If there are any financial services firms that have not yet promulgated workplace rules on the use of social networking sites and other electronic communications, a Regulatory Notice (10-06) recently issued by the Financial Industry Regulatory Authority (FINRA) provides another good reason to do so. FINRA's latest Q & A Guide cautions that every firm must develop policies and procedures "designed to ensure that the firm and its personnel are complying with all applicable regulatory requirements when using social networking sites."
Facebook, LinkedIn, Twitter and other social media sites hold both promise and peril for financial services companies. The marketing and communications benefits of such platforms are potentially enormous, but, as employers are discovering, online communications pose significant legal risks. Disputes arising from the use of such media at the workplace have begun to fill court dockets. Indeed, this term, the U.S. Supreme Court will decide whether an employer has the right to access an employee's text messages that were sent and received via employer-issued equipment.
For the financial sector, regulatory constraints make the already tricky task of developing effective, lawful policies on workplace use of social networking sites and the like all the more difficult. As FINRA's new guidelines state, online communications generally are subject to the same rules as in-person or written communications, and may constitute "correspondence" (e.g., email), a "public appearance" (e.g., LinkedIn or Facebook), an "advertisement" (e.g., Twitter) or "sales literature" (e.g., Facebook discussions).
Among other suggestions, FINRA offers the following guidance:
Recordkeeping Responsibilities
-
Firms are required to retain records of communications made through social media sites where those communications relate to their "business as such."
Suitability Responsibilities
-
Recommendations of a particular security (e.g., stock) through a social media site are subject to NASD Rule 2310's requirement that a broker-dealer determine that a recommendation is suitable for every investor to whom it is made.
-
FINRA advises firms to prohibit all interactive electronic communications that recommend a specific investment product, unless a registered principal has previously approved the content.
Interactive vs. Static Electronic Forums
-
Remarks made by personnel via interactive electronic forums, such as chat rooms, blogs used for real-time interactive communications and the interactive portions of social networking sites, do not require the prior approval of a registered principal.
-
Static content, such as blog postings and certain portions of social networking sites content (e.g., profile, background and wall information), are considered "advertisements," and do require prior principal approval.
FINRA's Recommendations for Supervising Social Media Sites
-
Prohibit participation in business communications via a social media site that is not subject to the firm's supervision.
-
Require "appropriate training" on the firm's policies and procedures.
-
Restrict the use of social media sites by any person who has presented compliance risks in the past, particularly those concerning sales practices.
-
Monitor the use of such sites and impose discipline for policy violations.
Third-Party Posts
-
As a general matter, posts by customers or other third parties are not considered to be the firm's communications, but they may become attributable to the firm where it has involvement in preparing the post or approving its content.
-
FINRA's advice: Establish appropriate usage guidelines for customers and other third parties; screen and monitor third-party content; and include a disclaimer.
When It Comes to Social Networking Sites, Regulatory Compliance Is Only Half the Story
As FINRA's latest guidance underscores, the financial sector faces many complex digital age compliance issues and firms must ensure that they promulgate and enforce appropriate policies. In addition, securities firms need electronic communications policies in place which address the rights and obligations of the firm vis-à-vis their employees. As with regulatory compliance, however, this is no easy task.
For example, the issue in the Supreme Court case noted above centers on whether employees have privacy rights in their text messages, emails and the like. Although the case before the Court involves a public employer, its ruling may have significance for private employers, especially in light of a number of recent lower court decisions which suggest that private workers may have legally-enforceable privacy rights in their electronic communications, even those sent and received over employer-owned or issued equipment, and even where the employee has been formally notified of the company's monitoring practices.
Thus, considering their heavy reliance on electronic communications, financial firms need to ensure to the extent possible that their electronic communications policies and practices will withstand a legal challenge from employees as well as regulators.
William J. Milani or Frances M. Greenin New York;