More Related Content
Similar to BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions (20)
More from Business Development Institute (20)
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
- 1. Social Media Risks and Compliance
for Financial Institutions
Tuesday, July 26, 2011
Joanna Belbey
@belbey, @thebgkgroup
© 2011 The BGK Group
- 2. No more excuses
Know the rules
Know the tools and best practices
Prepare your case
Get started!
2
© 2011 The BGK Group
- 3. Risks of Social Media
Plus ça change, plus c’est la même chose
Similar to other electronic communications
▪ Legal
▪ Operational
▪ Reputation
▪ Compliance
Source: BITS Financial Services Roundtable, Social Media Risks and
Mitigation, June 2011
3
© 2011 The BGK Group
- 4. Risks of Using Social Media
▪ Legal
▪ Lack of separation between personal and professional
communications (mistakes, terms of service)
▪ Civil litigation (court cases, sharing client information,
sensitive data, infected with malware)
▪ E-Discovery – location of ESI to support litigation
(preservation, privacy, authenticity)
4
© 2011 The BGK Group
- 5. Risks of Using Social Media
▪ Operational
▪ Loss of employee productivity
▪ Corporate identify theft (tips guessing passwords,
answers to security questions)
▪ Malware (malicious software)
▪ Social engineering (manipulate, trickery, blackmail)
▪ Disclosure of intellectual property (secrets, code,
client info)
▪ Fraud
▪ Security risk (geo-tagging, insider information,
stalking, kidnapping)
5
© 2011 The BGK Group
- 6. Risks of Using Social Media
▪ Reputation (defensive and proactive)
▪ Reputational threat
▪ Lack of monitoring
▪ Insufficient employee training
▪ Negative brand impact
▪ Responding in a crisis (BCP)
6
© 2011 The BGK Group
- 7. Risks of Using Social Media
▪ Compliance
▪ Foreign and domestic privacy laws (Gramm-Leach-
Bliley Act)
▪ Existing company policies (Code of Conduct / Ethics,
Branding / Logo, Trademark, Sarbanes-Oxley,
Promotion / Sweepstakes, Employee Verification, etc)
▪ Data retention (outside the network, volume of data,
rapid change, integration personal and private)
7
© 2011 The BGK Group
- 8. Risks of Using Social Media
▪ Compliance (cont.)
▪ Endorsements (FTC – disclose relationships with
advertisers)
▪ Labor relations (pre-screening, unfair labor practices,
harassment, safety, “concerted activity”)
▪ Payment cards industry (PCI Security Standards)
▪ Marketing laws and regulations (Truth in Lending, Truth
in Savings, FDIC, etc)
▪ FINRA, IIROC (Canada), FSA (UK), SEBI (India)
8
© 2011 The BGK Group
- 9. Mitigation of Risks
▪ Collaboration with IT department / outside
vendors
▪ Develop written policies and guidance for social
media
▪ Specify ramifications of violations
▪ Establish ongoing training
▪ Monitor to detect non-compliance
9
© 2011 The BGK Group
- 10. Risks of Using Social Media
▪ Compliance with SEC and FINRA Requirements
▪ Registered Representatives (RR, Rep, Broker - sell
securities working for broker dealers)
▪ Rules designed to protect investors
▪ RR required to follow the rules and regulations
surrounding electronic communications even during
their “down time” OR time away from the office, if
they are identifiable as a representative of the
organization (i.e., they list the firm as their
employer).
10
© 2011 The BGK Group
- 11. FINRA Regulatory Notice 10-06
10-
▪ Recordkeeping
▪ Suitability
▪ Communications with the Public
▪ Advertising
▪ Supervision
11
© 2011 The BGK Group
- 12. Recordkeeping
NASD Rule 3110, SEC Rules 17a-3, 17a-4,
Securities Exchange Act 1934
▪ Firms must make and preserve books, accounts,
records, memoranda, and correspondence in
conformity with all applicable laws, rules,
regulations and statements of policy of
applicable SROs and as prescribed by SEC Rule
17a-3. The recordkeeping format, medium, and
retention period shall comply with Rule 17a-4.
12
© 2011 The BGK Group
- 13. Recordkeeping
▪ Correspondence with public customers, both written
and electronic, must be maintained. (includes RR's
electronic correspondence with the public relating
to the firm's business, generated both at the office
and at home.)
▪ ALL written communications with the public falls
under FINRA jurisdiction. If you type it out, it’s
written.
▪ Although includes social media, most social
networking sites do not provide any sort of
archiving, making supervision and review difficult
13
© 2011 The BGK Group
- 14. Suitability
NASD Rule 2310 and NTM 01-23
▪ Requires a broker-dealer to determine that a
recommendation is suitable for every investor
to whom it is made.
▪ Firms should consider prohibiting electronic
communications recommending specific
products unless a registered principal pre-
approved.
14
© 2011 The BGK Group
- 15. Communications with the Public
NASD Rule 2210 – Content standards
Principals of fair dealing and good faith
Full disclosure of material facts
Fair, balanced and sound basis
No sins of omission
Review must try to ensure that the
document is not misleading
No puffery – false or misleading facts,
claims
15
© 2011 The BGK Group
- 16. Communications with the Public
NASD Rule 2210 – Content standards (cont.)
No fine-print or foot note defense
Testimonials – most firms don’t allow
RRs: knowledge and experience to form a valid
opinion, may not be representative experience
of others, no guarantees about success,
disclosure if paid)
IAs: prohibited
16
© 2011 The BGK Group
- 17. Broker in Trouble Over Tweets
▪ A California broker touted certain
investments to her 1,400 Twitter followers
without notifying her firm of the stock-
picking “tweets.” Some of the “overly
positive” messages predicted that stocks,
including Advanced Micro Devices, or AMD,
would soon surge.
