actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_media

Interpreting FINRA Regulatory Notice 10-06 and 11-36Updated to include FINRA Rule 2210

| Privacy Controls for Facebook

ContentsExecutive Summary ..........................................................................3

Regulatory Notice 10-06 ...................................................................3

Definitions ......................................................................................4

Categories of Electronic Communications ...........................................4

Regulatory Notice 10-06 Provisions ..................................................5

Regulatory Notice 11-39 ...................................................................6

Regulatory Notice 11-39 Provisions ...................................................6

Key Social Media Sites ......................................................................8

Facebook ........................................................................................8

LinkedIn .........................................................................................8

Twitter ............................................................................................8

Mapping Features to 10-06 and 11-39 ..............................................9

Facebook .........................................................................................9

LinkedIn ........................................................................................11

Twitter ...........................................................................................12

FINRA Examiners’ Checklist ............................................................13

Policies ........................................................................................13

Procedures ....................................................................................13

Recordkeeping ...............................................................................14

About Actiance, Inc. .......................................................................16

| Privacy Controls for Facebook Using Social Media | 3

Executive Summary

The Financial Industry Regulatory Authority (FINRA) issued Regulatory

Notice 10-06 in January 2010 to provide guidance to broker-dealers

regarding the use of social media for advertising. As social media is

relatively new in the financial services industry, firms are trying to better

understand how they can use social media effectively. A task force

convened early in 2011 to revisit 10-06, resulting in the issuance of

Regulatory Notice 11-39 in August 2011 as a corollary to 10-06.

This handbook is intended as a primer on Regulatory Notices 10-06 and

11-39 and how each relates to social media sites like Facebook, LinkedIn,

and Twitter. Additionally, the handbook details how the key features of

these sites map to 10-06 and 11-39, what the appropriate course of

action should be, and what kinds of issues FINRA regulators are most

interested in when conducting their audits. This handbook has also been

updated to include FINRA Rule 2210, which went into effect February 4,

2013.

Regulatory Notice 10-06

FINRA Regulatory Notice 10-06 is the key piece of guidance on the

use of social media for advertising purposes. With the increasing

popularity and use of social networking sites like Facebook, LinkedIn,

and Twitter, the industry felt it was necessary to issue guidance specific

to social media. With the availability of such guidelines, broker-dealers

and registered representatives (RRs) now have more clarity into the

permissible uses of social media and the associated supervisory and

recordkeeping requirements.

| Privacy Controls for Facebook| Using Social Media4 | Privacy Controls for Facebook

Definitions

When FINRA issued Regulatory Notices 10-06 and 11-39, there were six

major categories of communications under NASD Rule 2210. Since then,

FINRA has replaced NASD Rules 2210 and 2211 and NYSE Rule 472

with FINRA Rule 2210, which governs communications with the public.

The new rule reduces the number of communications categories from six

to three, two of which pertain to social media:

Correspondence

Correspondence includes any written (including electronic) communication

that is distributed or made available to 25 or fewer retail investors within

any 30 calendar-day period.

Retail communication

Retail communication includes any written (including electronic)

communication that is distributed or made available to more than 25 retail

investors within any 30 calendar-day period. A “retail investor” includes

any person other than an institutional investor, regardless of whether

the person has an account with the firm. Communications that formerly

qualified as advertisements and sales literature generally now fall under

the definition of “retail communication.”

Categories of Electronic Communications

Static Content

Static content is generally accessible to all visitors and usually remains

posted until it is removed by the firm or individual who established the

account. Examples of static content include profile, background, or wall

information. A registered principal of the firm must approve all static

content, on a page before it is posted, or before the page is edited.

| Privacy Controls for Facebook| Privacy Controls for Facebook Using Social Media | 5

Interactive Electronic Forum

Interactive content is considered non-static. These real-time

communications do not require approval by a registered principal prior to

use. In fact, FINRA Rule 2210, specifically exempts from pre-review any

retail communication that:

• is posted on an online interactive electronic forum;

• does not make any financial or investment recommendation or

otherwise promote a product or service of the firm.

However, firms still have record keeping requirements and must supervise

communications. Examples of interactive content include Facebook posts,

tweets, and LinkedIn status updates.

Regulatory Notice 10-06 Provisions

• Publicly available websites, banner advertisements, and bulletin

boards are considered advertisements. Static (non-interactive)

content on social media sites and blogs are also deemed to be

“advertisements.”1

• An email or instant message sent to 25 or more prospective retail

customers is considered “sales literature.”1

• An email or instant message is considered “correspondence” if it is

sent to (1) a single customer (prospective or existing); and (2) less

than 25 prospective retail customers within a 30-day period.

• Password-protected websites are considered “sales literature.”1

• Real-time interactive or non-static electronic forums, including

extemporaneous chat room, social networking, and blog comments are

considered “public appearances.”1

1 Now defined as “Retail Communications,” per FINRA Rule 2210. This rule replaces NASD Rule 2210 and 2211 and NYSE Rule 472.


