Social media continues to be a priority of the Financial Industry Regulatory Authority, Inc. (“FINRA”), and we can expect more guidance soon, according to a top official.

The official, FINRA Chairman and CEO Richard G. Ketchum, recently noted that FINRA’s Social Networking Task Force continued to examine issues relating to the use of social media by member firms, but had yet to release new guidance on the topic.1 He said that FINRA intended to provide further guidance on social media issues this year. FINRA last issued guidance on this topic in Regulatory Notice 10-06.  

The Social Networking Task Force, which was organized by FINRA in 2009, is composed of FINRA staff and industry representatives. The task force discusses how firms and their registered representatives can use social media sites for legitimate business purposes in a manner consistent with investor protection. Regulatory Notice 10-06, which included input from the task force, provides significant guidance with respect to social media issues, but the landscape of social media is constantly changing, leaving many open questions.

Social media issues are currently hot topics, and many firms are finding it hard to wait for FINRA’s guidance. In May 2011, a leading retail brokerage firm announced its intention to allow its advisers certain access to social media sites, such as Twitter and LinkedIn, but no other major American wealth management firm has done so.2

In light of Mr. Ketchum’s announcement, and given the desire of broker-dealers to use social media, we believe it is a good time to review FINRA’s current position on social media matters, most of which is described in Regulatory Notice 10-06.

Background

FINRA, or its predecessor, the National Association of Securities Dealers Inc. (“NASD”), has long had rules regarding supervision, recordkeeping, and suitability in relation to member firm communications generally. One of FINRA’s early attempts to regulate electronic communications came in 1999 when FINRA took the position that the participation by a registered representative in an Internet chat room was subject to the same requirements as a presentation in person before a group of investors.3 This position was codified in 2003 when FINRA defined the term “public appearance” for purposes of NASD Rule 2210 to include participation in an interactive electronic forum.4 NASD Rule 2210 governs communications with the public by member firms. As Rule 2210 did not require that a registered principal approve in advance extemporaneous remarks of personnel that participate in public appearances, this meant that registered representatives could participate in Internet chat rooms without obtaining prior approval for their posts.

FINRA described various types of electronic communications in its guide to the Internet for Registered Representatives.5 Electronic communications include:

  • Websites. Publicly available websites, banner advertisements, and bulletin boards are considered advertisements. More importantly, “static” (non-interactive) content on social networking sites and blogs are also deemed advertisements.
  • Email and instant messages sent to 25 or fewer. An email or instant message is considered a correspondence if it is sent to (i) a single customer (either prospective or existing), or (ii) an unlimited number of existing retail customers and/or fewer than 25 prospective retail customers (firmwide) within a 30-day period.
  • Email and instant messages sent to more than 25. An email or instant message sent to 25 or more prospective retail customers is considered sales literature.
  • Password-protected websites. Password-protected websites are considered sales literature.
  • Electronic forums. Real-time interactive or non-static electronic forums including extemporaneous chat rooms, social networking sites, and blog comments are considered public appearances.6

Below we focus on the application of FINRA/NASD rules to content posted on social networking sites, blogs, and electronic forums.

Interactive Electronic Forums

Although a blog (or a bulletin board) may seem to be an interactive electronic forum, for FINRA, the treatment of a blog under its rules will depend on the manner and purpose for which the blog has been constructed. Blogs that consist of static postings are deemed advertisements under Rule 2210 and thus their contents require principal approval prior to posting. Most blogs today are used to engage in real-time interactive communications with third parties. As a result, these blogs may be deemed interactive electronic forums and regulated as public appearances.

Social networking sites also may be subject to different rules, depending on the nature of the communication. Common social networking sites combine static content and real-time interactive communications (biographical information, status updates, and wall uploads versus “comments” and “likes”). Static content is content that remains posted until it is changed by the firm or individual who established the account (i.e., the person or firm who has access to the profile). Generally, such content is accessible to all visitors of the site or page and is treated by FINRA as an advertisement. On the other hand, interactive content or non-static real-time communications have the characteristics of interactive electronic forums and do not need to be approved by a registered principal. Examples of non-static, real-time communications include interactive posts, such as “comments” or “likes” on Facebook or “replies” on Twitter, and these are treated as public appearances. They remain subject to the supervision rules.

Although Regulatory Notice 10-06 treats blogs and social networking sites differently, firms are well advised to pay attention to the substance of the communication, not the form. A contemporary blog that is based on real time interactive communications may still combine static content with interactive content. Firms should consider treating static content on an otherwise interactive blog as advertisements subject to prior approval by a principal.  

