© 2020 Arizent. All rights reserved.

Social media alert: How to remain compliant

The use of social media among advisors is accelerating, and FINRA and the SEC are paying attention.

In early 2019, the SEC released a risk alert regarding advisor use of instant messaging, email and social media. It reminds advisors of the obligations they are under to maintain records of their online business communications.

There’s a huge incentive for advisors to maintain a social media presence.

Social media helps firms and advisors distinguish their brand, provide quick customer service, gain competitive intelligence, and stay ahead of trends, according to research conducted by Smarsh, a financial archiving firm. In fact, the amount of advisors reporting a gain in business through social media reached 92% in 2018, up from 49% in 2013, according to Putnam Investments. In the same time period, personal and business use of social media by advisors increased 10 basis points from 73% to 83%.

However, FINRA and the SEC have published a number of regulatory notices and compliance guidelines that complicate the use of social media for business purposes.

“I’ve been flagged three times [for tweeting] by FINRA, and have had to pay a fine,” says Jon Ten Haagen, advisor at Ten Haagen Financial Group. “Over time you learn what they are looking for and avoid those words, or phrases or topics.”

Developing a social media strategy ahead of time will help firms and advisors meet these obligations while also reaping the benefits of social media exposure.

What follows are the requirements advisors must meet, and tips on how to do so.

Recordkeeping responsibilities:
For any message — from snail mail to a tweet — related to its business, a firm must create a duplicate and archive it. While it’s up to each individual firm to decide what constitutes a business communication, all firms must train their advisors on how to retain these documents.
Personal communication:
Not everything an advisor or firm shares is subject to the recordkeeping mandate. Personal information, or posts about business activities outside the realm of its products or services do not need to be archived. This includes vacation photos, or a notification about a company’s upcoming charity outing.
Third-party content:
What if someone posts a review on a business’ profile?

Generally, unsolicited comments made by customers, competitors or any third party outside the company are not considered business communications, and are therefore not subject to regulatory oversight. That is, unless a firm or advisor pays for, prepares, controls, or endorsed the content.
Firms may not link to any website that promotes or publishes false content. If linking to a site, firms must ensure the content complies with the communications rules that prohibit misleading information.
Endorsements and testimonials:
Although it only takes one click, liking or sharing a comment is equivalent to an endorsement, and is subject to regulatory compliance. These posts must be approved and archived.
Create and implement a policy:
A useful social media policy should determine what knowledge to broadcast, when to post, and who will oversee the firm’s social media activity. This policy should be flexible to account for changes to the online landscape, as well as the introduction of new communication platforms. Firms should also implement the most up-to-date regulatory guidance to ensure they remain in compliance.
Advisors need to know a firm’s official social media policy, and receive ongoing training on how to use these rapidly changing platforms. The compliance team should place emphasis on:

  • Personal versus business communication
  • What are the consequences for violating the written rules
  • Which social media posts need to be approved prior to posting
  • Which posts need reviewing after being posted
  • How to manage third-party social media accounts
Supervise and archive:
Perhaps the most significant role of the compliance team is to evaluate and approve each post. This includes tracking the lifecycle of each social media message, including the exact date and time it was created or deleted, and ensuring that a post meets regulatory standards.

If a message is flagged during a review, the compliance team should record the precise actions taken during this process.