ING Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
3 likes753 views
The document presents best practices for navigating social media regulations within the investment industry, emphasizing the importance of compliance with Finra and SEC rules. It outlines record-keeping requirements, suitable content guidelines, and the necessity for collaboration with legal and compliance departments. Additionally, it highlights the risks of non-compliance and offers resources for proper supervision and training on social media usage.
![Recordkeeping Requirements
• What records are required to be kept in social media activities?
• Static Postings
• Discussion threads
• Third Party Postings
• For FINRA member broker dealers:
• 3 years with the last 2 years in an easily accessible place.
[FINRA Rule 2210 (b)(2)(A) and 3110]
• For SEC registered investment advisors:
• 5 years with the last 2 years in an easily accessible place.
[SEC Rule 17a-3 and 17a-4 of the ‘34 Act]
• Regulators do not endorse any particular record keeping technology or
vendor, nor acknowledges that there are adequate technology that exists.
6](https://image.slidesharecdn.com/ingpresentationcompatibilitymode-110728084446-phpapp02/85/ING-Presentation-BDI-7-26-11-Social-Media-Security-Compliance-Workshop-for-Financial-Institutions-6-320.jpg)
![Compliance Resources
1. FINRA Regulatory Notice 10-06
Social Media Web Sites
[http://www.finra.org/Industry/Regulation/Notices/2010/P120760]
2. FINRA Regulatory Notice 01-23
Online Suitability
[http://www.finra.org/Industry/Regulation/Notices/2001/P003886]
3. FINRA Regulatory Notice 07-59
Supervision of Electronic Communications
[http://www.finra.org/Industry/Regulation/Notices/2007/P037554]
4. FINRA Advertising Compliance Resource
[http://www.finra.org/Industry/Issues/Advertising/]
14](https://image.slidesharecdn.com/ingpresentationcompatibilitymode-110728084446-phpapp02/85/ING-Presentation-BDI-7-26-11-Social-Media-Security-Compliance-Workshop-for-Financial-Institutions-14-320.jpg)
ING Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
- 1. Social Media Best Practices Navigating the Social Networking Regulatory Requirements in the Investment Industry Presented by: David K.V. Chung Senior Compliance Officer – Sales and Marketing Practices Compliance Legal & Compliance Department ING Investment Management – Americas July 26, 2011
- 2. Introduction 1. Background 2. Regulations – Rules can be both complicated and vague 3. Best Practices – How to best operate within the rules 4. Teamwork – Working with your Legal and Compliance Department 5. Resources Important Note: Unless stated otherwise, the ideas expressed are solely the opinions of the presenter and do not necessarily represent the opinions of ING Investment Management or its affiliated firms. In addition, the information provided should not be construed as legal advice, please consult your legal counsel before making any policy decisions. 2
- 3. FINRA Regulatory Notice 10-06 • The Financial Industry Regulatory Authority (FINRA) provided it’s first high level industry guidance for social media activities for investment broker dealer firms. • It provided no specific rule changes, but offered clarification in a Q & A format. Summary Highlights • Record Keeping Responsibilities • Suitability Responsibilities • Types of Interactive Electronic Forums • Supervision of Social Media Sites • Third Party Posts Source: FINRA NTM 10-06 3
- 4. FINRA Classification of Social Networking Activities Is it a Public Appearance, Advertisement or Correspondence? Well, it depends… • Public Appearances are unscripted participation in an interactive forum such as a chat room or online seminar. • Advertisements are the static written content available for access online. This includes the static content on a blog, FaceBook profile, Twitter profile and LinkedIn profile. Profile includes any background or wall information posted. • Correspondence would be email communications that are sent one-on- one through the email system of social media sites. • The different classifications affect whether or not it requires Registered Principal pre-approval, post-monitoring or possible marketing filings with FINRA. Source: FINRA NTM 10-06 4
- 5. Investment Suitability Issues • What constitutes as a stock “recommendation”? • Firms are responsible for their social media messages and are not exempt from suitability requirements and are liable for non-compliance. • Facts and circumstances of the communication determines whether or not a recommendation was made. • Rule 2310 – Did the author have reasonable grounds to make such a recommendation based on the reader’s financial situation and needs? • What investment-related advice can be provided online? • Access to a library of equity research reports. • Online tools to indentify an investors risk tolerance. • Online tools to assist investors with general retirement planning tools and calculators. • Stock screeners based on parameters established by the user. • Opted-in online communications that notifies the user of a pre-scheduled event. Source: FINRA NTM 01-23 5
- 6. Recordkeeping Requirements • What records are required to be kept in social media activities? • Static Postings • Discussion threads • Third Party Postings • For FINRA member broker dealers: • 3 years with the last 2 years in an easily accessible place. [FINRA Rule 2210 (b)(2)(A) and 3110] • For SEC registered investment advisors: • 5 years with the last 2 years in an easily accessible place. [SEC Rule 17a-3 and 17a-4 of the ‘34 Act] • Regulators do not endorse any particular record keeping technology or vendor, nor acknowledges that there are adequate technology that exists. 6
