LPL Financial Member FINRA/SIPC 1 Member FINRA/SIPC PRESENTER NAME DATE December 9, 2014.
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using Social Media
-
Upload
actiance-inc -
Category
Technology
-
view
1.469 -
download
2
description
Transcript of Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using Social Media
Interpreting FINRA Regulatory Notice 10-06 and 11-39Updated to include FINRA Rule 2210
| Privacy Controls for Facebook
ContentsExecutive Summary ..........................................................................3
Regulatory Notice 10-06 ...................................................................3
Definitions ......................................................................................4
Categories of Electronic Communications ...........................................4
Regulatory Notice 10-06 Provisions ..................................................5
Regulatory Notice 11-39 ...................................................................6
Regulatory Notice 11-39 Provisions ...................................................6
Key Social Media Sites ......................................................................8
Facebook ........................................................................................8
LinkedIn .........................................................................................8
Twitter ............................................................................................8
Mapping Features to 10-06 and 11-39 ..............................................9
Facebook .........................................................................................9
LinkedIn ........................................................................................11
Twitter ...........................................................................................12
FINRA Examiners’ Checklist ............................................................13
Policies ........................................................................................13
Procedures ....................................................................................13
Recordkeeping ...............................................................................14
About Actiance, Inc. .......................................................................16
| Privacy Controls for Facebook Using Social Media | 3
Executive Summary
The Financial Industry Regulatory Authority (FINRA) issued Regulatory
Notice 10-06 in January 2010 to provide guidance to broker-dealers
regarding the use of social media for advertising. As social media is
relatively new in the financial services industry, firms are trying to better
understand how they can use social media effectively. A task force
convened early in 2011 to revisit 10-06, resulting in the issuance of
Regulatory Notice 11-39 in August 2011 as a corollary to 10-06.
This handbook is intended as a primer on Regulatory Notices 10-06 and
11-39 and how each relates to social media sites like Facebook, LinkedIn,
and Twitter. Additionally, the handbook details how the key features of
these sites map to 10-06 and 11-39, what the appropriate course of
action should be, and what kinds of issues FINRA regulators are most
interested in when conducting their audits. This handbook has also been
updated to include FINRA Rule 2210, which went into effect February 4,
2013.
Regulatory Notice 10-06
FINRA Regulatory Notice 10-06 is the key piece of guidance on the
use of social media for advertising purposes. With the increasing
popularity and use of social networking sites like Facebook, LinkedIn,
and Twitter, the industry felt it was necessary to issue guidance specific
to social media. With the availability of such guidelines, broker-dealers
and registered representatives (RRs) now have more clarity into the
permissible uses of social media and the associated supervisory and
recordkeeping requirements.
| Privacy Controls for Facebook| Using Social Media4
Definitions
When FINRA issued Regulatory Notices 10-06 and 11-39, there were six
major categories of communications under NASD Rule 2210. Since then,
FINRA has replaced NASD Rules 2210 and 2211 and NYSE Rule 472
with FINRA Rule 2210, which governs communications with the public.
The new rule reduces the number of communications categories from six
to three, two of which pertain to social media:
Correspondence
Correspondence includes any written (including electronic) communication
that is distributed or made available to 25 or fewer retail investors within
any 30 calendar-day period.
Retail communication
Retail communication includes any written (including electronic)
communication that is distributed or made available to more than 25 retail
investors within any 30 calendar-day period. A “retail investor” includes
any person other than an institutional investor, regardless of whether
the person has an account with the firm. Communications that formerly
qualified as advertisements and sales literature generally now fall under
the definition of “retail communication.”
Categories of Electronic Communications
Static Content
Static content is generally accessible to all visitors and usually remains
posted until it is removed by the firm or individual who established the
account. Examples of static content include profile, background, or wall
information. A registered principal of the firm must approve all static
content, on a page before it is posted, or before the page is edited.
| Privacy Controls for Facebook Using Social Media | 5
Interactive Electronic Forum
Interactive content is considered non-static. These real-time
communications do not require approval by a registered principal prior to
use. In fact, FINRA Rule 2210, specifically exempts from pre-review any
retail communication that:
• is posted on an online interactive electronic forum;
• does not make any financial or investment recommendation or
otherwise promote a product or service of the firm.