FINRA recently penalized a registered representative for, among other things, misrepresenting her career accomplishments and her employer firm on a profile posted on a third-party website without obtaining prior principal approval from her then current employer. FINRA cited NASD Rules 2110 and NASD Rule 2210. Further, the same representative was cited for violating NASD Rule 2210 for “tweeting” a recommendation on a particular security without prior principal approval. According to FINRA the content of the “tweets” were “unbalanced, overly positive and often predicted an imminent price increase.”7 FINRA did not object to the form of the communication; it objected to the content and the lack of prior approval.

Recordkeeping

Rules 17a-3 and 17a-4 under the Securities Exchange Act of 1934 and NASD Rule 31108 generally require that a broker-dealer retain electronic communications by its firm and associated persons that relate to the firm’s business as a broker-dealer.

Supervision

NASD Rule 3010 provides that each member firm must establish and maintain a system to supervise the activities of each registered representative, registered principal, and other associated person and that the system must be reasonably designed to achieve compliance with applicable securities laws and regulations and with applicable NASD Rules.9 Accordingly, interactive electronic communications must be monitored in a manner reasonably designed to ensure that such communications do not violate the content requirements of FINRA’s communication rules. Emails or instant messages sent by a registered representative from home through a personal account or from a personal mobile device are subject to FINRA rules.10

Firms may employ supervisory procedures whereby they employ risk-based principles to determine the extent to which the review of incoming, outgoing, and internal electronic communications is necessary for the proper supervision of their business. FINRA released Regulatory Notice 07-59 to provide guidance on the supervision of electronic communications and how member firms can manage risks associated with reviewing the increased volume of electronic communications.11

FINRA allows member firms to utilize technology monitoring firms to monitor traffic on social media websites. The method chosen by a member firm must be reasonably designed to ensure that any interactive communication does not violate FINRA or SEC Rules. FINRA references specific rules relating to the review by a supervisor of employees’ incoming, outgoing, and internal communications that are of a specific subject matter that requires review under FINRA rules and federal securities laws, including the following:

  • NASD Rule 2711(b)(3)(A) and NYSE Rule 472(b)(3), which require that a firm’s legal and compliance department must be copied on communications between non-research and research departments concerning the content of a research report.
  • NASD Rule 3070(c) and NYSE Rule 351(d), which require the identification and reporting of customer complaints.
  • NYSE Rule 401A, which requires that the receipt of each complaint be acknowledged by the firm to the customer within 15 business days.
  • NASD Rule 311(j) and NYSE Rule 410, which require the identification and prior written approval of every order error and other account designation changes.

FINRA advises that firms must adopt policies and procedures reasonably designed to ensure that their associated persons who participate in social media sites for business purposes are appropriately supervised, have the necessary training and background to engage in such activities, and do not present undue risks to investors. FINRA further provides that as a general policy, firms must prohibit any associated person from engaging in business communications on social media websites if such person is not subject to the firm’s supervision. FINRA has also advised that, in developing policies and procedures, a firm should consider special practices or prohibitions relating to any associated person who has shown a propensity to violate the firm’s compliance policies and procedures. Firms should monitor compliance with the firm’s policies and procedures relating to social media sites, consider policies that address associated persons’ use of social media sites if supervisory systems demonstrate compliance risks, and should take disciplinary action in connection with violations.

Suitability

Recommendations to customers regarding the purchase, sale, or exchange of any security are regulated under NASD Rule 2310, more commonly referred to as the suitability rule.12 Recommendations through a social media website (i.e., through a Facebook “post” or a Twitter “tweet”) are covered under this rule.

FINRA notes that whether a communication constitutes a recommendation under said rule depends on the facts and circumstances of the communication. FINRA advises that under Rule 2310, member firms should have reasonable grounds for believing that a recommendation is suitable for all customers to whom it is made and notes that firms can take advantage of the option on many social networking sites to selectively restrict certain content.

Firms must adopt policies and procedures reasonably designed to address communications that recommend specific investment products to ensure that they comply with applicable FINRA rules. FINRA advises that firms should consider prohibiting all interactive electronic communications that recommend a specific investment product, and any link to such a recommendation, unless the communication conforms to a preapproved template and the recommendation has been approved by a registered principal. Firms should also consider adopting specific policies and procedures governing communications that promote specific investment products, even if these communications might not constitute “recommendations” for purposes of the suitability rule.

Third-Party Posts

FINRA generally does not treat posts by customers or other third parties as the firm’s communication with the public. Thus, prior principal approval, and the content and filing requirements of Rule 2210, do not apply to third-party posts. However, FINRA advises that third-party posts may become attributable to the firm if the firm has:

  • Involved itself in the preparation of the content (the “entanglement” theory, i.e., the firm or its personnel is entangled with the preparation of the third-party post); or
  • Explicitly or implicitly endorsed or approved the content (the “adoption” theory, i.e., the firm or its personnel has adopted its content).

These theories were originally adopted by the SEC as a basis for a company’s liability for third-party information that is hyperlinked to its website. FINRA believes that it can allude to these rules when looking at third-party posts on social media sites established by a firm or its personnel. If third-party materials are attributed to a member firm based on the foregoing theories, the member firm may be subject to liability under FINRA rules and the federal securities laws. Thus, FINRA members should be very careful, and to the extent possible, avoid taking any role in the creation of third-party materials, or endorsing or approving third-party posts.

FINRA advises that a disclaimer notifying the viewer of third-party posts that the content does not reflect the views of the firm and has not been reviewed by the firm for completeness or accuracy, assuming the disclaimer is sufficiently prominent, would be part of FINRA’s facts and circumstances analysis when considering the entanglement or adoption of a third-party posting. This is consistent with SEC guidance with respect to hyperlinks on a company website.  

FINRA also advises that while a firm is not required to monitor third-party posts, it has observed through its discussions with the task force that many firms monitor third-party posts on firm websites. The purpose of such monitoring includes, but is not limited to:

  • Avoiding appearance of adoption of a third-party post;
  • Addressing copyright issues; and
  • Assisting in compliance with safe harbor for blocking and screening offensive material under the Communications Decency Act.

Other best practice suggestions by task force members include:

  • Establishing appropriate guidelines for customers and other third parties that are permitted to post on firm-sponsored websites;
  • Establishing processes for screening third-party content based on the expected usage and frequency of third-party posts; and
  • Disclosing firm policies regarding its responsibility for third-party posts.  

Compliance Risks

Although FINRA has provided some guidance with respect to the use of electronic interactive forums, member firms remain reluctant to use social media. This reluctance must in part be a result of both real and perceived obstacles faced by member firms in using social media. A good portion of the existing guidance concentrates on whether a communication requires prior approval, but all communications will remain subject to other FINRA rules regarding content, such as the suitability rules, and rules relating to recommendations. Member firms may believe that it is best to wait for additional guidance before they allow their advisers to use a communication medium that may be accessed so quickly. The quick and ready access of social media may easily result in the delivery of communications without due care or proper supervision. We have all sent an e-mail and regretted sending it moments later. When we do so, it is embarrassing or uncomfortable. When a member firm employee does so, it may lead to enterprise-wide liability or reputational issues. The anticipated additional guidance from the task force will be welcomed by member firms and should result in such firms finding ways to use social media effectively.

Conclusion

Within the wider securities industry, industry participants have adopted social media practices, and have considered the securities laws and regulations when doing so. A few years ago, Jonathan Schwartz, then the chief executive officer of Sun Microsystems (since acquired by Oracle), became an outspoken advocate of online communications, including, but not limited to, blogs, as a medium for public disclosure when compared to traditional disclosure methods. He was not alone. Use of social media by investor relations personnel is now widely accepted. If you open the investor relations section of the website of any large publicly traded company, there is a good chance that the page will have links for Facebook applications and a menu of various applications for sharing and “push” technology, such as RSS feeds. Many companies invite the public to follow them on Twitter and some have even sent tweets updating the public during the course of an earnings call or other corporate presentation.

The SEC has not overlooked the need to promote the use of social media through regulation for publicly traded companies. In 2008, the SEC adopted Rule 14a-17, which regulates the establishment, maintenance, and operation of electronic shareholders’ forums (blogs) by shareholders, issuers or third parties on their behalf. Many public companies host blogs on their websites.

However, social media guidance for investment advisers has not advanced at the same rate and investment firms have not yet started using social media, with few exceptions. Comparing communications by member firms to communications by public companies is not necessarily a straight comparison, as the regulation of communications by members firms is more complex and based on different concerns. Still, the securities industry as a whole faces the same regulators and employs many of the same lawyers and other service providers, meaning that additional guidance, once available, should make them ready to adopt more social media resources.