SlideShare una empresa de Scribd logo

9 Keys to FINRA Blessing Enterprise Social Software Use

Actiance, Inc.
Actiance, Inc.

Enterprise social software is on fire. Financial services organizations have jumped on the bandwagon and are beginning to use platforms like Jive, SharePoint, Connections, Yammer, and others to collaborate and enhance productivity. But, lurking in the shadows is the Financial Industry Regulatory Authority (FINRA) whose Regulatory Notices 10-06 and 11-39 apply equally to these platforms, just as they do to Facebook, LinkedIn, and Twitter, everybody’s social media darlings. This means that compliance officers and legal counsel have to meet similar governance requirements as the ones for email and IM when deploying social software technologies. This whitepaper details: • Key rules, guidelines, and notices that impact FINRA member firms’ use of enterprise social software • Potential risks of social software use • 9 tips on how firms can utilize social software without incurring FINRA’s wrath

Empresariales
1 de 16
Descargar para leer sin conexión
9 Keys to FINRA Blessing Enterprise Social Software Use
Contents Executive Summary...........................................................................3 Growth of Enterprise Social Software..................................................4 Compliance Risks..............................................................................4 Regulatory Risks...............................................................................5 Legal Risks.......................................................................................6 User Behavior and Policies.................................................................6 Key Rules.........................................................................................7 FINRA Rule 2210 (Communications with the Public)............................7 NASD Rule 3010 (Supervision)...........................................................8 FINRA Rule 4511 (Books and Records)...............................................9 Key FINRA Notices..........................................................................10 Regulatory Notice 07-59 (Supervision of Electronic Communications)............................................................................10 Regulatory Notice 10-06 (Social Media Websites)..............................11 Regulatory Notice 11-39 (Social Media Websites and Use of Personal Devices)............................................................................12 How Actiance Meets FINRA Compliance Requirements.......................13 Vantage..........................................................................................13 Nine Steps to ESS Compliance.........................................................14 About Actiance................................................................................15 | Privacy Controls for Facebook
Executive Summary In January 2010, the Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 10-06, its latest guidance in a series on electronic communications specifically related to social media websites. The growth in social networking is huge and is now matched by the adoption of enterprise social software (ESS). Organizations are deploying ESS for their employees, partners, and customers to accelerate business process through improved collaboration and expertise discovery. A social business embraces networks of people to create business value. They do this by deepening their relationships with customers, driving operational effectiveness, and optimizing their workforce. With the publication of FINRA Regulatory Notice 10-06, compliance officers now know that they have to meet similar requirements that have existed for email and instant messaging when evaluating social software technologies. This whitepaper sets out some of the key rules, guidelines, and associated risks for FINRA member firms and suggests ways that organizations can use technology to protect themselves and their registered representatives. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 3
Growth of Enterprise Social Software Over the past decade, organizations have been shifting an increasing number of enterprise tasks and content over to collaboration platforms like Jive, SharePoint, Connections, Yammer, to name a few. Additionally, enterprises are now leveraging these platforms’ social media capabilities, such as exchanging documents, posting blog entries, and soliciting feedback (i.e., basically anything that facilitates collaboration and enhances employee productivity). The growth of these platforms is reflected in the following data points: •• Enterprise Social Software space is expected to reach $2 billion by 2014 (Source: IDC). •• Among all of Microsoft’s server offerings, SharePoint achieved $1 billion in annual revenue in the shortest amount of time. •• Microsoft acquired Yammer for $1.2 billion (June 2012). •• 61% reduction in time spent on compliance activities through the use of social software (Deloitte Center for the Edge Study, March 2011). The bottom line is that many stakeholders have benefited from the growth of social business platforms. Compliance Risks The risks that ESS tools pose are very similar to those of other electronic communications like email: non-compliance with government and industry regulations and substantial litigation and eDiscovery costs. Just like email, the principles for applying policies and remaining compliant remain the same. A sampling of regulations and statutes outside of FINRA guidelines that relate to the governance of ESS content are listed here: 4 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
Regulation or Impact Rule Gramm-Leach-Bliley Information protection, monitor for sensitive content and ensure Act (GLBA) not sent over public channels (e.g., Twitter). Investment Advisers Investment advisers are prohibited from publishing, circulating, or Act of 1940 distributing any advertisement which refers, directly or indirectly, to any testimonial of any kind concerning the investment adviser or concerning any advice, analysis, report, or other service rendered by such investment adviser. SEC 17a-3 and 17a-4 Specifies the types of electronic records that must be preserved. Also specifies the manner and length of time that the records maintained by broker-dealers must be preserved. PCI Ensuring cardholder data is not sent over unsecured channels and proving it has not occurred. Federal Rules of Civil Email and IM are ESI (Electronically Stored Information). Posts to Procedure (FRCP) social media sites must be preserved if reasonably determined to be discoverable. Sarbanes-Oxley (SOX) Businesses must preserve information relevant to the company reporting. This means all IM and social media “conversations” are relevant. Regulatory Risks The problem for regulated financial institutions is that inappropriate use of such widely available communications and collaboration tools can mean non-compliance with government and industry regulations, resulting in hefty fines, potential loss of business, and fraud. In 2011, FINRA discovered that Jenny Ta, a registered broker in California, failed to inform a registered firm principal that she had a Twitter account, which she used periodically to tout a specific stock. Moreover, FINRA found that her tweets often predicted an imminent price increase and that she didn’t disclose her family’s substantial position in that stock – all of which violated FINRA rules. She got caught and was fined $10,000 and suspended for a year. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 5
