There has been a lot of buzz lately about the regulatory happenings in the financial sector. No, this isn’t about Dodd-Frank, this is about Social Media. In the last 45 days we’ve seen a lot. IIROC (Investment Industry Regulatory Organization of Canada) issued their guidance on social media, FINRA announced their examination priorities for 2011 and social media is squarely in their sights and then the SEC sent out a Sweeps letter regarding the use of social.
There has been a lot of speculation about what it all means for the industry. Before offering a point of view on that question let’s review what it said exactly:
- SEC: “All documents concerning any communications made by or received by [Adviser] on any social media site”
In other words, you need to be archiving your social media activity. You should look for an automated approach to capturing all the required content and recognize that unless the solution can capture 100% of the data created on these sites, it isn’t a solution.
- SEC: “All documents concerning [Adviser]’s policies and procedures related to the use of social media web sites by [Adviser]”
Just like email and IM, this form of electronic communication must be governed by a set of policies and procedures. Your policy should outline at a high level the corporate approach and guidelines to social media. Your procedures should define the who, the what, the where, the when and the how of the policy itself.
- SEC: “All documents concerning [Adviser]’s policies and procedures concerning a third party’s use of any social media website maintained by [Adviser]”
The question of 3rd party comments really hits on the topics of entanglement and suitability. A comment on a social media site alone does not equal an endorsement, but there are situations that you must consider and construct your policy and procedures with those in mind. For example, how will you treat the “liking” of a comment or the “favoriting” of a tweet? If it occurs on the wrong comment you could create an issue for yourself. If it occurs on a benign statement the regulators will not take issue.
- SEC: “All documents concerning [Adviser]’s policies and procedures related to the use of social media websites by [Adviser]’s personnel for personal, non-business related matters”
The topic of personal vs. professional is a complicated one. First, you are not allowed to have separate identities on social media sites, it is against the terms of service for LinkedIn and Facebook. Second, it is often the personal relationships that ultimately translate to business. There are multiple ways to account for this issue. Some are policy based and some are driven by technology. Check back for more on this topic as it really warrants an entire post.
- SEC: “All documents concerning [Adviser]’s personnel training and education related to the use of social media websites by [Adviser], whether for personal, non-business related, or business related matters”
One consistent thread from all of the regulators in on the topic of training. If you are going to open up access to social media you must train on the policies and procedures. Additionally, it is a tremendously valuable investment to help individuals understand how to apply these new platforms to accomplish key business goals. On that topic, LIMRA and Socialware have recently released a whole series of training to specifically address everything from the regulatory issues to the business best practices.
- SEC: “All documents concerning [Adviser]’s record retention policies and procedures concerning the involvement with or usage of, whether for personal, non-business related, or business-related matters, any social media website maintained by [Adviser]”
Not only is it critical to archive this electronic communication, it is also your responsibility to document what is required to be archived. This documentation should account for the individual Advisers as well as anyone that supports them in their social media efforts.
For those of you that haven’t seen the Sweeps letter, I hope this detail helps. In a follow-up post I will address the following:
- What does the Sweeps letter mean for the industry?
- What should I do now?
- What resources are available to help me get compliant, quickly?