However, firms still have record keeping requirements and must supervise
communications. Examples of interactive content include Facebook posts,
tweets, and LinkedIn status updates.
Regulatory Notice 10-06 Provisions
• Publicly available websites, banner advertisements, and bulletin
boards are considered advertisements. Static (non-interactive)
content on social media sites and blogs are also deemed to be
“advertisements.”1
• An email or instant message sent to 25 or more prospective retail
customers is considered “sales literature.”1
• An email or instant message is considered “correspondence” if it is
sent to (1) a single customer (prospective or existing); and (2) less
than 25 prospective retail customers within a 30-day period.
• Password-protected websites are considered “sales literature.”1
• Real-time interactive or non-static electronic forums, including
extemporaneous chat room, social networking, and blog comments are
considered “public appearances.”1
1 Now defined as “Retail Communications,” per FINRA Rule 2210. This rule replaces NASD Rule 2210 and 2211 and NYSE Rule 472.
| Privacy Controls for Facebook| Using Social Media6
Regulatory Notice 11-39
In this notice, FINRA provides further guidance for firms on applying
rules governing communications with the public when using social
media. In short, firms are reminded that existing rules for recordkeeping,
suitability, supervision and content requirements all apply to social media.
Additionally, FINRA clarified the following points:
• The content of the communication is determinative, not the
communication channel.
• A firm is subject to the “adoption” and “entanglement” theories
regarding third-party posts.
• Business communications over personal devices must be retained,
retrievable, and supervised.
Regulatory Notice 11-39 Provisions
Recordkeeping
Under Securities Exchange Act (SEA) Rule 17a-4, firms must retain
retrievable records of business-related communications made through
social media, regardless of the type of device or technology, or whether
they were made by firm-issued or personal devices. In order to retain all
business-related communications, firms may not use communications
devices that automatically delete information. FINRA also states that firms
must develop policies and train associated persons on the differences
between business and non-business communications. As further
clarification to 10-06, both static and interactive content are subject to
recordkeeping rules.
| Privacy Controls for Facebook Using Social Media | 7
Supervision
Under NASD Rule 3010, firms must supervise registered persons. To this
end, a registered principal must review a social media site in the form
that it will be launched. Reiterating 10-06, unscripted participation in an
electronic form is considered a “public appearance”1 and, therefore, does
not require prior approval by a registered principal of the firm. However, it
must be supervised to ensure that communications do not violate FINRA
or SEC rules, including the content requirements of FINRA Rule 22101.
However, should interactive content become static, it is considered an
“advertisement”1 and, as such, requires pre-approval by a registered
principal of the firm.
Third Party Posts, Links, and Sites
An associated person may respond to communications on a social media
site as long as the response does not violate a firm’s policies. Firms may
not establish third-party links to any site that is known to have false or
misleading content. A firm is responsible under NASD Rule 22101 for the
content on a third-party site if the firm has either become “entangled” in
the development of the content or “adopted” the content through implicit
or explicit endorsement.
Data Feeds
Firms are responsible for third-party data feeds and must review them for
accuracy and correct any erroneous data.
| Privacy Controls for Facebook| Using Social Media8
Key Social Media Sites
Facebook is the largest social network in the world with over one
billion members. It enables members to create profiles, upload
photos, join groups, and set up “fan” pages to better interact with
customers, prospects, and fans. It aims to make the world “more open
and connected.”
LinkedIn is a social networking site focused on business professionals.
It numbers over 200 million members with representation in over 200
countries. Members use the site to exchange information, ideas, and
opportunities. They build up a network of “connections” by joining groups
and inviting others to join their network.