Similarly, in 2012, the SEC filed an enforcement action against Anthony Fields, an Illinois-based investment advisor, accusing him of making “fraudulent offers” of more than $500 billion in “fictitious securities through various forms of social media,” namely, LinkedIn. Legal Risks Virtually all company data is subject to discovery should legal action be taken, including communications traffic over blogs, wikis, discussion forums, bookmarks, social media, and unified communications. At the end of the day, these are all simply forms of “electronic communications.” The process of archiving, storing, and making these conversations and posts easily retrievable for not just regulatory compliance, but also for legal holds and eDiscovery purposes, is made complex by the multi- dimensional nature of these conversations. For example, a wiki or blog post can include numerous contributors and respondents, each one commenting, replying, deleting, and editing content. In essence, this dynamic interchange of content underscores the importance of context. For instance, who said what and when, and did he or she edit or delete any comments? This chronology and context is thus very crucial. User Behavior and Policies Social communities, wikis, profiles, and blogs offer huge productivity benefits when used in the context of business processes, but they also require comprehensive governance and usage guidelines. These guidelines can be added to existing Acceptable Use Policies (AUPs) for other electronic communications or IT equipment. Well-constructed social computing guidelines can help educate employees about the appropriate uses of these applications. Employees have to understand that they are responsible for the content they share, should respect opinions of others, and must protect confidential information. 6 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
Unlike many other industries, registered representatives are duty-bound to follow the rules and regulations surrounding electronic communications. For this reason, it is very important to have good communication and education components in your social software deployment plan. The concepts are not complex; they just need to be communicated clearly to establish acceptable behavior. It is also a best practice to establish a social computing subject matter expert to answer any questions about the guidelines and the desired behavior. Key Rules FINRA Rule 2210 (Communications with the Public) In February 2013, FINRA replaced NASD Rules 2210 and 2211 and NYSE Rule 472 with FINRA Rule 2210, which governs communications with the public. The new rule reduces the number of communications categories from six to three, two of which pertain to social media: Correspondence Correspondence includes any written (including electronic) communication that is distributed or made available to 25 or fewer retail investors within any 30 calendar-day period. Retail communication Retail communication includes any written (including electronic) communication that is distributed or made available to more than 25 retail investors within any 30 calendar-day period. A “retail investor” includes any person other than an institutional investor, regardless of whether the person has an account with the firm. Communications that formerly qualified as advertisements and sales literature generally now fall under the definition of “retail communication.” 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 7
Compliance considerations •• Regulatory Notice 10-06 does pave the way for registered representatives to participate in real-time communications, but care still needs to be given to the content of the message. •• Under FINRA 2210, communications with the public must be based on the principles of fair dealing; misleading statements, exaggerated claims, and predictions of investments are strictly forbidden. •• Sharing or republishing a comment from a third party is likely to be considered an endorsement, as is “Liking” a comment on Jive or Salesforce Chatter, thus caution is urged. Compliance recommendations Given that human error or judgment is frequently found to be a contributing factor in most adverse situations, organizations began implementing content filtering systems for their email platforms a long time ago. Companies need to implement a solution that provides content filtering for messages posted to a wide range of real-time communications tools, including ESS to ensure that all messages are appropriate. NASD Rule 3010 (Supervision) “Members must establish, maintain and enforce written procedures for communications”; the inclusion of electronic communications was confirmed in Notice 99-03. Furthermore, 10-06 reminds members that under NASD Rule 3010 members must supervise social media communications “in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.” Compliance considerations •• It is not possible to supervise communications if the organization does not have visibility of all electronic communications tools in use on its network. 8 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
•• An enterprise should standardize on its use of electronic communications tools, including social applications, for its employees and customers to meet collaboration requirements. This will decrease the temptation to download other applications that may have been specifically designed to avoid detection by traditional security measures. Compliance recommendations In order to be able to enforce communications policies, enterprises need to implement technology that is able to provide visibility into all ESS tools on the network and the ability to block or control their usage. FINRA Rule 4511 (Books and Records) Firms are obligated to: (1) make and preserve books and records as required under FINRA and SEC rules; and (2) preserve the books and records in a format and media that complies with SEC Rule 17a-4. Requires firms to preserve for a period of at least six years FINRA books and records for which there is no specified retention period under applicable FINRA or SEC rules. Compliance considerations • ESS platforms offer little to no native archiving functionality, making it difficult to comply with FINRA or SEC rules that require, if appropriate, the review “by a supervisor of employees’ incoming, outgoing and internal electronic communications.” • Native archiving functionality offered by ESS is rarely able to provide a granular breakdown of conversations by persons (including buddynames), key phrases, and timeframes, which are essential for compliance and eDiscovery requirements. • This is further complicated by the multitude of modalities used in conversations - from IM to blogs to wikis. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 9
Compliance recommendations Enterprises should deploy a central archiving system that enables easy review of posted messages and detailed analysis of electronic conversations, including file downloads both internally and externally, complete with an audit trail of the auditor reviewing the information. In addition, the information should include who joined a conversation, when and when they left, any disclaimers shown (at the beginning of a conversation, for instance), and call detail records for voice calls, group meeting sessions, etc. Key FINRA Notices Regulatory Notice 07-59 (Supervision of Electronic Communications) In the ever-expanding role of electronic communications in Regulatory Notice 07-59, Supervision of Electronic Communications, FINRA suggests that members consider taking steps “to reduce, manage or eliminate potential conflicts of interest, to prevent electronic communications between certain individuals/groups or monitoring communications as required by FINRA rules.” Compliance considerations •• In certain situations, there may be a requirement to restrict electronic conversations between internal personnel, such as between non- research and research departments. In addition, there may be a requirement to restrict electronic communications between specific persons from different organizations, while still allowing broad communication with others. 10 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
