Home Sociology The socially savvy advisor
APPENDIX: Sample Social Media Policy
Here is a model social media policy prepared by Stuart Fross, partner at Foley & Lardner LLC. © Foley & Lardner, LLC 2014.
Use of Social Media
Policies and Procedures
1. Statement of Policy
The Advisor's use of social media is governed by this policy. Social Media is defined as Facebook, Twitter, YouTube, LinkedIn, as well as Internet blogs and other interactive forums.
Any use of social media by the Advisor:
■ Must be accurate and not fraudulent, deceptive, manipulative, or misleading,
■ Must not omit to state material information,
■ Must comply with all internal guidelines and applicable rules associated with advertising,
■ Must comply with this policy, and
■ Must be reviewed prior to use by the Chief Compliance Officer (CCO) or his/her designee.
The Advisor's use of social media shall be governed by and employees shall comply with the following compliance policies and procedures:
A. Advisor Accounts. The Advisor may establish its own social media accounts with the prior approval of the CCO. The approved social media sites are as set forth in Exhibit 1.
The Advisor will allow only the individuals specified in Exhibit 2 to post information on its behalf to social media.
B. Personal Sites Prohibited from Business Uses. No personal social media account or web page may be maintained by an individual employee for any business use. A business use will be inferred from any reference to the Advisor, to any fund or investment strategy, except that an employee may list the Advisor as the employee's place of employment and contact details on a personal site (such as LinkedIn).
This restriction does not apply to the maintenance of social media accounts or web pages for personal use outside the scope of employment that do not involve any business use.
C. Type of information that can be posted. Any information posted on a social media website must be general in nature and must be informational in nature.
D. Type of information that cannot be posted. The Advisor will not post recommendations for the purchase or sale of any investment: Posted content must not be targeted to a specific individual or group of individuals, and may not contain any recommendation or call to action. Posted content may not consist of investment advice.
E. Product-specific information. Information about a product offered by the Advisor may be posted only as static content. All static content must be reviewed and approved prior to use in accordance with the procedures set forth below.
F. Static content for the purposes of this social media policy is content which, once posted, cannot be altered, commented on within the page on which it is posted, or modified in any way by anyone other than the author. Specifically, this will include material posted on the physical portion of a social media website that does not allow for interactive, real-time communications, including comments or messaging. All static content is considered to be advertising and must be pre-approved by in accordance with the Advisor's advertising review policy.
G. Interactive social media. The Advisor may participate in the real-time interactive portion of social media websites if supported by
i. an approved access control mechanism,
ii. a comprehensive recordkeeping capability,
iii. a compliance review system,
iv. capacity for the CCO to control who can delete postings,
v. capacity for the CCO to delete postings, and
vi. capacity to include appropriate disclaimers.
Product-specific information may not be posted on the interactive portion of a social media website.
H. Third-Party Postings. If the Advisor maintains a social networking website that allows for real-time interactive communications, the CCO (and each person listed on Exhibit 2) must monitor third-party postings Impossible client complaints (daily/weekly).
a. Complaints. If the Advisor (or any personnel of the Advisor) detects a customer complaint through monitoring, the Advisor must follow its usual complaint procedures.
b. Red Flags. If the third-party content contains red flags that suggest that the third-party content is misleading, or if the posting appears offensive or inappropriate, the content shall be removed. Each person listed on Exhibit 2 shall monitor third-party postings at least weekly and shall alert the CCO to red flags. The CCO (or an officer of the Advisor working at the CCO's direction) shall monitor the site for complaints and red flags as noted above.
c. Adoption or Endorsement of Third-Party Postings Prohibited. The Advisor does not permit any activity by its employees that would amount to adopting third-party content or endorsing it. The following specific activities are prohibited by any employee:
i. assisting in the preparation of content for any third party;
ii. requesting a third party to post content;
iii. paying for the production or posting of content;
iv. endorsing the content through other posts (e.g., liking the content);
v. endorsing the content of a third party by including it in one of the employee's posts;
vi. forwarding or re-posting third-party content; and,
vii. incorporating third-party content into the Advisor's content.
2. Who is Responsible for Implementing this Policy?
The CCO is responsible for implementing and monitoring this policy and for reviewing and approving all materials to be utilized in social media to ensure the materials are consistent with the Advisor's internal guidelines and applicable regulatory requirements. The [insert name] (the “Department”) is responsible for maintaining, as part of the Advisor's books and records, copies of all social media materials including all backup documentation and a record of reviews and approvals in accordance with the Advisor's Record- keeping Policy.
