March 27, 2012

Many organizations across industries have begun to rely on social media to gain a competitive edge. Financial institutions, however, have been slower to leverage the proliferating medium; according to a recent retail banking survey conducted by Accenture, 60 percent of retail banks still consider themselves social media novices. Part of the reason that the banking industry has been a cautious adopter of social media is its many regulatory requirements. However, it is possible to successfully leverage social media and also maintain compliance with regulations by following guidance from the Financial Industry Regulatory Authority (FINRA).

FINRA is one of the largest regulatory agencies of the industry. In early 2010, the agency released its first social media guidance, Regulatory Notice 10-06, to help financial organizations use social media. Further clarification was provided in August of 2011 with Regulatory Notice 11-39. Together, these notices provide the framework for regulated firms to maintain compliance while engaging in social media.

Understanding FINRA Social Media Guidelines

The first step to maintaining compliance with the FINRA guidelines while engaging in social media is to understand the five main areas in which they provide guidance:

  1. Recordkeeping. All social media activities must be recorded in compliance with record retention guidelines. Firms cannot delete, and must archive, all social media activities.
  2. Suitability responsibilities. Social media communications that include recommendations of any type must follow NASD Rule 2310. This means that firms cannot make promises through social media that they could not make via traditional communication methods.
  3. Types of interactive electronic forums. Static social media content requires principal approval; interactive social media content does not. This means that any social media content that is real-time communication does not require principal approval, while static content on social media, including profiles and advertising, does require the approval of the firm’s registered principal.
  4. Supervision of social media sites. Firms are required to supervise interactive communication on social media sites and adopt policies to stay in compliance. This means that companies are responsible for making sure any social media communications made through their accounts, no matter which employee posts it, remains in compliance with FINRA guidelines.
  5. Third-party posts. Social media posts from third parties are not considered communications from a firm unless the firm has endorsed or is involved in the preparation of the content. This means that firms are not responsible for what others say or claim about their products and services unless they actively involve themselves with the third-party content.

Meeting FINRA Social Media Guidelines

The next step in maintaining compliance with FINRA guidelines is to implement a comprehensive social media policy. An effective policy must put a complete system in place to allow effective, real-time communication via social media and also ensure that all employees understand how to stay in compliance with regulations. But what should this policy include to make sure an institution maintains compliance with FINRA social media guidelines?

Start by making sure the institution meets the record-keeping responsibilities required by FINRA. A system must be in place to archive and maintain records of social media communication for the required period of time. Systems that automatically delete or remove social media content are not permitted under FINRA guidelines and should be prohibited in the policy.

In order to meet the suitability requirements of FINRA, banks should implement a review process for all authored policy content. They should also make sure the policy includes review and approval from a registered principal for all static content, such as Twitter bios or Facebook profiles, and make sure it clearly defines the roles of each individual in a firm. For posted content, the system should allow certain users to be authors, other ones to be reviewers, and designate a user to approve final content for posting. To prevent breaches, no individual should be both an author and approver.

Finally, the social media policy should include a process to control responses to third party messages in the same fashion as internally created content. This will help ensure you don’t accidentally endorse content that violates FINRA policies and that you don’t put your firm in jeopardy. By making sure they have a complete and thorough social media policy and management system in place and by properly training employees, financial institutions can start to recognize the value of social media immediately without violating FINRA’s compliance requirements.

Scott Oppliger is CEO of SocialVolt, a social media management platform for the enterprise. For complete information on FINRA requirements, please visit FINRA's website.