Compliance Requirements and Social Media Usage: FINRA and SEC

Transcription

1 Compliance Requirements and Social Media Usage: FINRA and SEC

2 About Doculabs 2 Doculabs consultants are experts in enterprise social collaboration and content management. We deliver highly actionable and comprehensive strategic plans and road maps that help our clients achieve their business goals, create competitive advantage, and reduce risk. Our services help organizations govern information for the benefit of internal and external constituents through enhanced customer communications, e-discovery, and collaboration processes. Quick Facts Founded in 1993 Headquartered in Chicago Privately held Delivered more than 1000 engagements to more than 500 customers

3 The FINRA Guidance on Social Media 3 The Financial Industry Regulatory Authority (FINRA) has issued new specific guidance to securities firms and brokers on the use of social media Addresses the changes in usage, as workers spend more time on social networking sites in a business context Explains how rules governing communications apply to social media platforms that have been created by a firm or its registered representatives Social networking sites and blogs raise new regulatory challenges Particularly in the areas of supervision, advertising, and books and records requirements

4 Some of the Key Points 4 Policy Covered firms should create, distribute and adhere to an online privacy and social media policy Retention Records of communications related to the rep s business made through social media sites must be archived (though the rules are tech-neutral) Recommendations A best practice is to prohibit all interactive electronic communications that recommend a specific investment product unless a registered principal has previously approved the content

5 Details of the Key Points 5 Firms are required to retain records of communications related to the broker/dealer s business that are made through social media sites Must first ensure that it can retain records as required by SEC Rules 17a-3 and 17a-4 and NASD Rule 3110 Issues: retention, review (like ), offsite use of social media by reps Recommending a security through a social media site triggers NASD Rule 2310 regarding suitability and thus liability Issues: firms and their social media tools must limit access appropriately

6 Details of the Key Points 6 If firms do recommend specific investment products on social media sites, then they must adopt adequate supervision policies and procedures A best practice is to prohibit all interactive electronic communications that recommend a specific investment product unless a registered principal has previously approved the content Some firms maintain and provide access to examples and templates of previously approved communications Consider doing both: prohibiting recommendations of specific products unless the communication conforms to a pre-approved template and the specific recommendation has been approved by a registered principal Consider adopting policies and procedures for communications that simply promote (rather than recommend ) specific investment products

7 Static Content versus Interactive Public Forums 7 Static versus Interactive content and functionality Static blog postings on a firm s sponsored blog are advertisements and require prior principal approval of any such posting Many postings are real-time interactive communications, and thus an interactive electronic forum that does not require prior principal approval Social networking sites (Facebook, Twitter, LinkedIn) typically include both static and interactive Static includes profile, background or wall information, and requires prior principal approval (firms may use an electronic system to document these approvals) Interactive includes Twitter and Facebook posts; the interactive part of the constitutes an interactive electronic forum, and firms are not required to have a registered principal approve these communications prior to use

8 Supervision of Social Media that s Interactive 8 Though prior principal approval is not required, firms must supervise these interactive electronic communications under NASD Rule 3010 To ensure that they don t violate the content requirements of FINRA s communications rules Consider adopting supervisory procedures like those for electronic correspondence in Regulatory Notice Employ risk-based principles to determine the extent to which the review Adopt procedures that require principal review of some or all interactive electronic communications prior to use, do post-use review, including sampling and lexicon-based search

9 Supervision of Social Media that s Interactive 9 Firms must have policies and procedures for reviewing communications about specific subject matters Research reports, customer complaints, order errors There are systems to address both the books and records rules and supervisory procedures for social media sites that are similar to management products and similar tools Regarding restrictions on personnel, firms must adopt policies and to ensure that the reps are supervised, have training and background, and don t present undue risks

10 General Recommendations 10 Overall Strategy Include Social Media in your compliance strategy and road map, using existing approach as starting point but addressing significant new issues outlined in this PowerPoint Doculabs Assistance Doculabs offers strategic advisory services designed to help client map out their go-forward implementation of social computing technologies Our services include: Current State Assessment Future State Design (how social media capabilities should be integrated with / leverage existing compliance systems ) Implementation Road Map Business Case

11 Thank You Lane Severson Doculabs, Inc. (312)

12 Doculabs Compliance Program Framework 12 E-Discovery Program Categories Overall Program Strategy Governance and Operations Information Organization Process Design and Implementation Architecture and Technology Communications and Training Category Overall Program Strategy Definition The overall vision and strategy for litigation readiness. This strategy should address existing visions and strategies for enterprise content management (ECM) and for records management (RM), and should address any gaps that may exist. This strategy should also establish general principles for the level of resources the organization will apply to the program at a high level. Key Components RM vision, strategy, and roadmap ECM vision, strategy, and roadmap A litigation readiness vision, strategy, and roadmap that addresses the RM and ECM strategies and addresses gaps Principles for resources Governance and Operations Information Organization Process Design and Implementation The governance structure and operational structure(s) for implementing the litigation readiness strategy. Includes roles, responsibilities, program governance metrics, policies, procedures, and guidelines. The manner in which information is organized. This includes a content taxonomy or organizational hierarchy, a record plan and retention schedule, and a content map of the organization s electronically stored information (ESI) and content repositories. The overall processes used to support litigation readiness. These include the e-discovery process itself, as well as the overall records/information lifecycle management process. Governance structure (roles, responsibilities) Operational structure (roles, responsibilities) Rules policies, procedures, and guidelines for records management and e-discovery Content taxonomy Records retention plan ESI-Repository Map Discovery process Record/information lifecycle management process Architecture and Technology Communications and Training The tools and technologies that are used or leveraged for litigation readiness, and the architecture for how they fit together. This can include specialist tools for e-discovery as well as technologies and capabilities for ECM, records management, and management. The mechanisms used to educate the user community and improve compliance and adoption of the procedures and solutions that support litigation readiness. Architecture strategy ECM tools and capabilities Records management tools and capabilities management tools and capabilities E-Discovery tools and capabilities Communication plan/program Training plan/program