In a Regulatory Notice released earlier today, the Financial Industry Regulatory Authority (FINRA) opined that brokerage firms and their registered representatives must retain records of all communications related to the broker-dealer’s business that are made through public blogs and social media sites, such as Facebook, LinkedIn, and Twitter.
“Every firm that intends to communicate, or permit its associated persons to communicate, through social media sites must first ensure that it can retain records of those communications as required by Rules 17a-3 and 17a-4 under the Securities Exchange Act of 1934 and NASD Rule 3110. SEC and FINRA rules require that for record retention purposes, the content of the communication is determinative and a broker-dealer must retain those electronic communications that relate to its “business as such.”
Brokerage firms will now be required to archive and make discoverable business-specific content produced by their employees. They will also have to establish and maintain procedures that ensure a supervisor has either approved an interactive electronic communication before it is posted, or that a “risk-based” method of post-communication review exists and is exercised.
“While prior principal approval is not required under Rule 2210 for interactive electronic forums, firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.
Firms may adopt supervisory procedures similar to those outlined for electronic correspondence in Regulatory Notice 07-59 (FINRA Guidance Regarding Review and Supervision of Electronic Communications). As set forth in that Notice, firms may employ risk-based principles to determine the extent to which the review of incoming, outgoing and internal electronic communications is necessary for the proper supervision of their business. “
In addition, FINRA’s guidance states that all organizations under its purview must establish and communicate social media usage guidelines for their employees, and that those individuals must also receive employer-provided training on those guidelines.
“Firms must adopt policies and procedures reasonably designed to ensure that their associated persons who participate in social media sites for business purposes are appropriately supervised, have the necessary training and background to engage in such activities, and do not present undue risks to investors. Firms must have a general policy prohibiting any associated person from engaging in business communications in a social media site that is not subject to the firm’s supervision. Firms also must require that only those associated persons who have received appropriate training on the firm’s policies and procedures regarding interactive electronic communications may engage in such communications.”
FINRA’s guidance marks the beginning of a new era for financial services companies and their use of external social media. However, the Financial Services sector is not the only one that will be subject to regulation of communications made via blogs and other types of social software. An IBM Senior Product Manager related last week at Lotusphere that IBM customers in the Healthcare and Utilities industries were also beginning to ask about the management of user-generated and social content.
If your organization is currently required to comply with regulations pertaining to the use of email and instant messaging for business communication, expect to see similar requirements placed on your management of external blog and social media site posts in the near future. At some point, it is likely that these regulations will also be applied to internal communications conducted via enterprise social software.