Creating a Compliant Texting Policy: A Guide for Financial Services Firms

GUIDE #CompliantTextingPolicy

| 2Compliant Texting Guide

03 The Current State of Texting

04 Texting Regulation Principles

05 A Process for Policy Development

06 Policy Guide ContentPART 1: CORPORATE STRATEGY, RULES AND TECHNOLOGY CONSIDERATIONS

PART 2: RULES OF ADVISOR ENGAGEMENT

PART 3: SPECIAL CONSIDERATIONS FOR REGULATED INDUSTRIES

13 Summary Of Related Rules & Regulations

14 Compliant Text Solution: Hearsay Relate™

| 3Compliant Texting Guide

THE CURRENT STATE OF TEXTING

Our goal is to provide you with a process to

follow for policy development, as well as

comprehensive guidance on the topics that need

to be considered and how to incorporate them

into your policy.

At this point, you’ve seen the literature about how your advisors are already

texting with clients. Financial services firms committed to attracting today’s top

talent and empowering advisors for success know that texting is a critical tool.

However, text messaging for business communications presents similar

consumer protection issues, with associated regulations and laws, that email and

social media for marketing do.

The FCC, FTC and FINRA are all involved in regulating text messaging for

financial services firms, and the penalties for not complying with their rules can

be steep. Not only do you have to worry about regulatory fines from FINRA and

the SEC, but text messaging is also hotly litigated. A number of financial

services firms have been required to pay multi-million dollar class action

settlements as a result of TCPA litigation (lawsuits that include texting). This

guide will assist in building a comprehensive framework for your texting policy

to help you avoid such a fate.

| 4Compliant Texting Guide

TEXTING REGULATION PRINCIPLES

All industries must comply with consumer protection laws interpreted by the

Federal Communications Commission (FCC) for texting that protect consumers

from spam. If you addressed CAN-SPAM for email, you may have some

experience with similar laws.

Text messaging is slightly different because mobile technology is newer and

constantly evolving. It’s important to understand the perspective of the FCC

when they think about consumer protection laws in the face of this changing

landscape, because any changes to laws and regulations will be influenced by

these principles.

Principle #1A mobile phone is inherently personal and businesses should respect the

intimacy of the channel. Unlike an email, which you access through a web

browser, you receive texts on a device that sits in your pocket (your phone).

Therefore, the FCC wants to make sure that businesses are thoughtful about

how they use it.

Principle #2Text messaging is not necessarily free for consumers. Not all consumers have

unlimited text messaging policies; some will experience a real, per-text cost

when they interact with your business. Therefore, the FCC wants to ensure that

consumers don’t bear an undue financial burden because businesses are eager

to engage with them. The FCC has been consistent about maintaining these

principles when interpreting the laws and regulatory actions with regard to

texting over the past 20 years. So even though the regulations today will not be

the same as the regulations in five years, writing your policy to these principles

will ensure that it endures any changes that occur.

Mobile phones are

inherently personal;

businesses should respect

the intimacy of this

channel.

| 5Compliant Texting Guide

POLICY DEVELOPMENT PROCESS

Policy development can

be a daunting task. Start

with this big picture

framework that outlines

the steps you need to

take, from the beginning

all the way to successful

advisor roll-out and

maintenance.

STEP 1Establish a texting task force. Bring together stakeholders from compliance, sales/distribution and marketing leaders from corporate, and most definitely get an advisor or two to join the team.

STEP 2Determine your company’s texting strategy. For example, is your firm trying to increase client interaction, or have more organized communication in the field?

STEP 3

Draft a comprehensive advisor texting policy. Use simple language and clear examples to prevent and address compliance risks when advisors text their clients. Be sure to include a consumer facing policy on how your texting program works that advisors are required to share at regular intervals.

STEP 4

Get executive and “advisor influencer” buy-in. Get executive and “advisor influencer” buy-in. Be sure executives sign-off on your final draft and commit to evangelizing the policy. Find advisors who will adopt the policy and share success stories.

STEP 5

Widely distribute your policy. Deliver your policy through as many communication channels as possible: email, advisor portal, training sessions, onboarding handbooks and orientation sessions, etc.

STEP 6Share success. Share advisor success stories, particularly if you’ve adopted a compliant text messaging solution.