- 7. Risks of Non-Compliance Regulatory • Fines can be assessed on investment firms that do not comply with the rules. • Cost of running a business goes up. Reputational • Regulatory fines damages the reputation of a firm. • Creates challenges in maintaining existing business relationships. • Reducing the acquisition of new clients. Sending Mixed Messages to Clients and Prospects • “Right hand doesn’t know what the left hand is doing” • Inconsistent messages being posted. • Incorrect messages being posted. 7
- 8. Best Practices - Supervision and Monitoring • Firms must establish policies that are reasonably designed to ensure their social media activities do not violate general rules outlined in Regulatory Notice 07-59. General Requirements 1. Written Policy and Procedures that are disseminated throughout the firm. 2. Identify what types of communications require review. 3. Identify which person(s) are responsible for supervision. This should include business employees because certain functions may be performed by non-compliance employees. 4. Outline the method of review. 5. Frequency of the review. 6. Documentation that reviews were carried out. • Conduct compliance training. • Identify how complaints are handled. • Identify which employees have access to social media sites via the firm’s network. • Continually evaluate social media activities for compliance. Source: FINRA NTM 07-59 8
- 9. Best Practices - General SM Content Guidelines Dos • Discuss macro economic concepts. • Discuss various sectors or industries. • Discuss retirement concepts. • Educate the public on financial markets and products. • Post company non-product or services related announcements. • Post messages that have a broad appeal. (i.e., charity events or good will activities) • Post generic responses to third-party postings. Don’ts • Don’t mention a name of a stock. • Don’t provide investment advice. • Don’t promote your products and services. • Don’t make provocative or promissory statements regarding the direction of the markets or prices of commodities. • No re-tweets on Twitter. • No unauthorized employee postings. 9
- 10. Best Practices – Corporate Policy The policy must address employee social media usage during working hours and at home a) At Work Policy • What are the company’s polices regarding SM usage through the firm’s own computer network? • What SM applications are authorized for use and by what type of employees? • What features of each SM application are accessible and which ones are disabled? • What are the approval processes for gaining access to SM applications? • What are the content approval process with legal or compliance areas? b) At Home Policy • What are the general standards of conduct for posting personal information? • How much employee-employer information can be divulged? • Do you require compliance officers to be “connected” to your employees’ SM applications? c) Incorporate into Existing Policies • Code of Conduct, Privacy and Handling of Confidential information • Media Relations policy • Establishing a working group or committee regarding firm wide social media policy 10
- 11. Best Practices – Training Training Must Be Firm Wide • Policies and procedures when initiating SM projects. • General policies regarding access to SM applications at work. • General policies regarding access to SM applications at home. • Specialized training for those employees that have access to SM applications at work. • Outline remedial actions for employees that violate SM policies. • Address various risks to the firm for non-compliance. • Escalation process for complaints or issues related to SM. • Designated legal or compliance contacts for dealing with SM activites. 11
- 12. Other Regulatory and Business Considerations Devoting new resources and creating processes to address SM usage Privacy Concerns • Need to keep customer information private. SM applications increases security threats • Spam • Malware • Viruses • Data loss • Cyber crime • Drains I.T. support networks and resources. • I.T. security for company-issued smartphones. 12
- 13. Working with your Legal & Compliance Department Don’t assume your legal or compliance colleagues… 1. …“get it” or immediately think it’s a great idea. 2. …understands social media concepts or even likes it. 3. …understands your social media business plans. 4. …are fully versed in social media regulations. They are still learning… Do: 1. Educate them on social networking sites. Start with the bare basics! 2. Provide them with a comfort level with the technology. 3. Provide them with articles and research related to social media compliance. 4. Inform them what your competitors are doing in this space. 5. Invite the I.T. department to be part of the conversation. 6. Request to a pilot project to test the waters. 13
- 14. Compliance Resources 1. FINRA Regulatory Notice 10-06 Social Media Web Sites [http://www.finra.org/Industry/Regulation/Notices/2010/P120760] 2. FINRA Regulatory Notice 01-23 Online Suitability [http://www.finra.org/Industry/Regulation/Notices/2001/P003886] 3. FINRA Regulatory Notice 07-59 Supervision of Electronic Communications [http://www.finra.org/Industry/Regulation/Notices/2007/P037554] 4. FINRA Advertising Compliance Resource [http://www.finra.org/Industry/Issues/Advertising/] 14