Social media is rapidly changing the way that organizations establish their brands, communicate with their customers and grow their businesses. Many organizations have jumped on the bandwagon, employing social media to varying degrees. Regulated organizations would love to follow suit, but such firms must tread carefully.
In this blog post, I'll highlight the salient points of the SEC's recently published National Examination Risk Alert - Investment Advisor Use of Social Media as they apply to Registered Investment Advisors (RIA's).
As noted in the SEC's document, "The use of social media by the financial services industry is rapidly accelerating. In growing numbers, registered investment advisers ("RIAs" or "firms") are using social media to communicate with existing and potential clients, promote services, educate investors and recruit new employees."
This, of course, begs the questions: Why wouldn't they? Why shouldn't they?
Our take on the matter is that regulated organizations certainly should adopt social media, but not without first establishing specific compliance guidelines.
Here are the important elements that you should consider when drafting your internal social media compliance policy.
Compliance Programs Related to Social Media
The SEC staff have noted that while many firms have policies and procedures in the compliance programs that refer specifically to social media, there often exists variations in the form and substance of these policies and procedures. In particular, the SEC staff have found overlapping procedures that apply to advertisments, client communications and electronic communications in general, that may or may not relate to social media. Such lack of specificity can introduce confusion and liability.
The SEC, therefore, has included a non-exhaustive list of the factors that an investment advisor might want to consider, when evaluating the effectiveness of its social media policy.
1. Usage Guidelines - A firm may consider whether to create firm usage guidelines that provide guidance to IARs and solicitors on the appropriate and inappropriate use of social media.
2. Content Standards - A firm may consider the risks that content created by the firm or its IARs or solicitors implicates its fiduciary duty or other regulatory issues.
3. Monitoring - A firm may consider how to effectively monitor the firm's social media sites or firm use of third-party sites, taking into account that many third-party sites may not provide complete access to a supervisor or compliance personnel.
4. Frequency of Monitoring - A firm may consider the frequency with which it monitors IAR or solicitor activity on a social media site.
5. Approval of Content - A firm may want to consider the appropriateness of preapproval requirements.
6. Firm Resources - A firm may consider whether it has dedicated sufficient compliance resources to adequately monitor IAR or solicitor activity on social media sites, including the ability to monitor the activity of numerous IARs or solicitors.
7. Criteria for Approving Participation - In analyzing the risk exposure for a firm and its clients due to the use of a social networking site, the firm's compliance procedures may consider, without limitation, the reputation of the site, the site's privacy policy, the ability to remove third-party posts, controls on anonymous posting and the advertising practices of any social media site that the firm, or its IARs or solicitors use to conduct business.
8. Training - In establishing or reviewing any training requirements for its IARs, a firm may consider implementing training related to social media that seeks to promote compliance and to prevent potential violations of the federal securities laws and the firm's internal policies.
9. Certification - A firm may consider whether to require a certification by IARs and advisory solicitors confirming that those individuals understand and are complying with the firm's social media policies and procedures.
10. Functionality - A firm may consider the functionality of each social media site approved for use, including the continuing obligation to address any upgrades or modifications to the functionality that affect the risk exposure for the firm or its clients.
11. Personal / Professional Sites -A firm may consider whether to adopt policies and procedures to address an IAR or solicitor conducting firm business on personal (nonbusiness) or third-party social media sites.
12. Information Security - A firm may consider whether permitting its IARs to have access to social media sites poses any information security risks.
13. Enterprise-wide Sites - An RIA that is part of a larger financial services or other corporate enterprise may consider whether to create usage guidelines reasonably designed to prevent the advertising practices of a firm-wide social media site fromviolations of the Advisers Act
In addition to the above points, the SEC notes that one should be wary of posting links to third party sites via social media. Also, the recordkeeping responsibilities that currently apply to other forms of electronic communication, should also apply to social media content, so be sure to archive.
In conclusion, RIA's should definitely leverage social media and learn how to reap the benefits. But don't get burned - get your compliance policies in check first.