3. Procedures to Implement this Policy
Social media materials and communications will generally be prepared by or under the supervision of the Department. The key elements of the procedures are summarized below:
■ All advertisements and promotional materials must be reviewed and approved by the CCO prior to use.
■ Each employee that is authorized to post information on a social media site on behalf of the Advisor is responsible for ensuring that the CCO has expressly approved any static social media material used in writing. Any modification to previously approved materials must be re-submitted to the CCO for re-approval.
■ The Department is responsible for maintaining copies of any social media materials, including backup documentation and any reviews and approvals, for at least six years following the last time any material is disseminated.
■ The CCO shall maintain, as Exhibit 2 to this policy, a list of those individuals that are permitted to post information to social media websites on behalf of the Advisor. This list shall be approved and dated by the CCO. This list shall also designate the individuals that are permitted to participate in any interactive portions of social media websites on behalf of the Advisor.
4. Pre-approval Process for Static Content Social
Prior to disseminating any social media materials the CCO or his/her designee should review them in accordance with the following guidelines. The CCO or his/her designee may consult with the Advisor's outside counsel to resolve any uncertainty or novel issues about the application of these requirements to new social media materials.
The CCO or his/her designee shall take the following steps:
■ Assure that a copy of the social media material is maintained, along with any supporting records. The Advisor should maintain the advertising records in a manner so that they are readily available to the regulatory inspection staff.
■ Review all materials for any false, misleading, or promissory statements or any omissions that make a statement misleading in the context in which made.
Review materials for accuracy and to eliminate any prohibited content, including recommendations.
Review materials relating to any product or service to determine if there is any required disclosure.
■ Review the accuracy of any calculation of any performance data that is proposed to be submitted to the static portion of a social media website and confirm that the format and content of the performance data complies with the Advisor's advertising policies, including the policy on past specific recommendations.
5. Employees Authorized to Post Interactive Content
■ Each employee that is authorized to post interactive content shall have previously submitted advertising material for review by the CCO.
■ The employee shall have complied with all advertising policies of the advisor.
■ The employee shall not have been (warned or) sanctioned under the Advisor's compliance policies or procedures, including the Code of Ethics.
■ The employee shall have met with the CCO and demonstrated familiarity with (i) this policy and (ii) the SEC's advertising rules.
■ The employee shall have submitted proposed posts for review by the CCO which posts have met with the CCO's approval. The employee shall pre-clear his/her blog posts with the CCO until the CCO grants permission to cease pre-clearance.
6. Monitoring Interactive Content
The CCO or his/her designee shall take the following steps:
■ The CCO will institute a program of ongoing monitoring of the Advisor's social media postings, including any third-party responses to the Advisor's postings, by reviewing interactive content on the sites listed on Exhibit I at least weekly.
■ The CCO will institute a program of periodic monitoring of employee social media sites for compliance with this policy.
■ The Advisor may utilize the services of a third-party to monitor its social media postings and any third-party responses thereto. If the Advisor utilizes the services of a third party for monitoring purposes, the Advisor shall obtain a periodic certification attesting that the firm has conducted ongoing monitoring of the Advisor's use of social media and any third- party content posted in response thereto, for compliance with this policy and any findings of non-compliance.
■ In response to any third-party postings (including Likes) in response to the Advisor's social media content, the CCO shall review the third- party postings to determine whether, in the opinion of the Advisor, such third-party postings might be considered a testimonial of the Advisor's social media content. If the Advisor determines that the third-party posting may contain testimonial material, the Advisor will remove the third-party posting and, if necessary, related Advisor content. The Advisor shall document all determinations taken in response to third- party postings.
■ The Advisor shall obtain periodic certifications from all employees attesting that they did not post any information that is related to the Advisor or the Advisor's business to any website or in any interactive media.
I have read the Advisor's Use of Social Media Policy and understand the foregoing. I agree to abide by the restrictions on the use of social media by employees the Advisor as set forth in this Policy and understand that a violation of this Policy by me may lead to disciplinary action, up to and including monetary penalties, and termination of employment.
List of Permitted Social Media Sites
List of Approved Persons
1. [insert name]Will monitor third-party content on [insert name of site] (Approved/Not Approved to Post Interactive Content)
Guide to the Internet for Registered Representatives
NASD has developed this page to make registered representatives (RRs) aware of the compliance requirements and potential liabilities when using the Internet and electronic communications.
This page addresses some general compliance requirements that apply to electronic communications, it also discusses specific considerations relating to the use of e-mail, group e-mail, and Web sites including chat rooms and instant messaging. We have based the information on published rules, interpretations and notices. Wherever possible, a link to the actual text of the rule or interpretation is provided,
An RR's compliance responsibilities when communicating via the Internet or other electronic media are the same as in face-to-face discussions or in written communications with the public. In addition, RRs must be aware of internal firm policies and procedures that may limit, prohibit, or restrict the use of electronic communications.
General Compliance Requirements
Electronic communications may fall under any one of the following categories of communications. They may be considered as correspondence, public appearances, advedisements, sales literature, reprints and institutional sales material. These methods of communication are covered under the NASD Conduct Rules and also explained on the Advedising Regulation Web page. In general:
• Publicly available Web sites are considered advertisements.
• E-mail to 25 or more prospective retail customers is considered sales literature.
• E-mail to either a single customer (prospective or existing) orto an unlimited number of existing retail customers and/or less than 25 prospective retail customers (firm-wide) within a 30 day period Is considered correspondence.
Communications with the public must:
• be based on principles of fair dealing and not omit material information, particularly risk disclosure:
• not make exaggerated, unwarranted, or misleading claims;
• give the investor a sound basis for making an investment decision; and
• not contain predictions or projections of investment results.
NASD would give close scrutiny to circumstances where an RR personally buys shares of a thinly traded stock and then publicly makes a buy recommendation, or promotes the stock in a chat room.
Suitability – RRs must have a reasonable basis for believing that each recommendation to a customer is suitable based on the information provided by the customer.
Conflicts of Interest – RRs must avoid any conflicts of interest in transactions with customers. Conduct Rule 2711. IM-2210-1 (6)(C) and Notices to Members 02-39 and 04-18 cover conflict of interest issues regarding research reports and stock recommendations.
Use of Current Information – RRs who communicate electronically must understand the importance of using current information. Outdated information runs a high risk of being inaccurate and misleading to investors.
Supervision – Conduct Rule 3010 requires member firms to supervise the activities of each RR. The supervisory responsibility of the member firm covers the use of e-mail, bulletin boards, chat rooms, and Web sites when it relates to the firm's business.
State Registration Requirements Apply – Each state has separate registration requirements for individuals doing business in that state. Use of e-mail, group e-mail, bulletin boards, chat rooms, and Web sites may be a solicitation of business. Generally, the solicitation of business in a state triggers the requirement for registration. RRs are advised to rely on their individual firms for guidance regarding state registration issues.
Use of E-Mail and Instant Messaging
Whether from the office or home, e-mail and instant messaging to the public falls under NASD jurisdiction. Frequently, RRs mistakenly believe lhat if they correspond with clients via e-mail or instant messaging from home the communication is not under the purview of their firm or regulators. The use of e-mail or instant messaging to communicate with individual clients may be considered correspondence or sales literature subject to NASD Conduct Rules.
Member firms are required to supervise and review business-related e-mail and instant messaging sent by RRs, whether from home or the office.
• NASD Conduct Rule 3010 – Supervision – This NASD Rule addresses the review of an RR's electronic messages by a member firm The Rule requires members to establish, maintain and enforce written procedures for advertisements, sales literature and correspondence, to ensure compliance with all applicable securities laws and rules. Therefore. RRs must know their firm's supervisory and review policies and comply with them, even if they are more restrictive than what is allowed under NASD rules. Many members restrict the use of e-mail communications with customers because of the difficulties of supervision and review. Some members prohibit the use of instant messaging altogether because of perceived difficulties in adequately supervising this activity. In fact, NASD Notice to Members 03-33 indicates that if a member is unable to establish an adequate supervisory program, the member must prohibit the use of instant messaging in customer communications. Members that permit instant messaging must use a platform that enables the member to monitor, archive, and retrieve message traffic. Failure to follow the firm's supervisory and review procedures and regulations in general may subject an RR to either internal and/or regulatory disciplinary action.
• Notice to Members 99-03 provides a full discussion of how Rule 3010 applies to electronic communications.