STEP 7

Continually update the policy guide. Texting etiquette and guidance from lawmakers change rapidly. Your policy should be a living document subject to constant modification, with a minimum of a once-a-year update.

| 6Compliant Texting Guide

POLICY GUIDE CONTENT

Part I: Corporate Strategy, Rules

and Technology Considerations

CONVEY SUPPORT FOR TEXTING USEA half-hearted approach to texting use will not generate the results you seek.

When you set up your policy, communicate how much you value the business

opportunities afforded by texting and the role your employees can play. Write

your policy in layman’s terms so advisors understand it.

BEGIN THE TEXTING POLICY WITH COMPANY VALUESA texting policy is an opportunity to reinforce company values and branding. By

starting your policy with company values, you will remind advisors of your brand

promise and the appropriate tone and language to use in text messages.

COMMUNICATE TRUST AND GOALSFormally acknowledge that the company is entrusting advisors with its

professional reputation, trade secrets and other confidential information. Give

examples of proprietary information that should not be shared by text.

UNDERSTAND THE LEVEL OF CONSENT REQUIRED TO

CONTACT INDIVIDUALSConsumer consent is required for all business text messaging conversations.

However, the type of consent varies, depending on the type of communication.

There are two main types:

Advertising:

Solicitations or invitations to

purchase a product, good or

service, e.g., “Come by the

office and sign up for a life

insurance policy.”

Non-advertising:

All other messages, e.g.,

“Want to meet for coffee?”

THE TYPES OF CONSENT FOR EACH

OF THESE ARE:

Is this an ad?

No Yes

(Any material advertising the

commercial availability or quality of any

property, goods, or services)

Prior express express content

Prior written express content

WrittenSignature

Oral Permission

Implied Permission

Written/Digital

Content

MESSAGE

| 7Compliant Texting Guide

TEXTING METHOD: SHORT CODES AND LONG CODESShort codes are short numbers that have a simple call and response

functionality. They can only interpret very simple commands (e.g., voting on

American Idol by sending a message to a short code number records a vote). A

long code, in the United States and Canada (and most of the Caribbean), is a

unique 10-digit number. How it’s used or what it can do is entirely configurable

(receive voice calls, text, use it as an ID to enable apps, etc.).

Your firm must decide what type of technologies best support your preferred use

case. Clearly, every texting policy will allow long codes, which can work as well

for advertising as non-advertising. But what about short codes? They’re often

used in consumer campaigns for ease-of-use/memory.

Do you want your advisors to have texting campaigns? If you do, don’t forget

FINRA Rule 2210, where you must pre-approve (supervision capabilities

required) electronic communications that are sent to 25 or more retail investors.

This won’t be an issue for long codes, because conversations are dynamic. But

when you run a campaign, it’s something you need to think about.

RECORD OF CONSENTConsent must be recorded. Even if consent can be obtained orally or can be

implied by circumstance, ensure you have a corresponding record that

demonstrates such consent was properly obtained. Include the need to obtain

and record consent in your texting policy guide.

SET RULES ABOUT ACCESSING TEXTING CAPABILITIESTo ensure compliance, create a single texting and archiving methodology. If

advisors want to use text to engage with customers and prospects, they will be

forced to adopt your one texting option. This allows you to keep appropriate

records and consumer opt-in data.

But what about ‘mixed-use’

texts? Here’s an example:

“Our company is offering a special

for first time investors. Why don’t

you come down to the office?”

Each sentence, by itself, is not an

invitation to buy anything; it tells

you factual information (first

sentence) or a request that doesn’t

relate to services (second

sentence). But, put together, you

must ask yourself, “Would an

average consumer, under these

circumstances, reasonably believe

that the purpose to come to the

office is to buy something?” It’s

likely the answer is yes and

therefore falls into the category of

advertising message.

| 8Compliant Texting Guide

BYOD, COPE or CYODWhat device will you allow agents and advisors to use to text? If they’re

employees of your firm, you’ll have more control over this issue than if they’re

independent advisors. In your policy guide, be clear on which of the following is

permissible:

Bring Your Own Device (BYOD)

A BYOD policy allows advisors to use their personally owned phones

for business, including access to privileged company information and

applications. It’s the most flexible and appears to be on its way to

becoming the most popular approach, even among enterprises.

However, security remains a concern. If you’re considering BYOD, it’s

important to educate and control conduct through a very detailed

policy about how advisors can use their phone—or with the right

enterprise-class texting solution.