Regulatory Notice 11-39

In this notice, FINRA provides further guidance for firms on applying

rules governing communications with the public when using social

media. In short, firms are reminded that existing rules for recordkeeping,

suitability, supervision and content requirements all apply to social media.

Additionally, FINRA clarified the following points:

• The content of the communication is determinative, not the

communication channel.

• A firm is subject to the “adoption” and “entanglement” theories

regarding third-party posts.

• Business communications over personal devices must be retained,

retrievable, and supervised.

Regulatory Notice 11-39 Provisions

Recordkeeping

Under Securities Exchange Act (SEA) Rule 17a-4, firms must retain

retrievable records of business-related communications made through

social media, regardless of the type of device or technology, or whether

they were made by firm-issued or personal devices. In order to retain all

business-related communications, firms may not use communications

devices that automatically delete information. FINRA also states that firms

must develop policies and train associated persons on the differences

between business and non-business communications. As further

clarification to 10-06, both static and interactive content are subject to

recordkeeping rules.


Supervision

Under NASD Rule 3010, firms must supervise registered persons. To this

end, a registered principal must review a social media site in the form

that it will be launched. Reiterating 10-06, unscripted participation in an

electronic form is considered a “public appearance”1 and, therefore, does

not require prior approval by a registered principal of the firm. However, it

must be supervised to ensure that communications do not violate FINRA

or SEC rules, including the content requirements of FINRA Rule 22101.

However, should interactive content become static, it is considered an

“advertisement”1 and, as such, requires pre-approval by a registered

principal of the firm.

Third Party Posts, Links, and Sites

An associated person may respond to communications on a social media

site as long as the response does not violate a firm’s policies. Firms may

not establish third-party links to any site that is known to have false or

misleading content. A firm is responsible under NASD Rule 22101 for the

content on a third-party site if the firm has either become “entangled” in

the development of the content or “adopted” the content through implicit

or explicit endorsement.

Data Feeds

Firms are responsible for third-party data feeds and must review them for

accuracy and correct any erroneous data.


Key Social Media Sites

Facebook

Facebook is the largest social network in the world with over one

billion members. It enables members to create profiles, upload

photos, join groups, and set up “fan” pages to better interact with

customers, prospects, and fans. It aims to make the world “more open

and connected.”

LinkedIn

LinkedIn is a social networking site focused on business professionals.

It numbers over 200 million members with representation in over 200

countries. Members use the site to exchange information, ideas, and

opportunities. They build up a network of “connections” by joining groups

and inviting others to join their network.

Twitter

Twitter is a social media site that offers a microblogging service (140

characters or less). It’s been nicknamed the “SMS of the Internet” and is

essentially a real-time information network that connects you to the latest

information on topics of interest to you. You can choose to “follow” or be

followed by others. Additionally, your messages can be private, and you

retain control over who follows you.


Mapping Features to 10-06 and 11-39

Facebook

Feature FINRA Definition

FINRA Category Recommendation

Relevant Controls

Basic information Retail

Communication Static Pre-review

Archive, Post-

review, Block/

allow

Profile picture Retail


Archive, Post-

review, Block/

allow

Update status

(Wall & News

Feed)

Retail

Communication Interactive Supervise

Archive,

Post-review,

Pre-review*

Upload photo

(Wall & News

Feed)

Retail


Archive, Post-

review

Attach link (Wall

& News Feed)

Retail


Archive, Post-

review

Upload video

(Wall & News

Feed)

Retail


Archive, Post-

review, Block/

Allow

Write a comment Retail


Archive,

Post-review,

Pre-review*

Chat Correspondence Interactive Supervise Archive, Post-

review

Compose

message Correspondence Interactive Supervise

Archive, Post-

review

Post new topic to

group

Retail


Archive, Post-

review




Relevant Controls

Create group

Retail


Archive, Post-

review

Chat with group Retail


Archive, Post-

review

Post reply to

group topic

Retail


Archive, Post-

review

Join a group Retail


Archive, Post-

review

Like (may be

considered an

endorsement)

Retail

Communication

Static or

Interactive Block or Supervise

Archive, Post-

review, Block/

allow

Facebook



LinkedIn



Relevant Controls



Archive, Post-

review, Block/

allow



Archive, Post-

review, Block/

allow

Profile update

(Video, Shared

documents, etc.)

Retail


Archive, Post-

review, Block/

Allow

Share status

update

Retail


Archive,

Post-review,

Pre-review*

Comment to

status update

Retail


Archive, Post-

review

Compose


Archive, Post-

review

Recommendations Retail

Communication Static Block

Archive, Post-

review, Block/

allow

Join group Retail

Communication Interactive Supervise N/A

Create a group Retail

Communication Interactive Supervise N/A

Start a discussion Retail


Archive, Post-

review

Like a group

discussion

comment

Retail

Communication

Static or


Archive, Post-

review, Block/

allow

Post a comment

to group

discussion

Retail


Archive, Post-

review



Twitter



Relevant Controls



Archive, Post-

review



Archive, Post-

review

Tweet Retail


Archive,

Post-review,

Pre-review*

Retweet (may be

considered an

endorsement)

Retail

Communication

Static or


Archive, Post-

review, Block/

allow

Reply Retail


Archive, Post-

review

Favorite Retail

Communication

Static or


Archive, Post-

review, Block/

allow

Follow N/A Interactive Supervise N/A

Send a direct


Archive, Post-

review

Create a list Retail

Communication

Static or


Archive, Post-

review, Block/

allow


FINRA Examiners’ Checklist

Policies

FINRA examiners typically are interested in the types of written supervisory

procedures financial services firms have adopted to address social media.

