Wednesday, October 3, 2012 - 00:01 - Jason Wallace
Federal and state privacy legislation aiming to protect against employer access to private social media websites may put Broker-Dealers and Investment Advisers in a bind -- unable to fully supervise certain social-media and electronic communications used by their representatives.
Financial services firms have been carefully embracing social media over the last few years. Firms have shaped policies and procedures with a balance between the needs and wants of their representatives while still making it possible to supervise and ensure compliance with regulatory regulations and guidance.
Some adopted and proposed state legislation on social media conflicts with that delicate balance, even preventing firms from fulfilling current regulatory obligations. The legislation may require a firm to modify its policies and procedures in areas including: types of sites allowed, frequency and content of attestations or certifications of adherence to the firm policies, surveillance techniques and the amount of staff or time allotted to social-media supervision.
The Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC) have published recent notices that include defining the types of social media postings, general supervision guidelines and specific electronic record-keeping requirements. The SEC and FINRA have laid out general regulatory guidance but left most of the specifics to the firms and their compliance departments.
Under federal and FINRA guidance, a firm that allows any type of business-related social media is required to supervise the business communications, offer training for those individuals and fulfill certain record-keeping requirements. The regulators have been in concert with their message, if a firm believes that they cannot effectively capture social media communications, they shouldn’t allow it.
At the state level, Maryland, Illinois and California have already passed social-media legislation. Other states including Delaware, Massachusetts, Minnesota and New York are considering similar social media privacy bills. For example, in Maryland, employers are prohibited from requesting or requiring information such as the username or password to access an employee’s or applicant’s personal social media accounts, such as on Facebook and Twitter. The legislation does have a slight carve-out, permitting an investigation for ensuring compliance with applicable securities requirements, although the firm must first have information indicating a potential wrongdoing.
Some firms use online monitoring systems that require a representative’s social media credentials, so firm's can retain the business communications and supervise. Few if any firms are believed to allow representatives to use personal social media outlets for business said Paul Cox, CEO of Business Compliance Partners, a San Diego-based compliance consulting firm. For those who do, the practice will be eliminated as a result of the many state laws.
Exceptions to the MD law allowing access to personal accounts based on indications of wrongdoing nonetheless sharply restricts routine monitoring, contrary to the principles of continuous supervision required at broker-dealers or investment advisers. Firms will have to rely on a representative’s word or written attestation and public information from social media sites to ensure that someone is not using a personal site for business use, violating firm polices and ultimately misleading the investing public.
Possible consequences or changes
Social media use will grow at a rapid pace, but the state laws may make firms re-think their current social media programs and even limit them further in some cases. Possible consequences or changes to consider may include:
The wave of state legislation on this issue will most likely continue and federal legislation has been proposed. The brokerage and adviser community along with FINRA will continue to make their point heard - industry groups had proposed a broker exception for the California law. In other words, it’s time to consider the options to ensure compliance on all points.