A sound social media governance program means more than having a social media policy, or updating your document retention policy to include social media activity. It may also mean updating your Sarbanes-Oxley Act (“SOX”) compliance program to ensure that your company is complying with Section 409. Section 409 of SOX requires companies to disclose material changes in their financial conditions or operations, by updating information on your social media networking sites. Credit Suisse Securities was fined $4.5 million by FINRA last month, and one of the reasons for the fine was failing to update its website with relevant and accurate disclosures concerning the performance of some residential subprime mortgage securitizations (“RMBS”).  

In its May 26, 2011 press release, FINRA described its findings and the basis for its fine:  

FINRA found that in 2006, Credit Suisse misrepresented the historical delinquency rates for 21 subprime RMBS it underwrote and sold. Although Credit Suisse knew of these inaccuracies, it did not sufficiently investigate the delinquency errors, inform clients who invested in these securitizations of the specific reporting discrepancies or correct the information on the website where the information was displayed. Credit Suisse also failed to name or define the methodology used to calculate mortgage delinquencies in five other subprime securitizations. Additionally, Credit Suisse failed to establish an adequate system to supervise the maintenance and updating of relevant disclosure on its website (emphasis added).  

Credit Suisse is reported in the FINRA press release as not admitting or denying the charges but consenting to the entry of FINRA’s findings.

For public companies, the SEC could seek similar sanctions through Section 409 of SOX. Section 409 requires public companies to “disclose to the public on a rapid and current basis such additional information concerning material changes in the financial condition or operations of the [company], in plain English.” “Material changes” may include, for example, events that would require a company to issue a Form 8-K or Regulation FD disclosure.

Companies are not permitted to forego the traditional press release or other broad-based public disclosure concerning material changes. However, companies have been authorized to post financial statements on their websites and the Internet through social networking sites such as Twitter or Facebook fan pages. To the extent your company is already doing so, it is equally important to make sure these social networking sites reflect the most current information including changes in your public financial reporting.

It is not a stretch for regulators or plaintiffs’ attorneys to begin arguing that social media, in particular Twitter, is the most “rapid” means by which a company can publicize its material changes. As evidenced by the earthquake in Japan and its aftermath, the United States finding and killing Osama bin Laden (with a local resident live tweeting the storming of the compound), and the political upheaval in Egypt (described as the “Twitter revolution”), Twitter has become the source of breaking news for many people. If your company is using Twitter for business purposes, then you may want to include Twitter as another vehicle for posting the press release that you have issued in order to comply with SOX.

The lessons to be learned from the $4.5 million fine of Credit Suisse are:

  1. Have an audit done of your website and social media sites to make sure the information posted there is not arguably outdated, incorrect, or misleading.  
  2. Before acquiring a company, conduct a similar audit to identify any potential risks of your company being financially responsible for pre-acquisition violations of FINRA regulations or SOX on the target company’s respective websites or social media accounts.  
  3. Update your company compliance practices and safeguards to ensure that disclosures are being made to all disclosure venues including the less conventional ones such as Facebook and Twitter. This should ideally include coordination between legal, PR and finance.  
  4. Do not disclose financial information on Twitter or Facebook that is not available elsewhere.