• NASD Conduct Rule 3110 – Books and Records – This NASD Rule requires that correspondence (both written and electronic) with public customers be maintained in compliance with applicable NASD rules and with SEC Rules 17a-3 and 17a-4, This means that an RR's e-mail or instant messaging to the public relating to the firm's business generated at the office or at home, is subject to these provisions. RRs should know and comply with their firm's policies in this area.
E-mail or Instant messaging to the public from the office or home falls under NASD jurisdiction.
Prior written approval is required for all group e-mail not considered correspondence as defined.
Group e-mail or instant messaging is an identical electronic mail message sent to multiple individuals. This type of electronic message is generally considered sales literature. Whether it is considered sales literature or correspondence mainly depends on whether it is going to existing or prospective customers and the number of customers involved. Under Conduct Rule 2210, group e-mail or instant messaging to 25 or more prospective retail customers would be considered sales literature. The Rule requires that sales literature receive prior written approval by a registered principal Depending upon the content, sales literature may also require filing with NASD's Advertising Regulation Department RRs are required to work within their firm's policies and procedures to avoid compliance problems and potential liability
Group e-mail or instant messaging categorized as sates literature must be approved prior to use by a registered principal of the member firm.
NASD Rule 2211 addresses the compliance requirements for institutional sales material, including electronic mail messages. The content compliance standards and supervisory obligations are generally the same for retail and institutional communications However, e-mail communications that meet the definition of "institutional sales material" do not need to be filed with NASD's Advertising Regulation Department.
• NASD Conduct Rule 221CHbl – Approval and Recordkeeping This NASD Rule requires that sales literature, both written and electronic, be maintained as part of the firm's records. Therefore, e-mails with the public relating to the firm's business are subject to these provisions. RRs must know what their firm's policies and procedures are in order to comply with these rules.
Electronic Chat Rooms
Chat room participation by RRs is considered a public appearance and subject to the same guidelines.
Therefore, RRs must follow Ihe same requirements for padicipating in a chat room that they would if they were speaking in person before a group Pf investors. There are no filing requirements, but RRs are accountable under NASD Conduct Rules and the federal securities laws for what they say regarding securities or services Also, member firms are responsible for supervising the business-related activities of RRs including chat room participation. Remember, these rules apply regardless of whether an RR is in the office or at home.
Because chat rooms contain live, unprepared communications, RRs are not required to get their comments approved in advance, unless their firm requires them to do so In addition, chat room communications are not subject to the filing requirements of NASD Conduct Rule 2210(c) However, the content standards under Rule 2210(d) and 1M-2210-1 do apply. RRs must check their firm's policy to see if they are allowed to participate in investment-related chat rooms and to seek permission from their firms to participate prior to doing so.
The fact that an individual is registered subjects him/her to a higher standard than members of the general public. Given the fast-paced environment of chat rooms, casual or off-handed statements have the potential of crossing the line between being a reasonable opinion and an exaggerated or unwarranted claim. Because of the difficulties of supervision and the potential liabilities from participating in chat rooms, many firms limitor prohibit participation altogether.
The content standards of Rule 2210(d) and related IM-2210-1 apply to public appearances, including chat room participation.
Web sites are advertisements and are subject to all requirements of NASD Conduct Rule 2210.
There are no separate rules or guidelines for use in preparing advertising material for the Internet. Web sites are subject to the same standards as other forms of advertisements. All Web sites used in connection with a securities business must be approved prior to use by a registered principal and must comply with Rule 2210.
Following are two examples of Web site usage by RRs:
1. Personal Web sites (not securities/investment related) may contain a short biography or profile describing the individual as being an RR, provided securities or investment activities are not the focus of the information on the site. Such sites are not considered advertisements under NASD rules.
2. An RR's personal profile on a member firm's Web site is subject to NASD rules. In this case, the RR would be responsible for having such pages approved internally by a registered principal. These pages may be individually designed, or use the firm's pre-approved templates. Some firms provide templates for RRs to use, while others allow for more customization of the information.
Points to remember:
Member firm name required – Web sites must clearly and prominently include the name of the member firm (or a legal fictional name) by which the firm is commonly recognized or name required by any state or jurisdiction) so that investors know the firm with which they are doing business
State registration may be required – Since Web sites can be viewed from anywhere, state registration/licensing requirements may apply Be sure to check with your firm to ensure compliance with such requirements.
