Social media platforms have created a powerful and popular direct method of connecting with customers for sales, marketing and support purposes. At the same time, businesses have been forced to collect and make available social media content for eDiscovery and regulatory compliance.
Over the last seven years, the financial services industry has increasingly adopted social media platforms. However, the Financial Industry Regulatory Authority (FINRA), the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) all have rules and retention requirements about communicating with the public, including via social media. In January 2010, FINRA issued Regulatory Notice 10-06, requiring that, “every firm that intends to communicate, or permits its associated persons to communicate, through social media sites must first ensure that it can retain records of those communications.” A year later, FINRA followed up with Regulatory Notice 11-39 to offer guidance in applying the rules.
Additionally, SEC Rule 17a-4(b) requires broker-dealers to preserve certain records for at least three years, including originals and copies of all communications sent by the member, broker or dealer. These rules include inter-office memoranda and communications when they relate to business as such. FINRA, the SEC and the CFTC have all stated that “electronic communications” are not limited to email, but now include social media content as well.
These communication records retention requirements allow regulatory agencies to conduct effective examinations of broker-dealers’ business practices. These requirements are also discoverable under specific agency rules as part of arbitration procedures when broker-dealer clients believe they have been wronged and wish to seek redress.
With new social media platforms popping up at an accelerating pace over the last several years, it can be hard to keep up. Social media and related platforms now encompass instant messaging, blogs, team collaboration tools, Voice over Internet Protocol (VoIP) applications like Skype and enterprise social platforms such as Jive and Yammer. And of course, it includes applications most people identify as social media, such as LinkedIn, Facebook, Twitter, Instagram and YouTube.
Public social platforms are especially difficult for the financial services industry to monitor and control because employees can access and use these platforms as individuals. In other words, companies don’t have an effective way to proactively manage what content their employees post and share. Instead, they and other organizations can monitor the employee’s social media activity after the fact and bring disciplinary action if company, industry or regulatory rules are broken, including fines, loss of employment and forfeiture of professional licenses.
Newer technologies can automate the monitoring and capture of financial services industry employee social media activity and alert organizations of prohibited actions such as releasing confidential information or intellectual property. Financial services companies can be fined or even shut down, however, if employee actions on social media are blatant. As part of your IG program, ensure employees know to steer clear of any business-related social media activity without direct corporate approval.