•• Though it is easy for a registered representative to recognize in a one-to-one instant message conversation whether or not they should be talking to the individual, with the popularity of features such as discussion forums within a community, it is now a considerable risk. Compliance recommendations Implement ethical walls at both a group and domain level to ensure that conflicting personnel do not accidentally “meet” electronically and to maintain a full audit trail that clearly displays when an individual joined a meeting and subsequently left. In addition, the use of disclaimers when a member joins a meeting can help to reinforce the message. Regulatory Notice 10-06 (Social Media Websites) The release of Regulatory Notice 10-06 from FINRA makes it very clear that all electronic communications shared via the Internet should be treated in just the same way as if it were shared in person or in non- electronic written communications. Compliance considerations •• Social media is a dynamic medium that relies on real-time (or near real-time) interaction between participants to be a useful resource for information and communication. Allowing unfiltered access raises the possibility of an employee accidentally or deliberately saying something inappropriate. •• Moderating every post manually will increase the overhead of using social media and may also add an element of delay to the “conversation” that offsets the benefit of using the medium. Compliance recommendations Educate users to understand what is considered appropriate content. Implement filters or moderation processes that can control the content posted to external social media sites. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 11
Regulatory Notice 11-39 (Social Media Websites and Use of Personal Devices) In this notice, FINRA provides further guidance for firms on applying rules governing communications with the public when using social media. In short, firms are reminded that existing rules for recordkeeping, suitability, supervision and content requirements all apply to social media. Additionally, FINRA clarified the following points: •• The content of the communication is determinative, not the communication channel. •• A firm is subject to the “adoption” and “entanglement” theories regarding third-party posts. •• Business communications over personal devices must be retained, retrievable, and supervised. Compliance considerations •• Mobile devices are increasingly being used for business communications, which means they are subject to regulatory requirements, even if the device in question is a personal device. Compliance recommendations Create or revise policies to incorporate business communications conducted over personal devices. Implement technology solutions to ensure that such communications are captured for recordkeeping purposes. 12 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
How Actiance Meets FINRA Compliance Requirements Vantage Vantage is Actiance’s governance solution for enterprise social software. It complements today’s archiving systems by providing a level of granularity that ensures any information governance strategy is executed seamlessly. Actiance’s Collaboration Framework underpins the capture of this wealth of data, maintaining the context of conversations and posts and storing them natively. Additionally, the framework provides organizations the flexibility of conducting eDiscovery from the Actiance database (thus facilitating contextual review), the customer’s own archive, or perhaps from a third- party archive. Today’s archiving solutions just grab all collaboration content without providing any real-time insight into the meaning of the data. Vantage’s content-inspection technology features real-time alerts to detect potential loss or exposure of intellectual property and violations of corporate policy, such as the use of inappropriate language (e.g., inflammatory comments). Its policy framework allows granular policies to be defined between groups of employees, ensuring enterprises remain compliant. All of the available compliance controls were designed to address the key government and industry regulations (e.g., FINRA, SEC, FRCP, Sarbanes-Oxley, FERC). Some key features of Vantage include the following: •• TrueComplianceTM: Tamper-proof archiving of content; Real-time content inspection; Preservation of message or conversation order. •• Real-time alerts: Send real-time alerts based on content detected (e.g., abusive language, trade secrets); Scans content within files. •• Granular policy control: Define capture policies at a granular level to map to compliance or corporate governance standards. •• Contextual capture: Content shown in context of other related items in reviewer UI. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 13
Nine Steps to ESS Compliance 1. Gain visibility into all communications tools The first step in any security review is to carry out an audit. Even if the use of real-time communications and social applications has been banned within the enterprise, the likelihood is that users will have found a way to circumvent any measures put in place. 2. Develop policies taking into account FINRA guidelines An acceptable use policy (AUP) will let users know exactly what they can and can’t do with respect to ESS applications. Don’t forget to include that the organization has the right to monitor all traffic and to remind registered representatives that they are bound by FINRA regulations, even if they are not using the company network. 3. Implement monitoring technology The only way to see who is using what, how often, and when is to implement monitoring technology. Even if a business chooses to ban specific real-time applications, without monitoring in place, they can never be certain that users are actually complying. 4. Ensure granular access Not all employees need access to every aspect of real-time communications tools or social applications. In the same way organizations block certain file types (e.g., only the marketing department can receive GIFs and JPEGs), consider limiting the various types of real-time communications by job function. 5. Apply policy management and control Apply centralized policy management and control with a single solution for all elements of email, instant messaging, and social applications in use in the enterprise. Use Active Directory integration to set and enforce global, group, and individual-level communications policies. 14 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
6. Enable content filtering Ensure content posted and messages sent can be monitored where necessary. Use lexicons to efficiently monitor for sensitive keywords, phrases, and regular expressions. 7. Send alerts Limit the potential damage of inappropriate or inflammatory content by utilizing alerts. 8. Capture edits and deletes Edits and deletions are just as important as unchanged content. Ensure you have policies and systems in place to record content that was revised or removed. 9. Archive Whether you need to retrieve messages for litigation, to substantiate a compliance issue, or just to confirm a contractual modification, all business messages need to be stored securely. About Actiance Actiance® is a global leader in communication, collaboration, and social media governance for the enterprise. Its governance platform is used by millions of professionals across dozens of industries. With the power of communication, collaboration, and social media at their fingertips, Actiance helps professionals everywhere to engage with customers and colleagues so they can unleash social business. The Actiance platform gives organizations the ability to ensure compliance for all their communications channels. It provides real-time content monitoring, centralized policy management, contextual capture of content and smart archiving which improves the efficiency and cost-effectiveness of eDiscovery and helps protect users from malware and accidental or 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 15
malicious leakage of information. Actiance supports all leading social media, unified communications, collaboration, and IM platforms, including Facebook (FB), LinkedIn (LNKD), Twitter, Google (GOOG), Yahoo! (YHOO), Skype, IBM, (IBM), Jive (JIVE), Microsoft (MSFT), Cisco (CSCO), and Salesforce.com (CRM). Actiance is headquartered in Belmont, California. More information actiance.com sales@actiance.com Follow us facebook.com/Actiance linkedin.com/company/actiance-inc twitter.com/actiance youtube.com/actiance slideshare.com/actiance ©2013 Actiance, Inc. All rights reserved. Actiance, the Actiance logo, Socialite, and the Socialite logo are registered trademarks of Actiance, Inc. Vantage is a trademark of Actiance, Inc. All other trademarks are the property of their respective owners.

