Tweet This
At a recent event, Al Raymond, SVP, Head of U.S. Privacy & Social Media Compliance, TD Bank asked Amy Sochard, Senior Director, Advertising Regulation, Financial Industry Regulatory Authority (FINRA), how financial services firms could use social media and stay compliant with industry rules and regulations. This is an edited version of that conversation.
Raymond: What guidance has FINRA given the financial services industry on social media?
Sochard: Back in 2010, we provided our first guidance (Regulatory Notice 10-06) to empower compliance to provide safeguards and controls when using social media. We used a Q&A format in an effort to demystify it a bit. That was followed in 2011 with further guidance (Regulatory Notice 11-39). In 2013 we modified our Communications rules to blend in some of the guidance (Regulatory Notice 13-03) into the actual process.
Raymond: What are your thoughts on social media governance?
Sochard: It's been fascinating to see the growth of social media. I'm seeing firms taking an integrated approach. Social media is a way to do business. It’s just another form of communications, such as the web was 15 years ago, and TV and radio were 20, 30 years ago.
Raymond: There are a couple of schools of thought when talking about compliance for social media. Some say, this is a new world and we've got to think about it differently. Others say, it's just a different medium, and the same rules apply. How do you see it?
Sochard: I'm more in the “it's a new medium, but the same rules apply” school of thought. Recordkeeping is essential. Supervision is essential. Those are the things that our examiners are going to look at when they come into the firms. Through FINRA’s spot-check program, we are asking firms to produce samples of their social media communications. Those conversations need to be archived and be retrievable in a timely manner. Firms are not going to get a free pass on social media.
Raymond: What are FINRA examiners looking for when it comes to social media communications?
Sochard: First and foremost, examiners will ask to see your procedures. Do you have processes in place to supervise external and internal communications? Are customer complaints being captured, whether it’s on Facebook or Twitter or wherever?
Examiners will also want to understand the firm's record retention system. They will ask to see a communication from start to finish. Starting from the time the rep tweets, through compliance review, all the way through where it's archived. That's going to be key.
And lastly, the educational component is important. The number one thing I've said to people in the last five years is make sure you're educating everybody on the difference between personal and business. That will impact your recordkeeping requirements. Examiners will ask: How do you make decisions on who is allowed to use social media? How do you select the folks who are likely to comply with your polices? What are your plans for maintaining the education program over time? Do you have refresher courses? Do you test whether people understand what's going on?
Raymond: In spite of the guidance from FINRA, are firms still afraid to use social media within financial services?
Sochard: You don't want to undertake it lightly. There are some real things that people need to be afraid of in social media. For example, in financial services, you could have a registered representative selling one of your products over social media -- that's a significant problem. Or there are other possible issues, such as cyberattacks and reputational risks. Some fears may be justifiable.
Raymond: What’s the biggest of social media risk today?
Sochard: Although I'm not an expert in cyber and criminal activity, the aspect of people hacking accounts, appropriating brands and such seems like the biggest risk. That’s an area that requires specific expertise.
Raymond: Any advice for firms to stay on the right side of regulators pertaining to social media and other electronic communications?
Sochard: If you put procedures in place, have a recordkeeping solution, sufficient resources to monitor the social postings, and have done your educational training , you should feel covered on the communications with the public aspect of social media.
