If you work in the securities industry, you’re used to navigating through the vast, interconnected web of laws, rules, and regulations governing your day-to-day communications. You understand the requirements limiting advertising, requiring record retention, and governing client communications. When it comes to hard-copy documents and structured data like emails, you’re in full compliance.
But are you doing an equally good job retaining online and social media data?
Without a doubt, financial firms have been generally slow to adopt social media or to establish active social media presences. This lag likely stems from the combination of high risk, due to the intense regulation of the financial industry, and low perceived reward, as firms haven’t understood the benefits of engaging customers and building trust over social media. Recently, though, there’s been an uptick in financial firms’ use of social media; chances are that by now, at least a portion of your client communications, marketing, and advertising are occurring online.
As FINRA, the Financial Industry Regulatory Authority, explains, while social media may be a new channel for communication, “FINRA’s rules on communicating with the public are still applicable.” Records of online communications are subject to the same restrictions and guidelines as print advertisements or more traditional communications and must be retained for the same time periods. For those firms storing records electronically pursuant to SEC 17a-4(f), we recommend an across-the-board seven-year retention plan.
That means that if you haven’t given serious thought to how you’re collecting website evidence—including social media feeds—to capture all of the dynamic, interactive customer communications and public statements that occur there, you’re missing out on compliance. Fortunately, FINRA has recognized that its previous guidance was outdated and has been working to clarify firms’ obligations through new regulatory notices and suggested best practices.
We’ve got a three-part series lined up, explaining how FINRA’s new regulations necessitate the development of a robust, future-proof web capture protocol—and how Hanzo can help. First up, we’ll be introducing FINRA Regulatory Notice 17-18, Social Media and Digital Communications, and explaining its treatment of interactive web content. Our second post, Part 2, will dive deeper into Regulatory Notice 17-18, discussing some of its specific guidance and demonstrating how dynamic web capture can facilitate compliance. Finally, in post three, we’ll move on to the more recent Regulatory Notice 18-15, Heightened Supervision, and discuss how online content—particularly social media content—can help firms both identify and supervise individuals with concerning histories.
Regulatory Notice 17-18
In April 2017, FINRA released Regulatory Notice 17-18, Social Media and Digital Communications. Prior to this update, most online communications were treated identically to standard paper or email records. Over time, though, the complications and nuances of social media communication, with its limitless potential for real-time customer conversations, overwhelmed that analogous approach. FINRA responded to industry questions by creating new guidance for these “emerging technologies and communications innovations.”
Regulatory Notice 17-18, like all FINRA regulations, is designed to ensure that financial industry communications are fair, balanced, complete, and free from any false or misleading claims. As with other communications, online and social media content is subject to mandated disclosures, guarantees of truthfulness, and supervision and monitoring of business-related online content. Regulatory Notice 17-18 also requires that firms and registered representatives retain full records of their communications about anything that qualifies as “business as such.” These requirements allow no exceptions for the type of device or communication channel that a communication is sent from. Rather, the guidance is unwavering in its demand that “Firms must comply with FINRA’s communication rule notwithstanding the medium.”
Static Versus Interactive Online Content
Regulatory Notice 17-18 distinguishes between “static” content and “interactive” content, which includes most social media content. Static content, unsurprisingly, is content that doesn’t change frequently and that doesn’t obviously suggest an ongoing conversation. Profile and background information is static content: it’s created once, through an approval process, and then only updated intermittently.
Interactive content, on the other hand, includes Facebook, Twitter, and LinkedIn posts where there is at least the possibility that a real-time dialogue will begin with third parties. Even those “dud” posts that never blossom into actual conversations are considered interactive, as the potential for back-and-forth communication is there. Interactive content doesn’t require advance approval by a principal, but like all communications, it must be supervised. Personnel who are allowed to post social media content for the firm must be trained, monitored, and course-corrected where necessary, and all of these actions must be documented. Despite the casual feel of social media, firms must still use the utmost caution to avoid misleading investors through incomplete or incorrect information.
FINRA requires that firms use up-to-date technology to capture this interactive web content, including information from any social media, instant messaging apps, or other collaboration and sharing platforms that are used for business-related communications.
Personal Versus Business Accounts
Regulatory Notice 17-18 also clarifies that the rules about advertising do not apply to the personal accounts of associated persons so long as they don’t discuss “business as such.” In other words, advisors can mention firm-related non-business occurrences, such as charity events or personal interest stories, on their personal sites without running afoul of FINRA. As with everything, employee education is key! Should employees cross the line into providing information about the firm’s “products or services” on their nonregulated personal accounts, the firm then needs to retain those posts as business-related communications.
Hanzo Can Help
While the broad strokes of Regulatory Notice 17-18 are fairly clear, the tools that firms must employ to ensure compliance are less well known. In Part 2, we’ll discuss some of the specific guidance the notice provides and explain how comprehensive website archival using dynamic, native-format web capture addresses those requirements in a way that image-capture or PDF preservation methods cannot.
It’s surprisingly simple, really, for a regulatory conundrum: the web content that Regulatory Notice 17-18 encompasses is primarily interactive, not static. Your record retention methods, then, including your website capture methodology, should be every bit as interactive. After all, a static picture can’t accurately reflect all of the content displayed in a video. Nor can screenshots, API captures, or PDF preservation methods adequately preserve your interactive web content such as social media.
Join us next time as we go into the details—and when you’re ready to capture confidence, give us a call.