Research reports require approval – Research reports require approval, in writing, by a registered principal before they are posted on a Web site. Conduct Rule 2711. IM-2210-1 (6)(C) and Notices to Members 02-39 and 04-18 cover the rule prohibitions and the conflict of interest disclosures that must be made by a research analyst or included in a research report.
Use current information – Outdated information runs a high risk of being inaccurate and may mislead investors.
Disclose risk factors – Both the content of the risk disclosure and its location are important. Risk disclosure should clearly and accurately describe the risks involved. Disclosures should be included in the appropriate locations within the Web site and in the related material. This is important because visitors may jump from one Web page to another, or come to the site from different entry points. Investors should see the disclosures regardless of their entry point into the site.
Day Trading Rules – NASD Rules 2360 and 2361 apply to member firms that promote day trading strategies. Firms are required to furnish a risk disclosure statement to a non-institutional customer prior to opening an account for the customer. In addition, the firm will either have to (1) approve the customer's account for a day trading strategy, or (2) obtain from the customer a written agreement that the customer does not intend to use the account for day-trading purposes. As part of the account approval process, the firm is required to make a threshold determination that day trading is appropriate for the customer. Notice to Members 00-62, provides more information on these day-trading rules.
Speed & Reliability Claims – Communications that referto the speed and reliability of a firm's electronic trading systems must not exaggerate the firm's capabilities. Notice to Members 99-11 provides guidance about disclosures that firms provide to customers to educate them about the effects of maritet volatility and volume.
Linking to other Web Sites
Linking to other sites raises concerns because these sites may contain misleading or incorrect information An RR's Web site should not have a link to a site that he/she knows or has reason to know contains false or misleading information about products or services, RRs should exercise the same care in choosing links as they would in referring customers to any outside source of information.
Linking to NASD Web Sites. A Web site may link to NASD Web sites provided:
• the link must be a text-only link clearly marked "NASD'';
• the appearance, position, and other aspects of the link may not be such as to damage or dilute the goodwill associated with NASD's name and trademarks;
• the appearance, position, and other aspects of the link may not create the false appearance that an entity is associated with or sponsored by NASD; •
• the link, when activated by a user, must display these sites full-screen and not within a "frame" on the linked Web site.
• Broker Guidance & Information
• Registered Representatives & Other Securities Industry Professionals
• Disciplinary Information
National Examination Risk Alert
By the Office of Compliance Inspections and Examinations
In this Alert:
Topic: Observations related to the use of social media by registered investment advisers.
Investment advisers that use or permit the use of social media by their representatives, solicitors and/or third parties should consider periodically evaluating the effectiveness of their compliance program as it relates to social media. Factors that might be considered include usage guidelines, content standards, sufficient monitoring, approval of content, training, etc. Particular attention should be paid to third party content (if permitted) and recordkeeping responsibilities.
Volume II, Issue 1 January 4, 2012
Investment Adviser Use of Social Media
Social media is landscape-shifting It converts the traditional two-party, adviser-to-client communication into an interactive, multi-party dialogue among advisers, clients, and prospects, within an open architecture accessible to third-party observers. It also converts a static medium, such as a website, where viewers passively receive content, into a medium where users actively create content.
The use of social media by the financial services industry is rapidly accelerating, In growing numbers, registered investment advisers (“RIAs” or “firms”) are using social media to communicate with existing and potential clients, promote services, educate investors and recruit new employees Pursuant to Advisers Act Rule 206(4)-7, firms using social media should adopt, and periodically review the effectiveness of, policies and procedures regarding social media in the face of rapidly changing technology.
Firms' use of social media must comply with various provisions of the federal securities laws, including, but not limited to, the antifraud provisions, compliance provisions, and recordkeeping provisions
RIAs' use of social media has been a matter of interest to the staff, which recently identified registered investment advisers of varying sizes and strategies that were using social media to evaluate whether their use complied with the federal securities laws Below are some observations from that review, as well as factors that the staff believes a firm that permits the use of social media may want to consider in complying with its obligations under the federal securities laws.
II. Staff Observations
A. Compliance Program Related to the Use of Social Media
Many firms have policies and procedures within their compliance programs that specifically apply to the use of social media by the firm and its lARs; however, the staff observed variation in the form and substance of the policies and procedures. The staff noted that many firms have multiple overlapping procedures that apply to advertisements, client communications or electronic communications generally, which may or may not specifically include social media use. Such lack of specificity may cause confusion as to what procedures or standards apply to social media use. Many procedures were also not specific as to which types of social networking activity are permitted or prohibited by the firm and many did not address the use of social media by solicitors.