Of particular interest to regulators are the following policies:

• General use of social media within the firm

• Any communications posted to social media sites

• Any prospective communications posted to social media sites

• Any ongoing monitoring or review processes related to communications

posted to social media sites

• Third-party communications posted to a social media site

• Approval processes for prospective communications posted by

third parties

• Any ongoing monitoring or review processes for communications

posted by third parties

• Use of social media for non-business purposes

• Training and education of personnel on social media usage, whether

for personal or business purposes

• Disciplinary action for social media use

• Record retention of social media, whether for personal or business

purposes

• Process for handling customer complaints

Procedures

Regulators are also interested in learning about the procedures firms

have in place to ensure that the latter remain in compliance with FINRA

guidelines. Generally speaking, procedures usually mirror the policies

themselves, i.e., firms will develop procedures to be consistent with the

policies they’ve established (see preceding section). Thus, regulators

are interested in viewing documentation pertaining to procedures for

the following:


• General use of social media within the firm

• Any communications posted to social media sites

• Any prospective communications posted to social media sites

• Any ongoing monitoring or review processes related to communications

posted to social media sites

• Third-party communications posted to a social media site

• Approval processes for prospective communications posted by

third parties

• Any ongoing monitoring or review processes for communications

posted by third parties

• Use of social media for non-business purposes

• Training and education of personnel on social media usage, whether

for personal or business purposes

• Disciplinary action for social media use

• Record retention of social media, whether for personal or business

purposes

• Process for handling customer complaints

Recordkeeping

Regulators constantly remind members that they must adhere to

recordkeeping rules, if they choose to communicate through social

networking sites.

“Each member shall make and preserve books, accounts, records,

memoranda, and correspondence in conformity with all applicable laws,

rules, regulations and statements of policy promulgated thereunder and

with the Rules of this Association and as prescribed by SEA Rule 17a-3.

The record keeping format, medium, and retention period shall comply

with Rule 17a-4 under the Securities Exchange Act of 1934.”


Compliance considerations

• Social networking sites, such as Facebook, offer no native archiving

functionality, making it difficult to comply with Regulatory

Notice 07-59 that spells out the requirements for review “by a

supervisor of employees’ incoming, outgoing and internal electronic

communications.”

• Native archiving functionality offered by unified communications

and other real-time communications tools is rarely able to provide

a granular breakdown of conversations by persons (including

buddynames), key phrases, and timeframes, which are essential for

compliance and eDiscovery requirements.

• This is further complicated by the various modalities used in

conversations – from IM to BlackBerry.

Compliance recommendations

Enterprises should deploy a central archiving system that enables

easy review of posted messages and detailed analysis of electronic

conversations, including file downloads both internally and externally,

complete with an audit trail of the auditor reviewing the information. In

addition, the information should include who joined a conversation, when

they joined, when they left, any disclaimers shown (e.g., at the beginning

of an IM conversation), call detail records, etc.

About Actiance, Inc.

Actiance® is a global leader in communication, collaboration, and social

media governance for the enterprise. Its governance platform is used

by millions of professionals across dozens of industries. With the power

of communication, collaboration, and social media at their fingertips,

Actiance helps professionals everywhere to engage with customers and

colleagues so they can unleash social business.

The Actiance platform gives organizations the ability to ensure compliance

for all their communications channels. It provides real-time content

monitoring, centralized policy management, contextual capture of content

and smart archiving which improves the efficiency and cost-effectiveness

of eDiscovery and helps protect users from malware and accidental or

malicious leakage of information. Actiance supports all leading social

media, unified communications, collaboration, and IM platforms, including

Facebook (FB), LinkedIn (LNKD), Twitter, Google (GOOG), Yahoo! (YHOO),

Skype, IBM, (IBM), Jive (JIVE), Microsoft (MSFT), Cisco (CSCO), and

Salesforce.com (CRM).

©2013 Actiance, Inc. All rights reserved. Actiance, the Actiance logo, Socialite, and the Socialite logo are registered trademarks of Actiance, Inc. Vantage is a trademark of Actiance, Inc. All other trademarks are the property of their respective owners.

More information

actiance.com

[email protected]

Follow us

facebook.com/Actiance

linkedin.com/company/actiance-inc

twitter.com/actiance

youtube.com/actiance

slideshare.com/actiance

http://www.nemertes.com/

http://finance.yahoo.com/news/thirty-seven-percent-companies-social-100000735.html

actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_media

Documents