Recomendados

Dreamforce 2013 - AppExchange Partner Keynote: The Enterprise, Disrupted
Dreamforce 2013 - AppExchange Partner Keynote: The Enterprise, DisruptedDreamforce 2013 - AppExchange Partner Keynote: The Enterprise, Disrupted
Dreamforce 2013 - AppExchange Partner Keynote: The Enterprise, DisruptedSalesforce Partners
 
Compliance Guide for NFA-Registered Firms
Compliance Guide for NFA-Registered FirmsCompliance Guide for NFA-Registered Firms
Compliance Guide for NFA-Registered FirmsActiance, Inc.
 
The case for social media management and archiving
The case for social media management and archivingThe case for social media management and archiving
The case for social media management and archivingActiance, Inc.
 
Why you need to focus on social networking in your company
Why you need to focus on social networking in your companyWhy you need to focus on social networking in your company
Why you need to focus on social networking in your companyActiance, Inc.
 
Actiance whitepaper-ost-federal-unified-communications
Actiance whitepaper-ost-federal-unified-communicationsActiance whitepaper-ost-federal-unified-communications
Actiance whitepaper-ost-federal-unified-communicationsActiance, Inc.
 
The impact of the new FRCP amendments on your business
The impact of the new FRCP amendments on your businessThe impact of the new FRCP amendments on your business
The impact of the new FRCP amendments on your businessActiance, Inc.
 
The impact of new communication tools for financial services firms
The impact of new communication tools for financial services firms The impact of new communication tools for financial services firms
The impact of new communication tools for financial services firms Actiance, Inc.
 
Messaging best practices for 2011
Messaging best practices for 2011Messaging best practices for 2011
Messaging best practices for 2011Actiance, Inc.
 

Recomendados

Dreamforce 2013 - AppExchange Partner Keynote: The Enterprise, Disrupted
Dreamforce 2013 - AppExchange Partner Keynote: The Enterprise, DisruptedDreamforce 2013 - AppExchange Partner Keynote: The Enterprise, Disrupted
Dreamforce 2013 - AppExchange Partner Keynote: The Enterprise, DisruptedSalesforce Partners
 
Compliance Guide for NFA-Registered Firms
Compliance Guide for NFA-Registered FirmsCompliance Guide for NFA-Registered Firms
Compliance Guide for NFA-Registered FirmsActiance, Inc.
 
The case for social media management and archiving
The case for social media management and archivingThe case for social media management and archiving
The case for social media management and archivingActiance, Inc.
 
Why you need to focus on social networking in your company
Why you need to focus on social networking in your companyWhy you need to focus on social networking in your company
Why you need to focus on social networking in your companyActiance, Inc.
 
Actiance whitepaper-ost-federal-unified-communications
Actiance whitepaper-ost-federal-unified-communicationsActiance whitepaper-ost-federal-unified-communications
Actiance whitepaper-ost-federal-unified-communicationsActiance, Inc.
 
The impact of the new FRCP amendments on your business
The impact of the new FRCP amendments on your businessThe impact of the new FRCP amendments on your business
The impact of the new FRCP amendments on your businessActiance, Inc.
 
The impact of new communication tools for financial services firms
The impact of new communication tools for financial services firms The impact of new communication tools for financial services firms
The impact of new communication tools for financial services firms Actiance, Inc.
 
Messaging best practices for 2011
Messaging best practices for 2011Messaging best practices for 2011
Messaging best practices for 2011Actiance, Inc.
 
Compliance implications of social media
Compliance implications of social mediaCompliance implications of social media
Compliance implications of social mediaActiance, Inc.
 
Importance of social media in Pharmaceutical industry
Importance of social media in Pharmaceutical industryImportance of social media in Pharmaceutical industry
Importance of social media in Pharmaceutical industryActiance, Inc.
 
How do you quantify ROI on social media?
How do you quantify ROI on social media?How do you quantify ROI on social media?
How do you quantify ROI on social media?Actiance, Inc.
 
IDC event flash on Socialite launch
IDC event flash on Socialite launchIDC event flash on Socialite launch
IDC event flash on Socialite launchActiance, Inc.
 
