FINRA Offers Guidance on Blogs and Social Networking Web Sites

With hundreds of social media Web sites, business and personal communication are rapidly changing to real-time. Social media is in front and center position now in organizations and discussions are taking place not only among the security team but within marketing, sales, human resources and even at executive levels.

Firms in the financial services sector in the US have asked the Financial Industry Regulatory Authority (FINRA), a private corporation that acts as a self-regulatory organization (SRO), the successor to the National Association of Securities Dealers (NASD), on how rules governing communications with the public apply to social media sites that are sponsored by a firm or its registered representatives. FINRA responded in January 2010 with a Regulatory Notice to provide guidance to firms on blogs and social networking web sites in financial services.

For financial services firms, social media brings Legal and Compliance (L&C) plus Corporate Communications into the discussion to refocus attention on information security and risk management concerning customer contact, recommendation of investment products, liability and reputational risks.

The Regulatory Notice 10-06 addresses adopting policies and procedures on how firms and their registered representatives could use social media sites for legitimate business purposes and in a manner that ensures investor protection. The notice describes the challenges for a firm’s compliance program; providing personnel with routine access to approved communications and templates; record keeping of communications, complaints and orders related to a broker-dealers business made through social media sites; suitability requirements of product recommendation (NASD Rule 2310) and how firms must monitor interactive electronic forums on static (LinkedIn) versus non-static sites (Facebook, Twitter). L&C need to be copied in on communications between non-research and research departments, personnel need to be restricted to establish accounts, disciplinary action must be enforced if policy is violated, disclaimers need to appear plus the “entanglement” and “adoption” theories with respect to third-party content posted on sites established by the firm or its personnel must be considered and dealt with in an appropriate manner.

Social media sites pose new requirements and costs for supervisory systems, technology investments and social competency across a matrix of departments. FINRA’s regulatory notice is important guidance for financial institutions and we might see other federal regulators produce similar responses going forward.