The use of social media as a tool for business development and marketing is on the rise. Currently, more than 50 companies are using social media outlets like Twitter and StockTwits to “live tweet” their earnings announcements and to direct investors to additional information. Hundreds more companies use social media outlets to post links to earnings and other investment information. In July 2011, the Massachusetts Securities Division released a report on a survey it conducted of Massachusetts-registered investment advisers. According to the survey results, approximately 44 percent of those responding were using social media and another 10 percent planned to do so within the next year.

FINRA’s Response to Member Interest in Using Social Media for Business Development

In his speech at the October 2009 annual SIFMA meeting, FINRA Chairman and CEO Rick Ketchum announced that FINRA had formed a Social Networking Task Force to address the issue of social networking by fi rms and their representatives. Mr. Ketchum noted that “social networking sites such as Facebook or LinkedIn provide new ways to connect, inform and interact with customers [but] also raise new regulatory challenges,” but because of regulatory issues, most fi rms prohibit employees from doing so.

On January 9, 2010, FINRA issued Regulatory Notice 10-06 to provide fi rms and associated persons with guidance on the use of social media sites. Regulatory Notice 10-06 explained that:

  • Communications made to customers through social media sites must be retained in compliance with Rules 17a-3 and 17a-4 under the Securities Exchange Act of 1934 and NASD Rule 3110 (Books and Records);
  • Recommendations of specifi c investments made through social media sites trigger the suitability requirements of NASD Rule 2310 (Recommendations to Customers/Suitability);
  • Participation in a “blog” must be supervised and, under certain circumstances, may constitute advertisements under Rule 2210 (Communications with the Public);
  • Use of Facebook, Twitter, LinkedIn and other social media must be supervised and, to the extent the information posted is static, may fall within the scope of Rule 2210;
  • Firms must have written policies and procedures in place to supervise employees’ participation in social media in a manner reasonably designed to ensure that the communications do not violate applicable rules.

FINRA Clarifi es Questions Unanswered by Regulatory Notice 10-06

While Regulatory Notice 10-06 made clear that member fi rms are expected to have policies and procedures in place that cover the use of social media by the fi rm and its associated persons, many fi rms still had questions about recordkeeping, supervision, third-party posts, links and websites, and accessing social media sites from personal devices. In response to these questions, FINRA issued Regulatory Notice 11-39 on August 18, 2011. Regulatory Notice 11-39 offered these clarifi cations:

  1. Recordkeeping
    • Whether a fi rm is required to keep records of communications made through social media depends on the content and not the use of any particular device or technology to make the communication.
    • Whether an associated person’s posting of autobiographical information constitutes a business communication depends on the specifi c facts and circumstances of that communication. For example, sending a resume to a potential employer is probably not a business communication, but posting the products or services offered by the associated person’s fi rm probably is a business communication.
    • Firms and their associated persons may not sponsor social media sites or use communication devices that include technology that automatically erases or deletes the content.
    • Firms may be required to retain third-party posts to a fi rm’s or an associated person’s social media site if the posting relates to the fi rm’s business.
    • Recordkeeping requirements are the same for both static and interactive communications, though supervision requirements differ.
  2. Supervision
    • Interactive content can become static and, once static, be subject to NASD Rule 2210.
    • Firms must (i) adopt appropriate training and education concerning its social media policies and (ii) follow up on “red fl ags” indicating noncompliance with fi rm social media policies.
    • Material changes to static content posted by a fi rm or its associated persons on a social media site must receive prior approval by a principal before posting.
  3. Third-Party Posts, Third-Party Links and Websites
    • If a third party posts a business-related communication on an associated person’s social media site, the associated person should consider whether a responsive communication violates the fi rm’s social media policies before responding.
    • A fi rm may be responsible for content on third-party websites if the fi rm or any of its associated persons (i) co-brands with that third-party website; (ii) adopts or becomes entangled with the contents of the third-party website; or (iii) explicitly or implicitly endorses or approves of the third party’s posts.
    • A fi rm is not responsible for third-party site content if (i) the fi rm does not “adopt” or become “entangled” with the content of the third-party site, and (ii) the fi rm does not know or have reason to know that the site contains false or misleading information.
    • A fi rm policy of blocking or deleting certain third-party content does not, standing alone, establish that the fi rm has adopted the content of third-party posts left on its site.
    • Statistical data maintained on websites do not need to be pre-approved if fi rms establish templates for the presentation of statistical data and have procedures in place to ensure that data can be verifi ed for accuracy and promptly corrected if erroneous when posted or if it becomes inaccurate over time.
  4. Accessing Social Media Sites from Personal Devices
    • Associated persons may use personal communication devices and other equipment to access fi rm business applications and perform fi rm business activities only if the fi rm employs technology that enables the fi rm to retain records and supervise the activity.
    • Firms should try to provide a secure portal into the fi rm’s communication system, especially if confi dential customer information may be shared.
    • Firms are free to treat all communications made through personal communications devices as business communications.

Issues Not Addressed by FINRA Regulatory Notices 10-06 and 11-39

The guidance provided by Regulatory Notice 10-06 is limited to social media communications for business purposes and is directed toward FINRA’s goal of protecting investors from false and misleading claims and representations. However, Regulatory Notices 10-06 and 11-39 do not necessarily provide guidance for fi rms regarding the use of social media in the context of employee relations, intellectual property rights or competition. Serious issues can also arise for fi rms from the use of social media outside the context of investor protection. These can include an employee’s use of social media to harass other employees, disparage their employers or competitors, defame customers, violate copyrights or trademarks, misappropriate or disclose fi rm confi dential information and trade secrets, any of which could expose fi rms to considerable risk.

For these reasons, fi rms should have comprehensive written employment policies and supervisory procedures that address the use of social media in light of the following areas of potential risk:

  • Firm-generated content on a fi rm social media site;
  • Employee-generated content on a fi rm social media site (e.g., employee postings on a fi rm Facebook page or fi rm-approved blog);
  • Third-party use of a fi rm’s social media site;
  • Employee relations issues (e.g., social media use in employment recruiting, screening and hiring practices, social media use during working hours, inappropriate use of personal social media); and
  • Records retention (including compliance and electronic discovery obligations).

Each fi rm is different, and the form and substance of such policies may vary to fi t each fi rm’s specifi c needs.