17
© 2011 The BGK Group
- 18. Broker in Trouble Over Tweets
▪ On Sept. 9, 2009, she tweeted, “Keep an i on
AMD ppl! Just bike abve $5 = margins &
institutionals can now ‘play ball!’ Barclay
upgraded to $7 ystrdy, but it should be $10+”
▪ A couple months later, she tweeted, “How
accurate am I with AMD? Just check out my
tweets! The future of AMD in 2010? Ummm..I
would say $12 is conservative!”
18
© 2011 The BGK Group
- 19. Broker in Trouble Over Tweets
▪ FINRA: “failed to disclose material information”
about her recommendations, including that she held
big stakes in some of the investments she was
recommending
▪ The broker’s misbehavior extended to two Web sites
she created, which contained misleading
information about her “career accomplishments”
and undeclared outside business activities
▪ FINRA charged the broker for sending a series of
“misrepresentative and unbalanced” messages on
Twitter. FINRA fined the broker $10,000 and
suspended her for one year.
19
© 2011 The BGK Group
- 20. Communications with the Public
NASD Rule 2211
▪ Correspondence - written letter or electronic
mail message and any marketing letter
distributed to:
▪ One or more existing retail customers; and
▪ Fewer than 25 prospective retail customers within any
30 calendar-day period
▪ Not pre-approved, unless product recommendations,
subject to supervision
20
© 2011 The BGK Group
- 21. Communications with the Public
NASD Rule 2210
▪ Advertisements: Publicly available websites,
such as Twitter, banner advertisements, and
bulletin boards. Static (non-interactive) content
on social networking sites and blogs.
▪ Sales literature: An email or instant message
sent to 25 or more prospective retail customers,
and password protected websites, such as
Facebook, LinkedIn.
▪ Both require pre-approval by principal of firm.
21
© 2011 The BGK Group
- 22. Communications with the Public
NASD Rule 2210
▪ Public Appearance: Real-time interactive or
non-static electronic forums including
extemporaneous chat room, social networking
and blog comments.
▪ FINRA Regulatory Notice 10-06: Does not require
pre-approval, however, requires supervision,
content requirements
22
© 2011 The BGK Group
- 23. Static and Interactive
▪ Facebook, Twitter and LinkedIn contain both:
▪ Static: profile, background, wall, photo, disclosures
and hyperlinks are considered “advertisements” and
require pre-approval and retention
▪ Interactive: responses to a post or discussion, online
seminars, chat rooms are considered “a public
appearance”, do not need pre-approval, but require
supervision and retention
▪ All must meet content standards
23
© 2011 The BGK Group
- 25. Communications with Public
Third Party Content
▪ Firm not responsible for third party content
unless:
▪ Firm has involved itself in the preparation of the
content or explicitly or implicitly endorsed or approved
the content
▪ Third party info hyperlinks linked to website
25
© 2011 The BGK Group
- 26. Third Party Content
Best practices:
▪ Establish and publish usage guidelines for
customers and other third parties that are
permitted to post on firm-sponsored websites
▪ Establish processes for monitoring, screening,
blocking inappropriate third-party content
▪ Disclaimers regarding its responsibility for third-
party posts
26
© 2011 The BGK Group
- 27. Third Party Content
▪ Retweeting or “liking” or marking as “favorite”
could be considered an endorsement of the post
▪ Firms should consider blocking these capabilities
▪ When setting policies and procedures, notifying
RRs of why a particular function is blocked will
assist in training of employees
27
© 2011 The BGK Group
- 28. Supervision
▪ Firms must maintain and enforce all written
procedures, including social media, to meet
content requirements of FINRA’s communications
rules
▪ Static content considered an advertisement must be
pre-approved
▪ Interactive content does require pre-approval but must
be supervised
28
© 2011 The BGK Group
- 29. Supervision
▪ May adopt supervisory procedures for social
media similar to those outlined for electronic
correspondence
▪ May employ risk-based principles to determine
level of review to meet standards with a few
exceptions
29
© 2011 The BGK Group
- 30. Supervision
▪ General policy prohibiting any associated person
from engaging in business communications in a
social media site that is not subject to the firm’s
supervision
▪ Require that only those associated persons who
have received appropriate training may engage
in such communications.
30
© 2011 The BGK Group
- 31. Managing Social Media Use
Firms should update procedures to cover social
media:
▪ Review and approval of content in advance
▪ Monitoring activity
▪ Archiving communications
▪ Controlling the use of unauthorized networks
▪ Blocking access to various functionalities
▪ Blocking access by unauthorized users
31
© 2011 The BGK Group
- 32. Summary: Educating Employees
▪ Firms should educate employees on the use of
social media and what is and is not appropriate.
▪ Include the various functionalities of the social
media site and how the functionality will be
handled (blocked, prior approval, etc.)
32
© 2011 The BGK Group
- 33. Resources
www.FINRA.org
FINRA Regulatory Notice 10-06 - Guidance for Social Media
Websites
FINRA – Guide to the Internet Guide for Registered Representatives
FINRA Regulatory Notice 7-59 – Supervision of Electronic
Communications
NASD Notice to Members 01-23 – Online Suitability
FINRA Notice to Members 99-03 – Review of Incoming Written
Correspondence
FINRA Regulatory Notice 97-43 – Broker-Dealer Record Retention
Rule
www.BITS.org
BITS Financial Services Roundtable – Social Media Risk and
Mitigation
33
© 2011 The BGK Group