When evaluating its controls and compliance program, a firm should first identify conflicts and other compliance factors currently creating risk exposure for the firm and its clients in light of the firm's particular operations, and then test whether its existing policies and procedures effectively address those risks.
Below is a non-exhaustive list of factors that an investment adviser may want to consider when evaluating the effectiveness of its compliance program with respect to firm, IAR or solicitor use of social media:
• Usage Guidelines. A firm may consider whether to create firm usage guidelines that provide guidance to IARs and solicitors on the appropriate and inappropriate use of social media. A firm may also consider addressing appropriate restrictions and prohibitions regarding the use of social media sites based on the firm's analysis of the risk to the firm and its clients. For example, a firm may choose to provide an exclusive list of approved social media networking sites for IARs' use or prohibit the use of specific functionalities on a site.
• Content Standards. A firm may consider the risks that content created by the firm or its IARs or solicitors implicates its fiduciary duty or other regulatory issues (e.g., such as content that contains investment recommendations, information on specific investment services or investment performance). A firm may also consider whether to articulate clear guidelines with respect to such content, and whether to prohibit specific content or impose other content restrictions.
• Monitoring. A firm may consider how to effectively monitor the firm's social media sites or firm use of third-party sites, taking into account that many third-party sites may not provide complete access to a supervisor or compliance personnel.
• Frequency of Monitoring A firm may consider the frequency with which it monitors IAR or solicitor activity on a social media site For example, using a risk- based approach, a firm may conclude that periodic, daily or real-time monitoring of the postings on a site is appropriate. This determination could depend on the volume and pace of communications posted on a site or the nature of, and the probability to mislead contained in, the subject matter discussed in particular conversation streams. The after-the fact review of violative content days after it was posted on a firm's social networking site, depending on the circumstances, may not be reasonable, particularly where social media content can be rapidly and broadly disseminated to investors and the markets.
• Approval of Content. A firm may want to consider the appropriateness of pre- approval requirements (as opposed to after-the-fact review, as discussed above).
• Firm Resources A firm may consider whether it has dedicated sufficient compliance resources to adequately monitor 1AR or solicitor activity on social media sites, including the ability to monitor the activity of numerous IARs or solicitors. A firm may also consider employing conversation monitoring or similar services from outside vendors, if, for example, the firm has many IARs or solicitors who use social media sites. A firm may consider using sampling, spot checking, or lexicon-based or other search methodologies, or a combination of methodologies, to monitor social media use and content.
• Training In establishing or reviewing any training requirements for its IARs, a firm may consider implementing training related to social media that seeks to promote compliance and to prevent potential violations of the federal securities laws and the firm's internal policies.
• Certification A firm may consider whether to require a certification by IARs and advisory solicitors confirming that those individuals understand and are complying with the firm's social media policies and procedures.
• Functionality. A firm may consider the functionality of each social media site approved for use, including the continuing obligation to address any upgrades or modifications to the functionality that affect the risk exposure for the firm or its clients. Such consideration is particularly significant given the rapidly evolving nature of this new media For example, a firm that chooses to host social media on a site that includes a functionality or engages in a practice that exposes a client-user's privacy, which practice or policy cannot be disabled or modified, may need to consider whether the firm's participation is appropriate.
• Personal/Professional Sites. A firm may consider whether to adopt policies and procedures to address an IAR or solicitor conducting firm business on personal (nonbusiness) or third-party social media sites For example, a firm may choose to specify what types of firm communications or content are permitted on a site that is not operated, supervised or sponsored by the firm. While a firm may determine that it is appropriate to permit business card information on a specific personal site or third- party site, it may choose to prohibit conducting firm business on that site.
• Information Security A firm may consider whether permitting its IARs to have access to social media sites poses any information security risks. Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction is an important risk faced by all firms. Although hacking and other breaches of information security can be posed in multiple ways, use of social media, especially third party social media sites, may pose elevated risks. Firms may consider adopting compliance policies and procedures to create appropriate firewalls between sensitive customer information, as well as the firm's own proprietary information, and any social media site to the extent that the firm permits access to such sites by its IARs
• Enterprise Wide Sites. An RIA that is part of a larger financial services or other corporate enterprise may consider whether to create usage guidelines reasonably designed to prevent the advertising practices of a firm-wide social media site from violations of the Advisers Act
B. Third-Party Content
Most linns allow third parlies to make postings on their social media sites, but the policies and procedures governing such third-party postings vary in what types of postings are permissible. Some firms allow third parties to post messages, forward links, and post articles on the firms' social media sites, while other firms have explicit policies limiting third-party use to “one way postings,” where the firms' IARs or solicitors post on the firms' social media sites but do not interact with third parties or respond to third-party postings. More conservatively, some firms limit third-party postings to authorized users and prohibit postings by the general public. Many firms post disclaimers directly on their site stating that they do not approve or endorse any third-party communications posted on their site in an attempt to avoid having a third-party posting attributed to the firm.
Firms that allow for third-party postings on their social media sites may consider having policies and procedures concerning third-party postings, including the posting of testimonials about the firm or its IARs as well as reasonable safeguards in place to avoid any violation of the federal securities laws.
• Testimonials. Whether a third-party statement is a testimonial depends upon all of the facts and circumstances relating to the statement. The term “testimonial'' is not defined in Rule 206(4)-1 (a)(l), but SEC staff consistently interprets that term to include a statement of a client's experience with, or endorsement of, an investment adviser. Therefore, the staff believes that, depending on the facts and circumstances, the use of “social plug-ins” such as the “like" button could be a testimonial under the Advisers Act. Third-party use of the “like” feature on an investment adviser's social media site could be deemed to be a testimonial if it is an explicit or implicit statement of a client's or clients' experience with an investment adviser or IAR. If, for example, the public is invited to “like” an LAR's biography posted on a social media site, that election could be viewed as a type of testimonial prohibited by rule 206(4)- l(a)(1).
C. Recordkeeping Responsibilities
The Advisers Act sets forth the recordkeeping obligations of registered investment advisers. The recordkeeping obligation does not differentiate between various media, including paper and electronic communications, such as e-mails, instant messages and other Internet communications that relate to the advisers' recommendations or advice RIAs that communicate through social media must retain records of those communications if they contain information that satisfies an investment adviser's recordkeeping obligations under the Advisers Act. In the staff s view the content of the communication is determinative A firm that intends to communicate, or permit its IARs to communicate, through social media sites may wish to determine that it can retain all required records related to social media communications and make them available for inspection.
Social media offers multiple ways to communicate with existing or potential clients from status updates, discussion boards, emails, texting, direct messaging or chat rooms. RIAs should consider reviewing their document retention policies to ensure that any required records generated by social media communications are retained in compliance with the federal securities laws, including in a manner that is easily accessible for a period not less than five years RIAs should consider whether their retention policies account for the volume of communication and unique communication channels available to each particular social media site Investment advisers may consider adopting compliance policies and procedures that address (if relevant) the following factors, among others, relating to the recordkeeping and production requirements of required records generated by social media communications:
• Determining, among other things, (1) whether each social media communication used is a required record, and, if so, (2) the applicable retention period, and (3) the accessibility of the records.
• Maintaining social media communications in electronic or paper format (e.g., screen print or pdf of social media page, if practicable),
• Conducting employee training programs to educate advisory personnel about recordkeeping provisions.
• Arranging and indexing social media communications that are required records and kept in an electronic format to promote easy location, access and retrieval of a particular record.
• Periodic test checking (using key word searches or otherwise) to ascertain whether employees are complying with the compliance policies and procedures (e.g., whether employees are improperly destroying required records).
• Using third parties to keep records consistent with the recordkeeping requirements
While many RIAs are eager to leverage social media to market and communicate with existing clients, and to promote general visibility, RIAs should ensure that they are in compliance with all of the regulatory requirements and be aware of the risks associated with using various forms of social media The staff hopes that sharing observations from its recent review of RIAs' use of social media as well as its suggestions regarding factors that firms may wish to consider is helpful to firms in strengthening their compliance and risk management programs. The staff also welcomes comments and suggestions about how the Commission's examination program can better fulfill its mission to promote compliance, prevent fraud, monitor risk, and inform SEC policy. If you suspect or observe activity that may violate the federal securities laws or otherwise operates to harm investors, please notify us at sec.gov/complaint/info_tipscomplaint.shtml.
|< Prev||CONTENTS||Next >|