Social Media Guidelines for Insurance Industry
Social Media Guidelines for Insurance Industry Social Media Guidelines for Insurance Industry
Social Media Guidelines for Insurance Industry Actiance, Inc.
 
Enterprises are upgrading from Microsoft OCS to Lync
Enterprises are upgrading from Microsoft OCS to LyncEnterprises are upgrading from Microsoft OCS to Lync
Enterprises are upgrading from Microsoft OCS to LyncActiance, Inc.
 
True Compliance for Social Media
True Compliance for Social MediaTrue Compliance for Social Media
True Compliance for Social MediaActiance, Inc.
 
Social Media and Litigation are Outlining eDiscovery Issues
Social Media and Litigation are Outlining eDiscovery IssuesSocial Media and Litigation are Outlining eDiscovery Issues
Social Media and Litigation are Outlining eDiscovery IssuesActiance, Inc.
 
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...Actiance, Inc.
 
Actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_media
Actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_mediaActiance handbook-interpreting finra-10-03_and_11-39_for_using_social_media
Actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_mediaActiance, Inc.
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Data Analytics Company - 47Billion Inc.
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 

Más contenido relacionado

Más de Actiance, Inc.

Compliance implications of social media
Compliance implications of social mediaCompliance implications of social media
Compliance implications of social mediaActiance, Inc.
 
Importance of social media in Pharmaceutical industry
Importance of social media in Pharmaceutical industryImportance of social media in Pharmaceutical industry
Importance of social media in Pharmaceutical industryActiance, Inc.
 
How do you quantify ROI on social media?
How do you quantify ROI on social media?How do you quantify ROI on social media?
How do you quantify ROI on social media?Actiance, Inc.
 
IDC event flash on Socialite launch
IDC event flash on Socialite launchIDC event flash on Socialite launch
IDC event flash on Socialite launchActiance, Inc.
 
Social Media Guidelines for Insurance Industry
Social Media Guidelines for Insurance Industry Social Media Guidelines for Insurance Industry
Social Media Guidelines for Insurance Industry Actiance, Inc.
 
Enterprises are upgrading from Microsoft OCS to Lync
Enterprises are upgrading from Microsoft OCS to LyncEnterprises are upgrading from Microsoft OCS to Lync
Enterprises are upgrading from Microsoft OCS to LyncActiance, Inc.
 
True Compliance for Social Media
True Compliance for Social MediaTrue Compliance for Social Media
True Compliance for Social MediaActiance, Inc.
 
Social Media and Litigation are Outlining eDiscovery Issues
Social Media and Litigation are Outlining eDiscovery IssuesSocial Media and Litigation are Outlining eDiscovery Issues
Social Media and Litigation are Outlining eDiscovery IssuesActiance, Inc.
 
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...Actiance, Inc.
 
Actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_media
Actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_mediaActiance handbook-interpreting finra-10-03_and_11-39_for_using_social_media
Actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_mediaActiance, Inc.
 

Más de Actiance, Inc. (10)

Compliance implications of social media
Compliance implications of social mediaCompliance implications of social media
Compliance implications of social media
 
Importance of social media in Pharmaceutical industry
Importance of social media in Pharmaceutical industryImportance of social media in Pharmaceutical industry
Importance of social media in Pharmaceutical industry
 
How do you quantify ROI on social media?
How do you quantify ROI on social media?How do you quantify ROI on social media?
How do you quantify ROI on social media?
 
IDC event flash on Socialite launch
IDC event flash on Socialite launchIDC event flash on Socialite launch
IDC event flash on Socialite launch
 
Social Media Guidelines for Insurance Industry
Social Media Guidelines for Insurance Industry Social Media Guidelines for Insurance Industry
Social Media Guidelines for Insurance Industry
 
Enterprises are upgrading from Microsoft OCS to Lync
Enterprises are upgrading from Microsoft OCS to LyncEnterprises are upgrading from Microsoft OCS to Lync
Enterprises are upgrading from Microsoft OCS to Lync
 
True Compliance for Social Media
True Compliance for Social MediaTrue Compliance for Social Media
True Compliance for Social Media
 
Social Media and Litigation are Outlining eDiscovery Issues
Social Media and Litigation are Outlining eDiscovery IssuesSocial Media and Litigation are Outlining eDiscovery Issues
Social Media and Litigation are Outlining eDiscovery Issues
 
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...
Handbook on Interpreting FINRA Regulatory Notices 10-06 and 11-39 and Using S...
 
Actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_media
Actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_mediaActiance handbook-interpreting finra-10-03_and_11-39_for_using_social_media
Actiance handbook-interpreting finra-10-03_and_11-39_for_using_social_media
 

Último

Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 

Último (20)

Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 

9 Keys to FINRA Blessing Enterprise Social Software Use

  • 1. 9 Keys to FINRA Blessing Enterprise Social Software Use
  • 2. Contents Executive Summary...........................................................................3 Growth of Enterprise Social Software..................................................4 Compliance Risks..............................................................................4 Regulatory Risks...............................................................................5 Legal Risks.......................................................................................6 User Behavior and Policies.................................................................6 Key Rules.........................................................................................7 FINRA Rule 2210 (Communications with the Public)............................7 NASD Rule 3010 (Supervision)...........................................................8 FINRA Rule 4511 (Books and Records)...............................................9 Key FINRA Notices..........................................................................10 Regulatory Notice 07-59 (Supervision of Electronic Communications)............................................................................10 Regulatory Notice 10-06 (Social Media Websites)..............................11 Regulatory Notice 11-39 (Social Media Websites and Use of Personal Devices)............................................................................12 How Actiance Meets FINRA Compliance Requirements.......................13 Vantage..........................................................................................13 Nine Steps to ESS Compliance.........................................................14 About Actiance................................................................................15 | Privacy Controls for Facebook
  • 3. Executive Summary In January 2010, the Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 10-06, its latest guidance in a series on electronic communications specifically related to social media websites. The growth in social networking is huge and is now matched by the adoption of enterprise social software (ESS). Organizations are deploying ESS for their employees, partners, and customers to accelerate business process through improved collaboration and expertise discovery. A social business embraces networks of people to create business value. They do this by deepening their relationships with customers, driving operational effectiveness, and optimizing their workforce. With the publication of FINRA Regulatory Notice 10-06, compliance officers now know that they have to meet similar requirements that have existed for email and instant messaging when evaluating social software technologies. This whitepaper sets out some of the key rules, guidelines, and associated risks for FINRA member firms and suggests ways that organizations can use technology to protect themselves and their registered representatives. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 3
  • 4. Growth of Enterprise Social Software Over the past decade, organizations have been shifting an increasing number of enterprise tasks and content over to collaboration platforms like Jive, SharePoint, Connections, Yammer, to name a few. Additionally, enterprises are now leveraging these platforms’ social media capabilities, such as exchanging documents, posting blog entries, and soliciting feedback (i.e., basically anything that facilitates collaboration and enhances employee productivity). The growth of these platforms is reflected in the following data points: •• Enterprise Social Software space is expected to reach $2 billion by 2014 (Source: IDC). •• Among all of Microsoft’s server offerings, SharePoint achieved $1 billion in annual revenue in the shortest amount of time. •• Microsoft acquired Yammer for $1.2 billion (June 2012). •• 61% reduction in time spent on compliance activities through the use of social software (Deloitte Center for the Edge Study, March 2011). The bottom line is that many stakeholders have benefited from the growth of social business platforms. Compliance Risks The risks that ESS tools pose are very similar to those of other electronic communications like email: non-compliance with government and industry regulations and substantial litigation and eDiscovery costs. Just like email, the principles for applying policies and remaining compliant remain the same. A sampling of regulations and statutes outside of FINRA guidelines that relate to the governance of ESS content are listed here: 4 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
  • 5. Regulation or Impact Rule Gramm-Leach-Bliley Information protection, monitor for sensitive content and ensure Act (GLBA) not sent over public channels (e.g., Twitter). Investment Advisers Investment advisers are prohibited from publishing, circulating, or Act of 1940 distributing any advertisement which refers, directly or indirectly, to any testimonial of any kind concerning the investment adviser or concerning any advice, analysis, report, or other service rendered by such investment adviser. SEC 17a-3 and 17a-4 Specifies the types of electronic records that must be preserved. Also specifies the manner and length of time that the records maintained by broker-dealers must be preserved. PCI Ensuring cardholder data is not sent over unsecured channels and proving it has not occurred. Federal Rules of Civil Email and IM are ESI (Electronically Stored Information). Posts to Procedure (FRCP) social media sites must be preserved if reasonably determined to be discoverable. Sarbanes-Oxley (SOX) Businesses must preserve information relevant to the company reporting. This means all IM and social media “conversations” are relevant. Regulatory Risks The problem for regulated financial institutions is that inappropriate use of such widely available communications and collaboration tools can mean non-compliance with government and industry regulations, resulting in hefty fines, potential loss of business, and fraud. In 2011, FINRA discovered that Jenny Ta, a registered broker in California, failed to inform a registered firm principal that she had a Twitter account, which she used periodically to tout a specific stock. Moreover, FINRA found that her tweets often predicted an imminent price increase and that she didn’t disclose her family’s substantial position in that stock – all of which violated FINRA rules. She got caught and was fined $10,000 and suspended for a year. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 5
  • 6. Similarly, in 2012, the SEC filed an enforcement action against Anthony Fields, an Illinois-based investment advisor, accusing him of making “fraudulent offers” of more than $500 billion in “fictitious securities through various forms of social media,” namely, LinkedIn. Legal Risks Virtually all company data is subject to discovery should legal action be taken, including communications traffic over blogs, wikis, discussion forums, bookmarks, social media, and unified communications. At the end of the day, these are all simply forms of “electronic communications.” The process of archiving, storing, and making these conversations and posts easily retrievable for not just regulatory compliance, but also for legal holds and eDiscovery purposes, is made complex by the multi- dimensional nature of these conversations. For example, a wiki or blog post can include numerous contributors and respondents, each one commenting, replying, deleting, and editing content. In essence, this dynamic interchange of content underscores the importance of context. For instance, who said what and when, and did he or she edit or delete any comments? This chronology and context is thus very crucial. User Behavior and Policies Social communities, wikis, profiles, and blogs offer huge productivity benefits when used in the context of business processes, but they also require comprehensive governance and usage guidelines. These guidelines can be added to existing Acceptable Use Policies (AUPs) for other electronic communications or IT equipment. Well-constructed social computing guidelines can help educate employees about the appropriate uses of these applications. Employees have to understand that they are responsible for the content they share, should respect opinions of others, and must protect confidential information. 6 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