Twitter is a social media site that offers a microblogging service (140
characters or less). It’s been nicknamed the “SMS of the Internet” and is
essentially a real-time information network that connects you to the latest
information on topics of interest to you. You can choose to “follow” or be
followed by others. Additionally, your messages can be private, and you
retain control over who follows you.
| Privacy Controls for Facebook Using Social Media | 9
Mapping Features to 10-06 and 11-39
Feature FINRA Definition
FINRA Category Recommendation
Relevant Controls
Basic information Retail
Communication Static Pre-review
Archive, Post-
review, Block/
allow
Profile picture Retail
Communication Static Pre-review
Archive, Post-
review, Block/
allow
Update status
(Wall & News
Feed)
Retail
Communication Interactive Supervise
Archive,
Post-review,
Pre-review*
Upload photo
(Wall & News
Feed)
Retail
Communication Interactive Supervise
Archive, Post-
review
Attach link (Wall
& News Feed)
Retail
Communication Interactive Supervise
Archive, Post-
review
Upload video
(Wall & News
Feed)
Retail
Communication Static Pre-review
Archive, Post-
review, Block/
Allow
Write a comment Retail
Communication Interactive Supervise
Archive,
Post-review,
Pre-review*
Chat Correspondence Interactive Supervise Archive, Post-
review
Compose
message Correspondence Interactive Supervise
Archive, Post-
review
Post new topic to
group
Retail
Communication Interactive Supervise
Archive, Post-
review
| Privacy Controls for Facebook| Using Social Media10
Feature FINRA Definition
FINRA Category Recommendation
Relevant Controls
Create group
Retail
Communication Interactive Supervise
Archive, Post-
review
Chat with group Retail
Communication Interactive Supervise
Archive, Post-
review
Post reply to
group topic
Retail
Communication Interactive Supervise
Archive, Post-
review
Join a group Retail
Communication Interactive Supervise
Archive, Post-
review
Like (may be
considered an
endorsement)
Retail
Communication
Static or
Interactive Block or Supervise
Archive, Post-
review, Block/
allow
| Privacy Controls for Facebook Using Social Media | 11
Mapping Features to 10-06 and 11-39
Feature FINRA Definition
FINRA Category Recommendation
Relevant Controls
Basic information Retail
Communication Static Pre-review
Archive, Post-
review, Block/
allow
Profile picture Retail
Communication Static Pre-review
Archive, Post-
review, Block/
allow
Profile update
(Video, Shared
documents, etc.)
Retail
Communication Static Pre-review
Archive, Post-
review, Block/
Allow
Share status
update
Retail
Communication Interactive Supervise
Archive,
Post-review,
Pre-review*
Comment to
status update
Retail
Communication Interactive Supervise
Archive, Post-
review
Compose
message Correspondence Interactive Supervise
Archive, Post-
review
Recommendations Retail
Communication Static Block
Archive, Post-
review, Block/
allow
Join group Retail
Communication Interactive Supervise N/A
Create a group Retail
Communication Interactive Supervise N/A
Start a discussion Retail
Communication Interactive Supervise
Archive, Post-
review
Like a group
discussion
comment
Retail
Communication
Static or
Interactive Block or Supervise
Archive, Post-
review, Block/
allow
Post a comment
to group
discussion
Retail
Communication Interactive Supervise
Archive, Post-
review
| Privacy Controls for Facebook| Using Social Media12
Mapping Features to 10-06 and 11-39
Feature FINRA Definition
FINRA Category Recommendation
Relevant Controls
Basic information Retail
Communication Static Pre-review
Archive, Post-
review
Profile picture Retail
Communication Static Pre-review
Archive, Post-
review
Tweet Retail
Communication Interactive Supervise
Archive,
Post-review,
Pre-review*
Retweet (may be
considered an
endorsement)
Retail
Communication
Static or
Interactive Block or Supervise
Archive, Post-
review, Block/
allow
Reply Retail
Communication Interactive Supervise
Archive, Post-
review
Favorite Retail
Communication
Static or
Interactive Block or Supervise
Archive, Post-
review, Block/
allow
Follow N/A Interactive Supervise N/A
Send a direct
message Correspondence Interactive Supervise
Archive, Post-
review
Create a list Retail
Communication
Static or
Interactive Block or Supervise
Archive, Post-
review, Block/
allow
| Privacy Controls for Facebook Using Social Media | 13
FINRA Examiners’ Checklist
Policies
FINRA examiners typically are interested in the types of written supervisory
procedures financial services firms have adopted to address social media.