Corporate Owned, Personally Enabled (COPE)

COPE is an alternative to BYOD that provides some flexibility but

maintains the security and archiving compliance that regulated

businesses need. Firms provide a sanctioned (and paid for) device to an

employee, who can also use the device for personal tasks. Employees

get many of the benefits of BYOD, and IT maintains governance over

the device and its data by limiting and managing the allowable

hardware, services and apps.

Choose Your Own Device (CYOD)

CYOD is a hybrid of BYOD and COPE. Firms that offer this approach

provide a predetermined selection of devices that advisors and other

employees can choose from, for their business use. IT departments can

configure the device with necessary apps to protect sensitive data, and

offering a limited selection of devices saves IT time while still providing

privacy and options for advisors.

| 9Compliant Texting Guide

MOBILE DEVICE MANAGEMENT (MDM)MDM, also known as Enterprise Mobile Management (EMM), is

command-and-control security software used to monitor and manage any

mobile devices that access critical business data. It can be used for BYOD,

CYOD or COPE deployment models and across multiple carriers and operating

systems. Depending on how you configure your MDM, you can prevent advisors

from using certain functionality, or from using certain mechanisms. MDM is very

attractive when it comes to policy enforcement, but it is another piece of

complex and highly customizable enterprise technology that must be managed.

Creating a customized MDM with intricate rules necessarily complicates the

capabilities of your texting platform. That said, you can also configure your

MDM to certain industry standards, which helps reduce internal management

cost.

MMS OR SMSSMS stands for short message service and MMS is multimedia service. SMS is

simply single text messages passed back and forth to telecom networks. MMS

includes both media (pictures, videos, emojis, etc.), and additional texting

functionality. For instance, if you send a group text via SMS to three individuals,

the SMS protocol delivers the message as a one-to-one communication three

times (each person in the group receives the same message from the sender,

but can’t see anyone else in the group). MMS, on the other hand, can send a

group message like a “chat room” – everyone in the group can see the phone

number of other members, and all conversations will be threaded (they follow in

a single string like email).

DELEGATIONIt’s reasonable to expect that every text message number is associated with a

single person. However, the ability to share the same number between multiple

people is enormously handy. Imagine how much more time advisors could

spend face-to-face with clients if their assistants could send texts on their behalf:

reminders, birthday greetings, work to scheduling meetings. There are texting

tools, like Hearsay Relate, that can make this happen through a web interface.

Include any policies or rules around what type of tasks can be delegated.

| 10Compliant Texting Guide

Part II: Rules of Advisor Engagement

HELP ADVISORS MAKE A CLEAR DISTINCTION BETWEEN

PERSONAL AND BUSINESS COMMUNICATIONSRegulations in the financial services industry require supervision, capture and

archival of all activity and content related to soliciting business in any capacity or

engaging with customers or prospects for business-related reasons. FINRA uses

the standards of “business as such” and “communications with the public” to

determine whether financial firms’ supervision and archiving responsibilities

kick in.

REQUIRE INTEGRITY AND HONESTY IN MARKETING AND

ADVERTISINGImpress upon your advisors that texting communication is a reflection of the

company and must be accurate. If you conduct business in a regulated industry,

pay special attention to compliance requirements. Posts should not be created

with the intention of manipulating consumers into buying, prospecting or

soliciting a service or product. Insist that posts and recommendations disclose

any relevant relationship between recommenders and endorsers and the

company. Financial incentives, especially, should be disclosed according to FTC

Endorsement Guides.

PROHIBIT HARASSING AND LIBELOUS STATEMENTSAdvisors who make disparaging, defamatory or harassing statements can subject

themselves and/or the company to liability. Include digestible definitions of

defamation, libel and harassment in your policy and trainings.

PROVIDE RULES AND EXAMPLES FOR TEXT RESPONSESAdvisors are an extension of the company’s brand. Explain why employees should

not respond with an unpleasant or retaliatory text if they receive a negative text

about them, the business or brand. Besides potential legal consequences, studies

have shown that defensive behavior reflects negatively on the brand no matter

the wording used.