  • 7. Unlike many other industries, registered representatives are duty-bound to follow the rules and regulations surrounding electronic communications. For this reason, it is very important to have good communication and education components in your social software deployment plan. The concepts are not complex; they just need to be communicated clearly to establish acceptable behavior. It is also a best practice to establish a social computing subject matter expert to answer any questions about the guidelines and the desired behavior. Key Rules FINRA Rule 2210 (Communications with the Public) In February 2013, FINRA replaced NASD Rules 2210 and 2211 and NYSE Rule 472 with FINRA Rule 2210, which governs communications with the public. The new rule reduces the number of communications categories from six to three, two of which pertain to social media: Correspondence Correspondence includes any written (including electronic) communication that is distributed or made available to 25 or fewer retail investors within any 30 calendar-day period. Retail communication Retail communication includes any written (including electronic) communication that is distributed or made available to more than 25 retail investors within any 30 calendar-day period. A “retail investor” includes any person other than an institutional investor, regardless of whether the person has an account with the firm. Communications that formerly qualified as advertisements and sales literature generally now fall under the definition of “retail communication.” 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 7
  • 8. Compliance considerations •• Regulatory Notice 10-06 does pave the way for registered representatives to participate in real-time communications, but care still needs to be given to the content of the message. •• Under FINRA 2210, communications with the public must be based on the principles of fair dealing; misleading statements, exaggerated claims, and predictions of investments are strictly forbidden. •• Sharing or republishing a comment from a third party is likely to be considered an endorsement, as is “Liking” a comment on Jive or Salesforce Chatter, thus caution is urged. Compliance recommendations Given that human error or judgment is frequently found to be a contributing factor in most adverse situations, organizations began implementing content filtering systems for their email platforms a long time ago. Companies need to implement a solution that provides content filtering for messages posted to a wide range of real-time communications tools, including ESS to ensure that all messages are appropriate. NASD Rule 3010 (Supervision) “Members must establish, maintain and enforce written procedures for communications”; the inclusion of electronic communications was confirmed in Notice 99-03. Furthermore, 10-06 reminds members that under NASD Rule 3010 members must supervise social media communications “in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.” Compliance considerations •• It is not possible to supervise communications if the organization does not have visibility of all electronic communications tools in use on its network. 8 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
  • 9. •• An enterprise should standardize on its use of electronic communications tools, including social applications, for its employees and customers to meet collaboration requirements. This will decrease the temptation to download other applications that may have been specifically designed to avoid detection by traditional security measures. Compliance recommendations In order to be able to enforce communications policies, enterprises need to implement technology that is able to provide visibility into all ESS tools on the network and the ability to block or control their usage. FINRA Rule 4511 (Books and Records) Firms are obligated to: (1) make and preserve books and records as required under FINRA and SEC rules; and (2) preserve the books and records in a format and media that complies with SEC Rule 17a-4. Requires firms to preserve for a period of at least six years FINRA books and records for which there is no specified retention period under applicable FINRA or SEC rules. Compliance considerations • ESS platforms offer little to no native archiving functionality, making it difficult to comply with FINRA or SEC rules that require, if appropriate, the review “by a supervisor of employees’ incoming, outgoing and internal electronic communications.” • Native archiving functionality offered by ESS is rarely able to provide a granular breakdown of conversations by persons (including buddynames), key phrases, and timeframes, which are essential for compliance and eDiscovery requirements. • This is further complicated by the multitude of modalities used in conversations - from IM to blogs to wikis. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 9
  • 10. Compliance recommendations Enterprises should deploy a central archiving system that enables easy review of posted messages and detailed analysis of electronic conversations, including file downloads both internally and externally, complete with an audit trail of the auditor reviewing the information. In addition, the information should include who joined a conversation, when and when they left, any disclaimers shown (at the beginning of a conversation, for instance), and call detail records for voice calls, group meeting sessions, etc. Key FINRA Notices Regulatory Notice 07-59 (Supervision of Electronic Communications) In the ever-expanding role of electronic communications in Regulatory Notice 07-59, Supervision of Electronic Communications, FINRA suggests that members consider taking steps “to reduce, manage or eliminate potential conflicts of interest, to prevent electronic communications between certain individuals/groups or monitoring communications as required by FINRA rules.” Compliance considerations •• In certain situations, there may be a requirement to restrict electronic conversations between internal personnel, such as between non- research and research departments. In addition, there may be a requirement to restrict electronic communications between specific persons from different organizations, while still allowing broad communication with others. 10 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
  • 11. •• Though it is easy for a registered representative to recognize in a one-to-one instant message conversation whether or not they should be talking to the individual, with the popularity of features such as discussion forums within a community, it is now a considerable risk. Compliance recommendations Implement ethical walls at both a group and domain level to ensure that conflicting personnel do not accidentally “meet” electronically and to maintain a full audit trail that clearly displays when an individual joined a meeting and subsequently left. In addition, the use of disclaimers when a member joins a meeting can help to reinforce the message. Regulatory Notice 10-06 (Social Media Websites) The release of Regulatory Notice 10-06 from FINRA makes it very clear that all electronic communications shared via the Internet should be treated in just the same way as if it were shared in person or in non- electronic written communications. Compliance considerations •• Social media is a dynamic medium that relies on real-time (or near real-time) interaction between participants to be a useful resource for information and communication. Allowing unfiltered access raises the possibility of an employee accidentally or deliberately saying something inappropriate. •• Moderating every post manually will increase the overhead of using social media and may also add an element of delay to the “conversation” that offsets the benefit of using the medium. Compliance recommendations Educate users to understand what is considered appropriate content. Implement filters or moderation processes that can control the content posted to external social media sites. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 11