Of particular interest to regulators are the following policies:
• General use of social media within the firm
• Any communications posted to social media sites
• Any prospective communications posted to social media sites
• Any ongoing monitoring or review processes related to communications
posted to social media sites
• Third-party communications posted to a social media site
• Approval processes for prospective communications posted by
third parties
• Any ongoing monitoring or review processes for communications
posted by third parties
• Use of social media for non-business purposes
• Training and education of personnel on social media usage, whether
for personal or business purposes
• Disciplinary action for social media use
• Record retention of social media, whether for personal or business
purposes
• Process for handling customer complaints
Procedures
Regulators are also interested in learning about the procedures firms
have in place to ensure that the latter remain in compliance with FINRA
guidelines. Generally speaking, procedures usually mirror the policies
themselves, i.e., firms will develop procedures to be consistent with the
policies they’ve established (see preceding section). Thus, regulators
are interested in viewing documentation pertaining to procedures for
the following:
| Privacy Controls for Facebook| Using Social Media14
• General use of social media within the firm
• Any communications posted to social media sites
• Any prospective communications posted to social media sites
• Any ongoing monitoring or review processes related to communications
posted to social media sites
• Third-party communications posted to a social media site
• Approval processes for prospective communications posted by
third parties
• Any ongoing monitoring or review processes for communications
posted by third parties
• Use of social media for non-business purposes
• Training and education of personnel on social media usage, whether
for personal or business purposes
• Disciplinary action for social media use
• Record retention of social media, whether for personal or business
purposes
• Process for handling customer complaints
Recordkeeping
Regulators constantly remind members that they must adhere to
recordkeeping rules, if they choose to communicate through social
networking sites.
“Each member shall make and preserve books, accounts, records,
memoranda, and correspondence in conformity with all applicable laws,
rules, regulations and statements of policy promulgated thereunder and
with the Rules of this Association and as prescribed by SEA Rule 17a-3.
The record keeping format, medium, and retention period shall comply
with Rule 17a-4 under the Securities Exchange Act of 1934.”
| Privacy Controls for Facebook Using Social Media | 15
Compliance considerations
• Social networking sites, such as Facebook, offer no native archiving
functionality, making it difficult to comply with Regulatory
Notice 07-59 that spells out the requirements for review “by a
supervisor of employees’ incoming, outgoing and internal electronic
communications.”
• Native archiving functionality offered by unified communications
and other real-time communications tools is rarely able to provide
a granular breakdown of conversations by persons (including
buddynames), key phrases, and timeframes, which are essential for
compliance and eDiscovery requirements.
• This is further complicated by the various modalities used in
conversations – from IM to BlackBerry.
Compliance recommendations
Enterprises should deploy a central archiving system that enables
easy review of posted messages and detailed analysis of electronic
conversations, including file downloads both internally and externally,
complete with an audit trail of the auditor reviewing the information. In
addition, the information should include who joined a conversation, when
they joined, when they left, any disclaimers shown (e.g., at the beginning
of an IM conversation), call detail records, etc.
About Actiance, Inc.
Actiance® is a global leader in communication, collaboration, and social
media governance for the enterprise. Its governance platform is used
by millions of professionals across dozens of industries. With the power
of communication, collaboration, and social media at their fingertips,
Actiance helps professionals everywhere to engage with customers and
colleagues so they can unleash social business.
The Actiance platform gives organizations the ability to ensure compliance
for all their communications channels. It provides real-time content
monitoring, centralized policy management, contextual capture of content
and smart archiving which improves the efficiency and cost-effectiveness
of eDiscovery and helps protect users from malware and accidental or
malicious leakage of information. Actiance supports all leading social
media, unified communications, collaboration, and IM platforms, including
Facebook (FB), LinkedIn (LNKD), Twitter, Google (GOOG), Yahoo! (YHOO),
Skype, IBM, (IBM), Jive (JIVE), Microsoft (MSFT), Cisco (CSCO), and
Salesforce.com (CRM).
©2013 Actiance, Inc. All rights reserved. Actiance, the Actiance logo, Socialite, and the Socialite logo are registered trademarks of Actiance, Inc. Vantage is a trademark of Actiance, Inc. All other trademarks are the property of their respective owners.
More information
actiance.com
Follow us
facebook.com/Actiance
linkedin.com/company/actiance-inc
twitter.com/actiance
youtube.com/actiance
slideshare.com/actiance