COMMUNICATE STATE AND FEDERAL CONSUMER

PROTECTION LAWSDepending on the model you support for things like short code or long code,

communicate the associated state and federal consumer protection laws in

your policy.

| 11Compliant Texting Guide

COMMUNICATE THE IMPORTANCE OF PROTECTING

SENSITIVE DATA AND MATERIAL INFORMATIONPersonally identifiable data should never be texted. Consult and publish

industry-specific laws on data security such as state privacy regulations,

international Privacy Regulations, HIPAA, Gramm-Leach-Bliley or SEC Regulation

S-P. If your company is publicly traded, also beware the power of texting to

divulge material information about a company’s value. Consult your legal team

about the implications of Regulation FD (Reg FD) and Sarbanes-Oxley, as well as

texting material of non-public information. Securities laws violations could be

triggered through texting if an advisor shares material information with clients

prior to its public dissemination (e.g., an advisor sends a text to a customer to

invest in XYZ Corporation, as they are about to release good results).

STRESS THE IMPORTANCE OF RESPECTING

INTELLECTUAL PROPERTYCopyrights, trademarks, trade secrets and other intellectual property best

practices should be upheld in all texting forums. Encourage employees to cite,

attribute and link to their sources to give credit where credit is due.

Stress the permanence of texting content. Remind your advisors that texting

can be used as evidence in legal proceedings. Texts last in perpetuity. Evidence

from texting has been used in murder trials, settlement discussions, binding

policies, medical malpractice suits, sexual harassment claims and other

legal cases.

DESCRIBE CONSEQUENCES FOR ABUSE OF THE

POLICY ITSELFDecide what consequences there are for violating the policy. Will you have a

warning system? In what situations will you terminate the advisor relationship?

Make sure to avoid overly broad violations like ‘harm to the company’ or

provisions.

| 12Compliant Texting Guide

Part III: Special Considerations for

Regulated Industries

ADVERTISING REGULATED PRODUCTS OR SERVICESMany regulated industries, such as life insurance and securities, have strict rules

prohibiting potentially misleading advertising language. For example, many

states’ insurance laws provide keywords that cannot be used in life insurance

advertisements (e.g,. ‘guaranteed,’ ‘free,’ ‘limited time only’). Determine what

words apply for your company and call them out in your policy guide.

SUITABILITY OF INVESTMENT RECOMMENDATIONS

AND PRODUCTSAny recommendation to buy or sell a security must be specific to each

prospective investor to whom it is made. Consider that investment products,

services or valuations are difficult to discuss in a compliant manner via texting.

Think about adding a chart to suggest the appropriate channels of

communication for different types of conversations.

REGULATION S-PIn addition to Regulation FD, financial institutions should also consult the SEC’s

Regulation S-P, privacy rules under section 504 of the Gramm Leach-Bliley Act.

This regulation concerns the disclosure of non-public personal information about

customers. Non-public information includes any list, description or other

grouping of consumers (and publicly available information pertaining to them)

that is derived without using any personally identifiable financial information that

is not publicly available.

FINRA AND OTHER REGULATORY NOTICESFINRA and other regulatory bodies have outlined guidelines that require

compliance and supervision for communication channels. Specifically, FINRA

Rule 3110 requires financial services firms to have a system to supervise the

activities of each registered representative, registered principal or other

associated person. It also states that the system must be reasonably designed to

achieve compliance with applicable securities laws and regulations and with

applicable FINRA rules. Additionally, FINRA Rule 3110 requires a broker-dealer

toretain e-communications made by the firm and associated persons who relate

to the firm’s business as such. What does that all mean? To be FINRA 3110

compliant, you need a text messaging solution with the ability to archive and a

supervisory dashboard (like Hearsay Relate). This is your foundation for fine-free

advisor texting.

| 13Compliant Texting Guide

CATEGORY RULES AND REGULATIONS

ARCHIVE & RECORDKEEPING

FINRA Rule 3110, FINRA Rule 2210, FINRA Rule 2111, Advisers Act Rule 204-2 & 206(4)-7, SEC Rule 17a-3, SEC Rule 17a-4, FINRA Regulatory Notices 10-06 and 11-39.

SUPERVISIONFINRA Rule 3110, FINRA Rule 2210, FINRA Rule 2111, FINRA Regulatory Notice 07-59, Anti-Spam Laws, Consumer Protection Laws

CONTENT CONTROLSFINRA Regulatory Notice 07-59, Gramm-Leach-Bliley Act (GLBA), SEC Reg. S-P, Consumer Protection Laws, Anti-Spam Laws

ATTESTATION Consumer Protection Laws, Privacy Laws

GOVERNANCERESPONSE RATE CONTROLS

FREQUENCY CONTROLS

FINRA Rule 2210, Consumer Protection Laws Consumer Protection Laws , FINRA Rule 2210, Anti-Spam Laws

BUSINESS PHONE NUMBERS Employee protection and Privacy Law, Common Law

SUMMARY OF RELATED RULES & REGULATIONS

hearsaysystems.com

BENEFITS• Risk mitigation with enterprise-class

security, controls and compliance.

