Actiance handbook FINRA

HANDBOOK

Interpreting FINRA Regulatory Notices 10-06 and 11-39and Using Social Media

www.actiance.com

Worldwide Headquarters 1301 Shoreway, Suite 275 Belmont, CA 94002 USA (650) 631-6300 phone [email protected]

EMEA Headquarters 400 Thames Valley Park Reading, Berkshire, RG6 1PT UK +44 (0) 118 963 7469 phone [email protected]

©2001-2011 Actiance, Inc. A-HB-001-FINRA-10-06-0311

FINRA 10-06 and 11-39 Handbook

This white paper is for informational purposes only. Actiance makes no warranties, express or implied, in this document.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or

introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express

written permission of Actiance, Inc. © 2001 - 2011 Actiance, Inc. All rights reserved. Actiance and the Actiance logo are registered trademarks of Actiance, Inc. Actiance Vantage,

Unified Security Gateway, Socialite, and Insight are trademarks of Actiance, Inc. All other trademarks are the property of their respective owners.

Table of Contents

Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Regulatory Notice 10-06 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Categories of Electronic Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Regulatory Notice 10-06 Provisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Regulatory Notice 11-39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Regulatory Notice 11-39 Provisions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Key Social Media Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Facebook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

LinkedIn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Twitter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Mapping Facebook Features to 10-06 and 11-39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Mapping LinkedIn Features to 10-06 and 11-39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Mapping Twitter Features to 10-06 and 11-39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Items FINRA Examiners Are On The Lookout For . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Recordkeeping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

About Actiance, Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13



©2001-2011 Actiance, Inc.

FINRA 10-06 and 11-39 Handbook 3

Executive Summary

The Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 10-06 in January 2010 to provide guidance to broker-dealers regarding the use of social media for advertising. As social media is relatively new in the financial services industry, firms are still feeling their way around, trying to better understand how they can use social media effectively. A task force convened early in 2011 to revisit 10-06, resulting in the issuance of Regulatory Notice 11-39 in August 2011 as a corollary to 10-06.

This handbook is intended as a primer on Regulatory Notices 10-06 and 11-39 and how each relates to social media sites like Facebook, LinkedIn, and Twitter. Additionally, the handbook details how the key features of the aforementioned sites map to 10-06 and 11-39, what the appropriate course of action should be, and what kinds of issues FINRA regulators are most interested in when conducting their audits.





Regulatory Notice 10-06

FINRA Regulatory Notice 10-06 is the key piece of guidance on the use of social media for advertising purposes. With the increasing popularity and use of social networking sites like Facebook, LinkedIn, and Twitter, the industry felt it was necessary to issue some guidance specific to social media. With the availability of such guidelines, broker-dealers and registered representatives (RRs) now have more clarity into the permissible uses of social media and the associated supervisory and recordkeeping requirements.

Definitions

Public Appearance

A “public appearance” is defined as participation in a seminar, forum (including an interactive electronic forum), radio or television interview, or other public appearance or public speaking activity.

Advertisement

Any material, other than an independently prepared reprint and institutional sales material, that is published, or used in any electronic or other public media, including any Web site, newspaper, magazine or other periodical, radio, television, telephone or tape recording, videotape display, signs or billboards, motion pictures, or telephone directories (other than routine listings).

Correspondence

“Correspondence” consists of any written letter or electronic mail message and any market letter distributed by a member to (1) one or more of its existing retail customers; and (2) fewer than 25 prospective retail customers within any 30-day period. Correspondence need not be approved by a registered principal prior to use, unless such correspondence is distributed to 25 or more existing retail customers within any 30-day period and makes any financial or investment recommendation or otherwise promotes a product or service of the member.

Sales Literature

Any written or electronic communication, other than an advertisement, independently prepared reprint, institutional sales material and correspondence, that is generally distributed or made generally available to customers or the public, including circulars, research reports, performance reports or summaries, form letters, telemarketing scripts, seminar texts, reprints (that are not independently prepared reprints) or excerpts of any other advertisement, sales literature or published article, and press releases concerning a member’s products or services.