  • 12. Regulatory Notice 11-39 (Social Media Websites and Use of Personal Devices) In this notice, FINRA provides further guidance for firms on applying rules governing communications with the public when using social media. In short, firms are reminded that existing rules for recordkeeping, suitability, supervision and content requirements all apply to social media. Additionally, FINRA clarified the following points: •• The content of the communication is determinative, not the communication channel. •• A firm is subject to the “adoption” and “entanglement” theories regarding third-party posts. •• Business communications over personal devices must be retained, retrievable, and supervised. Compliance considerations •• Mobile devices are increasingly being used for business communications, which means they are subject to regulatory requirements, even if the device in question is a personal device. Compliance recommendations Create or revise policies to incorporate business communications conducted over personal devices. Implement technology solutions to ensure that such communications are captured for recordkeeping purposes. 12 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
  • 13. How Actiance Meets FINRA Compliance Requirements Vantage Vantage is Actiance’s governance solution for enterprise social software. It complements today’s archiving systems by providing a level of granularity that ensures any information governance strategy is executed seamlessly. Actiance’s Collaboration Framework underpins the capture of this wealth of data, maintaining the context of conversations and posts and storing them natively. Additionally, the framework provides organizations the flexibility of conducting eDiscovery from the Actiance database (thus facilitating contextual review), the customer’s own archive, or perhaps from a third- party archive. Today’s archiving solutions just grab all collaboration content without providing any real-time insight into the meaning of the data. Vantage’s content-inspection technology features real-time alerts to detect potential loss or exposure of intellectual property and violations of corporate policy, such as the use of inappropriate language (e.g., inflammatory comments). Its policy framework allows granular policies to be defined between groups of employees, ensuring enterprises remain compliant. All of the available compliance controls were designed to address the key government and industry regulations (e.g., FINRA, SEC, FRCP, Sarbanes-Oxley, FERC). Some key features of Vantage include the following: •• TrueComplianceTM: Tamper-proof archiving of content; Real-time content inspection; Preservation of message or conversation order. •• Real-time alerts: Send real-time alerts based on content detected (e.g., abusive language, trade secrets); Scans content within files. •• Granular policy control: Define capture policies at a granular level to map to compliance or corporate governance standards. •• Contextual capture: Content shown in context of other related items in reviewer UI. 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 13
  • 14. Nine Steps to ESS Compliance 1. Gain visibility into all communications tools The first step in any security review is to carry out an audit. Even if the use of real-time communications and social applications has been banned within the enterprise, the likelihood is that users will have found a way to circumvent any measures put in place. 2. Develop policies taking into account FINRA guidelines An acceptable use policy (AUP) will let users know exactly what they can and can’t do with respect to ESS applications. Don’t forget to include that the organization has the right to monitor all traffic and to remind registered representatives that they are bound by FINRA regulations, even if they are not using the company network. 3. Implement monitoring technology The only way to see who is using what, how often, and when is to implement monitoring technology. Even if a business chooses to ban specific real-time applications, without monitoring in place, they can never be certain that users are actually complying. 4. Ensure granular access Not all employees need access to every aspect of real-time communications tools or social applications. In the same way organizations block certain file types (e.g., only the marketing department can receive GIFs and JPEGs), consider limiting the various types of real-time communications by job function. 5. Apply policy management and control Apply centralized policy management and control with a single solution for all elements of email, instant messaging, and social applications in use in the enterprise. Use Active Directory integration to set and enforce global, group, and individual-level communications policies. 14 | 9 Keys to FINRA-Blessed Use of Enterprise Social Software | Privacy Controls for Facebook
  • 15. 6. Enable content filtering Ensure content posted and messages sent can be monitored where necessary. Use lexicons to efficiently monitor for sensitive keywords, phrases, and regular expressions. 7. Send alerts Limit the potential damage of inappropriate or inflammatory content by utilizing alerts. 8. Capture edits and deletes Edits and deletions are just as important as unchanged content. Ensure you have policies and systems in place to record content that was revised or removed. 9. Archive Whether you need to retrieve messages for litigation, to substantiate a compliance issue, or just to confirm a contractual modification, all business messages need to be stored securely. About Actiance Actiance® is a global leader in communication, collaboration, and social media governance for the enterprise. Its governance platform is used by millions of professionals across dozens of industries. With the power of communication, collaboration, and social media at their fingertips, Actiance helps professionals everywhere to engage with customers and colleagues so they can unleash social business. The Actiance platform gives organizations the ability to ensure compliance for all their communications channels. It provides real-time content monitoring, centralized policy management, contextual capture of content and smart archiving which improves the efficiency and cost-effectiveness of eDiscovery and helps protect users from malware and accidental or 9 Keys to FINRA-Blessed Use of Enterprise Social Software | 15
  • 16. malicious leakage of information. Actiance supports all leading social media, unified communications, collaboration, and IM platforms, including Facebook (FB), LinkedIn (LNKD), Twitter, Google (GOOG), Yahoo! (YHOO), Skype, IBM, (IBM), Jive (JIVE), Microsoft (MSFT), Cisco (CSCO), and Salesforce.com (CRM). Actiance is headquartered in Belmont, California. More information actiance.com sales@actiance.com Follow us facebook.com/Actiance linkedin.com/company/actiance-inc twitter.com/actiance youtube.com/actiance slideshare.com/actiance ©2013 Actiance, Inc. All rights reserved. Actiance, the Actiance logo, Socialite, and the Socialite logo are registered trademarks of Actiance, Inc. Vantage is a trademark of Actiance, Inc. All other trademarks are the property of their respective owners.