• Support all deployment models – BYOD, CYOD and COPE – by providing a separate work number.

• Stop dropping calls; carrier-grade cellular voice delivering high-quality calls.

• Easy integration with your CRM and other core enterprise systems, like archiving.

• Quick implementation, deployment and onboarding for rapid time to value.

• More than text & voice – a mobile productivity center for advisors.

• Improved client and advisor experience with automation, delegation & smart workflows.

COMPLIANT TEXTING & MOBILE CALLING, BUILT FORWEALTH MANAGEMENT

Hearsay Relate helps wealth management firms improve the client-advisor experience. It makes business communications simple and reliable while maintaining the enterprise-class security and controls FINRA, SEC, IIROC, FCA and MiFID II regulations require. Hearsay Relate is a compliant text and high-quality cellular voice solution. Your advisors can connect to their clients from their desktop or any mobile device. More than just text and mobile calls, Relate turns your advisors’ devices into mobile productivity centers. AI-based automation, team delegation and workflows help advisors service clients faster, drive more in-person meetings and save time converting prospects to clients. Relate scales as you grow and automatically captures advisor-client interactions and all related metadata – with no effort from your advisors – creating deeper insights across the organization.

OTHER PRODUCTS

ActionsSocial Sites

Wealth Management

hearsaysystems.com

To improve your lead follow-up process and conversion rate today, contact us at:

VISIT hearsaysystems.com

EMAIL contact@hearsaysystems.com

CALL +1 415-692-6230+1 888-990-3777

ABOUT HEARSAY SYSTEMS

Hearsay Systems is reinventing the client experience in Wealth

Management, Insurance and P&C with compliant digital communications and workflow solutions. Over 150,000 advisors and agents at the world’s largest financial services and insurance firms leverage Hearsay to engage with customers and build stronger relationships to grow their business.

With Hearsay Cloud for financial services, advisors and agents

provide real-time, personalized and seamless client experiences across the right channel - social, texting and mobile - at the right moment. Automated, pre-built industry workflows for insurance and wealth management provide one-click actionable suggestions for targeted engagement. Built for the enterprise, Hearsay Systems connects data and every client interaction to corporate CRM systems and digital marketing programs – all on a secure, compliant enterprise-ready platform.

Hearsay is headquartered in Silicon Valley with locations

throughout North America, Europe and Asia. Connect on Facebook, Twitter, LinkedIn and the Hearsay blog.

© Hearsay Systems, Inc. All rights reserved.

ADVISOR PRODUCTIVITY

• Respond immediately to client outreach with automatically generated smart messages

• Schedule meetings directly from a text with calendar integration

• Delegate service-related text messages to team members; scale communications across your entire book of business

• Bulk schedule and personalize common text messages, like RMD reminders

ENTERPRISE INTEGRATION-READY

• Easily integrate with your CRM and other core enterprise systems

• Seamlessly archive with your existing vendor

SECURITY, COMPLIANCE & SUPERVISION

• Drastically reduce compliance review time and resources with contextual supervision

• Ensure all messages are encrypted in transit and at rest

• Seamlessly integrate text conversations into existing enterprise archiving systems

• Set controls, supervision and record-keeping to address regulatory requirements from FINRA, SEC, IIROC, FCA and MiFID II

• Prevent bad texts from going out in the first place with Forbidden Keyword Lexicon Blocking

• Review lexicon and activity-based alerts through a Universal Supervision Dashboard

ENTERPRISE MOBILITY STRATEGY

• Support your BYOD, CYOD and COPE model

• Integrate leading MDM/EMM platforms

ARCHIVE INTEGRATIONS

“Touch points between advisors and clients are perhaps the most important pillar of the client experience yet often overlooked… To succeed, Marketing, Sales, and IT need to become best friends.”

KRISTIN LEMKAU CHIEF MARKETING OFFICERJP MORGAN CHASE

EMM INTEGRATIONS