Social Networking Compliance

Think Before You Tweet!

What are the challenges for broker/dealers and investment advisers trying to use social networking sites?

Complinet hosted a webinar on this topic with Clifford Kirsch from Sutherland Asbill & Brennan LLP and Debbie Corej, Vice President, Compliance – Insurance Division, Prudential.

Clifford started the discussion by pointing out the need to think about who is using these communication tools and what they are using them for. There is not a single source for the legal rules on how to use social networking tools in compliance with the regulatory requirements. You have to fit these tools into the established regulatory frameworks.


With respect to the supervisory structure, you should look at FINRA Rule 3010. You need a policy, whether you allow use of these tools or not. You should start by looking at FINRA’s Guide to the Internet.

The next focus is whether the tools are being used as advertising and sales literature. If so, then there are content requirements, filing requirements and reviews. There is new proposed FINRA Rule 09-55 that would streamline the approach to advertising. There is no specific reference to social networking. Many commenters did request some specific discussion of social networking.

Then next hurdle is record-keeping. Some site are easy to integrate with record-keeping. SEC Rule 17A-4 has extensive requirements.

Another issue is keeping track of complaints and filing complaints. That is hard to do in the free flow of information on social networking sites. What do you do if someone complains on Twitter?

Investment Advisers

As with brokers you still need a supervisory structure and examinations for risk. You should have a policy, pro or con.

With advertising and sales literature, the requirements are not as difficult as broker/dealers. There are no filing or pre-approval requirements. SEC Rule 206(4)-1 prohibits testimonials and selective discussion of past performance.

There are record-keeping requirements, so you need a system in place for preserving the records, even though they are created on a third party social networking site.

Real Life with Social Networking at Prudential

Debbie turned to some of the challenges in her organization. They have a big umbrella. Part of the challenge is controlling the technology itself.

Prudential does block some sites and is looking at ways to open access in a way they can control. There are competing interests in the company. Recruiters have a different use than marketing. Everybody has some need to use the tools to stay connected with colleagues and experts.

There are some vendors out there trying to meet the compliance requirements. But they are all new and untested. FINRA is not giving any particular blessing on a tool.

It is important that compliance understand the different features of a site and the terms and conditions for that site. Any one social social networking site is likely to have features that fall into multiple categories for compliance requirements.

For example, you should prohibit the recommendations feature of LinkedIn. You should have an internal person as a connection so that they get a notice of updates to profiles.

You need to have people submit correspondence for record-keeping internally and then review the account to make sure all of the correspondence has been submitted.

It is important to have a policy. It is also important that the policy is not freestanding but integrated with other policies, such as confidentiality. It’s possible that if you do not prohibit a tool, you may be implicitly allowing the use of that tool.

Of course you need to test compliance with the policies. If you are banning, you should search the site for employees’ names and your company name.

FINRA Task Force

FINRA has created a task force to look at social networking. (Debbie is on the task force.) FINRA is very interested in the topic and how the mechanisms can work in compliance. At the company-level it is easier to control and monitor than at the individual registered-representative level.

There is the problem of using the sites in personal level is hard to contain. What if a friend asks you a professional question?

FINRA is hosting a March 17 webinar: Compliance Considerations for Social Networking Sites.

, , , , , , ,

4 Responses to Social Networking Compliance

  1. Chad Bockius January 20, 2010 at 12:47 pm #

    In addition to these resources your readers might also want to check out the following FINRA/SEC social networking compliance guidelines:

    For those looking to jump into social and are looking for a compliance solution you should check out the following from Socialware It provides complete social media archiving, integrated moderation tools, search and discovery and the ability to lock down any aspect of a social networking site such as LinkedIn recommendations.

    • Doug Cornelius January 20, 2010 at 3:47 pm #

      Chad –

      Thanks for providing some additional information and promoting your product. There are a lack of vendors trying to deal with space and your company is one of the few.

      The big problem is that the communication is happening on a third party platform outside your control. Even your solution can’t address people accessing these site at home or on mobile devices.

      • Chad Bockius January 20, 2010 at 5:26 pm #


        Thanks for the reply. While it’s true that you can always access these sites through unmonitored devices we have multiple solutions to the problem. First, is actually setting up access to the product for your home or mobile device. Second, is doing a delta comparison on the data that the system is aware of vs any new data that was posted “off network”.

        Of course, some companies are moving into the social world without an automated solution. Their answer on the compliance front is often to copy and paste content into Excel and store that on a networked drive or take screenshots of sites like Facebook and do the same. This approach is riddled with issues. Not the least being that screenshots are impossible to search.

        Time will tell how FINRA and the SEC will rule on compliance violations surrounding social networks. I suspect every case will be unique but companies that take advantage of leading edge solutions, build clear policies and educate their employees on the proper use and associated risk will be in a far better situation than those relying on the copy/paste methodology.

        Then again companies can just choose to block access entirely. However, given the clients we’ve signed and the number of conversations we are having with other firms, that answer no longer works.

  2. Jessica April 23, 2010 at 2:39 pm #

    So you all know, we’re doing a second webinar: Social Networking Compliance: What it takes to be Linked In next Thursday, April 29th with the same two speakers to discuss the current situation firms are facing regarding social media. You can find out more information here: