The Financial Industry Regulatory Authority (FINRA) recently issued a regulatory notice providing additional guidance regarding use of social media by financial firms and their employees. FINRA’s initial guidance in January of 2010 prompted a number of questions from financial firms, and this regulatory notice responds to those questions and provides clarification of the initial guidance. The clarifications include the following guidance:
- Social Media Policy: Firms must develop and adopt policies and procedures for use of social media by its employees which must include training and education on the differences between non-business communications and business communications, which are subject to FINRA and SEC rules, and must be retained, retrievable, and supervised. Furthermore, firms must monitor for compliance and follow up on “red flags” that employees are in violation of the policy.
- Static Content on Social Media: Static posts on social media relating to a firm’s business are deemed to be “advertisements” and as such must be approved by a registered principal of the firm before it is posted, and are subject to FINRA recordkeeping requirements. Real-time interactive posts do not have to be approved in advance and are not subject to FINRA recordkeeping requirements. However, interactive content may become static content if copied or forwarded and posted in a static forum such as a blog or static area of a web page.
- Third Party Posts: The notice clarified that FINRA generally does not hold firms accountable for the social media posts by third parties on third party websites unless the firm has adopted or become entangled with the content on the site, for example, if the firm has co-branded any part of the site or explicitly or implicitly approved or endorsed the post or content.
TIP: Financial firms subject to FINRA governance should ensure that they have a policy in place to address use of social media by the firm and its employees for business communications and advertising, as well as procedures to monitor and enforce compliance with the policy.