Categories of Electronic Communications

Static Content

Static content is generally accessible to all visitors and usually remains posted until it is removed by the firm or individual who established the account. Examples of static content include profile, background, or wall information. A registered principal of the firm must approve all static content, including Sales Literature and Advertisements, on a page before it is posted or before the page is edited.





Interactive Electronic Forum

Interactive content (e.g., Correspondence up to 25 customers and Public Appearances) is considered non-static, real-time communications and does not require approval by a registered principal prior to use. However, firms still must supervise these communications. Examples of interactive content include posts on Facebook and Twitter and status updates on LinkedIn.

Regulatory Notice 10-06 Provisions

•Publicly available websites, banner advertisements, and bulletin boards are considered advertisements. Static (non-interactive) content on social media sites and blogs are also deemed to be “advertisements.”

•Anemailorinstantmessagesentto25ormoreprospectiveretailcustomersisconsidered“salesliterature.”

•Anemailorinstantmessageisconsidered“correspondence”ifitissentto(1)asinglecustomer(prospectiveorexisting); and (2) less than 25 prospective retail customers within a 30-day period.

•Password-protectedwebsitesareconsidered“salesliterature.”

•Real-timeinteractiveornon-staticelectronicforums,includingextemporaneouschatroom,socialnetworking,andblog comments are considered “public appearances.”





Regulatory Notice 11-39

In this notice, FINRA provides further guidance for firms on applying rules governing communications with the public when using social media. In short, firms are reminded that existing rules for recordkeeping, suitability, supervision and content requirements all apply to social media. Additionally, FINRA clarified the following points:

•Thecontentofthecommunicationisdeterminative,notthecommunicationchannel.

•Afirmissubjecttothe“adoption”and“entanglement”theoriesregardingthird-partyposts.

•Businesscommunicationsoverpersonaldevicesmustberetained,retrievableandsupervised.

Regulatory Notice 11-39 Provisions

Recordkeeping

Under Securities Exchange Act Rule 17a-4, firms must retain retrievable records of business-related communications made through social media, regardless of the type of device or technology, or whether they were made by firm-issued or personal devices. In order to retain all business-related communications, firms may not use communications devices that automatically delete information. FINRA also states that firms must develop policies and train associated persons on the differences between business and non-business communications. As further clarification to 10-06, both static and interactivecontentaresubjecttorecordkeepingrules.

Supervision

Under NASD Rule 3010, firms must supervise registered persons. To this end, a registered principal must review a social media site in the form that it will be launched. Reiterating 10-06, unscripted participation in an electronic form is considered a “public appearance” and, therefore, does not require prior approval by a registered principal of the firm. However, it must be supervised to ensure that communications do not violate FINRA or SEC rules, including the content requirements of NASD Rule 2210. However, should interactive content become static, it is considered an ‘’advertisement” and, as such, requires pre-approval by a registered principal of the firm.

Third Party Posts, Links, and Sites

An associated person may respond to communications on a social media site as long as the response does not violate a firm’s policies. Firms may not establish third-party links to any site that is known to have false or misleading content. A firm is responsible under NASD Rule 2210 for the content on a third-party site if the firm has either become “entangled” in the development of the content or “adopted” the content through implicit or explicit endorsement.

Data Feeds

Firms are responsible for third-party data feeds and must review them for accuracy and correct any erroneous data.





Key Social Media Sites

Facebook

Facebook is the largest social network in the world with over 800 million members. It enables members to create profiles,uploadphotos,joingroups,andsetup“fan”pagestobetterinteractwithcustomers,prospects,andfans.Itaims to make the world “more open and connected.”

LinkedIn

LinkedIn is a social networking site focused on business professionals. It numbers over 120 million members with representation in over 200 countries. Members use the site to exchange information, ideas, and opportunities. They buildupanetworkof“connections”byjoininggroupsandinvitingotherstojointheirnetwork.

Twitter

Twitter is a social media site that offers a microblogging service (140 characters or less). It’s been nicknamed the “SMS of the Internet” and is essentially a real-time information network that connects you to the latest information on topics of interest to you. You can choose to “follow” or be followed by others. Additionally, your messages can be private, and you retain control over who follows you.





Mapping Facebook Features to 10-06 and 11-39

Feature FINRA Definition FINRA Category Recommendation Relevant Controls

Basic information Advertisement Static Pre-approve Archive, Post-review, Block/allow

Profile picture Advertisement Static Pre-approve Archive, Post-review, Block/allow

Update status (Wall & News Feed)

Public Appearance Interactive Supervise Archive, Post-review, Moderate*

Upload photo (Wall & News Feed)

Public Appearance Interactive Supervise Archive, Post-review

Attach link (Wall & News Feed) Public Appearance Interactive Supervise Archive, Post-review

Upload video (Wall & News Feed)


Write a comment Public Appearance Interactive Supervise Archive, Post-review, Moderate*

Chat Correspondence Interactive Supervise Archive, Post-review

Compose message Correspondence Interactive Supervise Archive, Post-review

Post new topic to group Public Appearance Interactive Supervise Archive, Post-review

Create group Public Appearance Interactive Supervise Archive, Post-review

Chat with group Public Appearance Interactive Supervise Archive, Post-review

Post reply to group topic Public Appearance Interactive Supervise Archive, Post-review

Join a group Public Appearance Interactive Supervise Archive, Post-review

Like (can be considered an endorsement)

Advertisement or Public Appearance Static or Interactive Block or Supervise Archive, Post-review,

Block/allow

*Note: ”Moderate” in this context means “pre-review”





Mapping LinkedIn Features to 10-06 and 11-39

Feature FINRA Definition FINRA Category Recommendation Relevant Controls

Basic information Advertisement Static Pre-approve Archive, Post-review, Block/allow

Profile picture Advertisement Static Pre-approve Archive, Post-review, Block/allow

Share network update Public Appearance Interactive Supervise Archive, Post-review, Moderate*

Comment to network update Public Appearance Interactive Supervise Archive, Post-review

Compose message Correspondence Interactive Supervise Archive, Post-review

Write recommendation Advertisement Static Block Archive, Post-review, Block/allow

Join group Public Appearance Interactive Supervise N/A

Create a group Public Appearance Interactive Supervise N/A

Start a discussion Public Appearance Interactive Supervise Archive, Post-review

Like a group discussion comment


Block/allow

Post a comment to group discussion


Ask a question Public Appearance Interactive Supervise Archive, Post-review

Answer a question Public Appearance Interactive Supervise Archive, Post-review






Mapping Twitter Features to 10-06 and 11-39

Feature FINRA Definition FINRA Category Recommendation Relevant ControlsBasic information Advertisement Static Pre-approve Archive, Post-review

Profile picture Advertisement Static Pre-approve Archive, Post-review

Tweet Public Appearance Interactive Supervise Archive, Post-review, Moderate*

Retweet (can be considered an endorsement)


Block/allow

Reply Public Appearance Interactive Supervise Archive, Post-review

Favorite Advertisement or Public Appearance Static or Interactive Block or Supervise Archive, Post-review,

Block/allow

Follow N/A Interactive Supervise N/A

Send a message Correspondence Interactive Supervise Archive, Post-review

Create a list Advertisement or Public Appearance Static or Interactive Block or Supervise Archive, Post-review,

Block/allow






Items FINRA Examiners Are On The Lookout For

Policies

FINRA examiners typically are interested in what kinds of policies financial services firms have adopted to address social media. Among some of the specific policies regulators are keen to gather information includes the following:

•General use of social media within the firm•Anycommunicationspostedtosocialmediasites•Anyprospectivecommunicationspostedtosocialmediasites•Anyongoingmonitoringorreviewprocessesrelatedtocommunicationspostedtosocialmediasites• Third-partycommunicationspostedtoasocialmediasite•Approvalprocessesforprospectivecommunicationspostedbythirdparties•Anyongoingmonitoringorreviewprocessesforcommunicationspostedbythirdparties•Useofsocialmediafornon-businesspurposes• Trainingandeducationofpersonnelonsocialmediausage,whetherforpersonalorbusinesspurposes•Disciplinaryactionforsocialmediause•Recordretentionofsocialmedia,whetherforpersonalorbusiness purposes

Procedures

Regulators are also interested in learning about the procedures firms have in place to ensure that the latter remain in compliance with FINRA guidelines. Generally speaking, procedures usually mirror the policies themselves, i.e., firms will develop procedures to be consistent with the policies they’ve established (see preceding section). Thus, regulators are interested in viewing documentation pertaining to procedures for the following:

•Generaluseofsocialmediawithin the firm•Anycommunicationspostedtosocialmediasites•Anyprospectivecommunicationspostedtosocialmediasites•Anyongoingmonitoringorreviewprocessesrelatedtocommunicationspostedtosocialmediasites• Third-partycommunicationspostedtoasocialmediasite•Approvalprocessesforprospectivecommunicationspostedbythirdparties•Anyongoingmonitoringorreviewprocessesforcommunicationspostedbythirdparties•Useofsocialmediafornon-businesspurposes• Trainingandeducationofpersonnelonsocialmediausage,whetherforpersonalorbusinesspurposes•Disciplinaryactionforsocialmediause•Recordretentionofsocialmedia,whetherforpersonalzorbusinesspurposes





Recordkeeping

Regulators also are keen to remind members that firms which communicate through social media sites must still adhere to recordkeeping rules.

“Each member shall make and preserve books, accounts, records, memoranda, and correspondence in conformity with all applicable laws, rules, regulations and statements of policy promulgated thereunder and with the Rules of this Association and as prescribed by SEC Rule 17a-3. The record keeping format, medium, and retention period shall comply with Rule 17a-4 under the Securities Exchange Act of 1934.”

Compliance considerations

•Social networking sites, such as Facebook, offer no native archiving functionality,making it difficult to complywith Regulatory Notice 07-59 that spells out the requirements for review “by a supervisor of employees’ incoming, outgoing and internal electronic communications.”

•Native archiving functionality offered by unified communications and other real-time communications tools israrely able to provide a granular breakdown of conversations by persons (including buddynames), key phrases, and timeframes, which are essential for compliance and eDiscovery requirements.

• Thisisfurthercomplicatedbytheslewofmodalitiesusedinconversations–fromIMtoBlackBerry.

Compliance recommendations

Enterprises should deploy a central archiving system that enables easy review of posted messages and detailed analysis of electronic conversations, including file downloads both internally and externally, complete with an audit trail of the auditorreviewingtheinformation.Inaddition,theinformationshouldincludewhojoinedaconversation,whentheyjoined,whentheyleft,anydisclaimersshown(atthebeginningofanIMconversation,forinstance),andcalldetailrecords (CDRs) for voice calls, group meeting sessions, etc.





About Actiance, Inc.

Actiance enables the safe and productive use of unified communications, collaboration, and Web 2.0, including blogs and social networking sites. Formerly FaceTime Communications, Actiance’s award-winning platforms are used by 9 of the top 10 US banks and more than 1,600 organizations globally for the security, management, and compliance of unified communications, Web 2.0, and social media channels. Actiance supports all leading social networks, unified communications providers, and IM platforms, including Facebook, LinkedIn, Twitter, AOL, Google, Yahoo!, Skype, Microsoft, Jive, IBM, and Cisco.