is in the details. As an example, in March 2014, the SEC provided guidance relating to testimonials used in advertisements on social media. The SEC’s guidance advised that RIAs may advertise using public commentary about their services posted on independent social media sites, provided that every review is included in the advisory firm’s advertisement. The SEC’s guidance cautioned that an RIA must not be able to influence the third-party sites, and its advertisement must include all comments about the firm without editing them. RIAs may not offer a subjective analysis of the opinions published on those sites. Basically, when linking to review sites, the RIA must be willing to take the good reviews with the bad ones.

Even if RIAs are complying with general guidance from the SEC, their specific use of social media can create compliance problems. Although one adviser’s reviews on Yelp did not raise red flags, the firm provided a short bio, which was included on the site. The content supplied by the adviser boasted that the firm ‘is the most trusted,’ and its ‘financial services are flawless.’ It would be impossible for an adviser to prove with objective evidence that the firm is the most trusted. Furthermore, words like “flawless” are viewed as marketing hype, which is inherently misleading.

Blogs raise additional compliance requirements

While blogs are an effective marketing tool, they raise additional compliance requirements. Some RIAs require that blog posts be preapproved by the firm’s CCO or a designee. This approval process often slows down the firm’s ability to post timely content. Other firms set forth blog posting guidelines for personnel to follow and then monitor posts after the fact.

Interactive blogs up the ante on compliance requirements. A firm’s CCO must review the site regularly to ensure that noncompliant content has not been posted by third parties. For example, a client might post a testimonial for the adviser. If that occurs, it must be removed promptly. Otherwise, the firm is taking ownership of the testimonials.

A firm’s compliance manual should specify who is authorized to blog on behalf of the firm. Policies and procedures should articulate whether Investment Adviser Representatives (“IARs”) and solicitors may post on blogs and what type of content is allowed. RIAs must also implement a process to make certain that all blog posts are retained in the firm’s books and records. Companies such as Smarsh can assist RIAs with archiving blogs and all types of social media.

If a RIA allows IARs to host their own blogs or to post on other sites, the firm should establish restrictions on what may be discussed. In addition to preapproving all posts, the firm’s CCO or a designee must supervise and monitor these blogs. Occasionally, IARs make the mistake of referencing past specific recommendations of the RIA, which were profitable to clients. Rule 206(4)-1(a)(2) under the Investment Advisers Act of 1940, and similar state rules, prohibit references to past specific recommendations that were profitable to anyone unless the ad sets forth or offers to provide a list of all securities recommended during the immediately preceding period of not less than one year. The list must also contain specific disclosures. Examiners are concerned that RIAs will only mention the securities that soared in value, not those that performed poorly.

Facebook users need face time with their CCO

RIAs should make certain that all associated persons understand that personal Facebook pages should not be used to market the firm. Furthermore, a RIA’s social media policy should stipulate who may post on social media sites used for business purposes.

CCOs must be vigilant in their supervision of the firm’s Facebook page. CCOs should never assume that the content on another RIA’s Facebook page is compliant. One RIA’s Facebook page contained a post from a client who expressed his euphoria over how well the adviser had managed his portfolio. Another client posted his gratitude for making his dream vacation possible. Like other advertisements, social media sites should not contain express or implied testimonials. RIAs that permit noncompliant content to remain on their Facebook page are likely to receive a deficiency letter when examiners conduct an examination. There is also a risk that a competitor will tip off regulators regarding the RIA’s noncompliant activities.

Posting business-related content on a personal Facebook page causes it to be an advertisement for the firm. When that occurs, the personal Facebook page is subject to the RIA’s social media policies and procedures.

While CCOs do not owe a duty to supervise employees’ personal Facebook pages–if they do post business-related content, the CCO must take action after learning that a social media site is being used inappropriately. CCOs must act decisively if they learn that an IAR is touting the firm’s performance or services on a personal Facebook page. In some cases, activities and statements on an associated person’s personal Facebook page can reflect badly upon the firm and indirectly hurt its image. Associated persons should be warned that Facebook posts are not always private and may harm the firm’s reputation.

A firm’s CCO should require that IARs and other members of the firm disclose which forms of social media they use. Associated persons should attest that they will not use social media for business purposes unless authorized to do so by the firm.

Conclusion

CCOs should impart the message that every communication, including those using social media, may be reviewed by examiners at some point. Examiners analyze whether a RIA is meeting its fiduciary obligations. Stephen Murphy, Vice President for NCS Regulatory Compliance, recently conducted a webinar with Mike Pagani of Smarsh entitled, How New Communication Channels Are Affecting the Role of the CCO.

Murphy observed that from a supervisory point of view, CCOs must discern whether an adviser was trying to perpetrate a fraud or was just sloppy. To listen to the recording of this webinar, please visit our webinar center here.

A hastily-written communication using social media might give the impression that the RIA has not met its fiduciary duty. As an example, when reviewed by examiners in a vacuum, it might be impossible to discern that an IAR discussed a particular issue at length with a client only hours earlier. In addition, these communications may lack disclosures, which help to ensure that the content is not misleading.

Firms should implement policies and procedures that directly address social media. They should be consistent with the RIA’s advertising policies and procedures.

Investment advisers, as well as their marketing and compliance personnel, can benefit enormously by learning more about how social media can be used effectively and compliantly. All of them will receive valuable information by attending NCS Regulatory Compliance’s summit Driving Growth through Social Media on March 8, 2018, at the Delray Beach Marriott. Peter Driscoll, Director of the SEC’s Office of Compliance Inspections and Examinations, will be the keynote speaker, covering the important topic of 2018 Exam Priorities. To register, please visit our registration site here.

Share this post!

Smarsh

Smarsh

Smarsh® helps organizations get ahead – and stay ahead – of the risk within their electronic communications. With innovative capture, archiving and monitoring solutions that extend across the industry’s widest breadth of channels, customers can leverage the productivity benefits of email, social media, mobile/text messaging, instant messaging/collaboration, websites and voice while efficiently strengthening their compliance and e-discovery initiatives.

A global client base, including the top 10 banks in the United States and the largest banks in Europe, Canada and Asia, manages billions of conversations each month with the Smarsh Connected Suite. Government agencies in 40 of the 50 U.S. states also rely on Smarsh to help meet their recordkeeping and e-discovery requirements.

The company is headquartered in Portland, Ore. with nine offices worldwide, including locations in Silicon Valley, New York, London and Bangalore, India. For more information, visit www.smarsh.com.
Smarsh

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.