If there are any financial services firms that have not yet promulgated workplace rules on the use of social networking sites and other electronic communications, a Regulatory Notice (10-06) recently issued by the Financial Industry Regulatory Authority (FINRA) provides another good reason to do so. FINRA's latest Q & A Guide cautions that every firm must develop policies and procedures "designed to ensure that the firm and its personnel are complying with all applicable regulatory requirements when using social networking sites."

Facebook, LinkedIn, Twitter and other social media sites hold both promise and peril for financial services companies. The marketing and communications benefits of such platforms are potentially enormous, but, as employers are discovering, online communications pose significant legal risks. Disputes arising from the use of such media at the workplace have begun to fill court dockets. Indeed, this term, the U.S. Supreme Court will decide whether an employer has the right to access an employee's text messages that were sent and received via employer-issued equipment.

For the financial sector, regulatory constraints make the already tricky task of developing effective, lawful policies on workplace use of social networking sites and the like all the more difficult. As FINRA's new guidelines state, online communications generally are subject to the same rules as in-person or written communications, and may constitute "correspondence" (e.g., email), a "public appearance" (e.g., LinkedIn or Facebook), an "advertisement" (e.g., Twitter) or "sales literature" (e.g., Facebook discussions).

Among other suggestions, FINRA offers the following guidance:

Recordkeeping Responsibilities

  • Firms are required to retain records of communications made through social media sites where those communications relate to their "business as such."

Suitability Responsibilities

  • Recommendations of a particular security (e.g., stock) through a social media site are subject to NASD Rule 2310's requirement that a broker-dealer determine that a recommendation is suitable for every investor to whom it is made.
  • FINRA advises firms to prohibit all interactive electronic communications that recommend a specific investment product, unless a registered principal has previously approved the content.

Interactive vs. Static Electronic Forums

  • Remarks made by personnel via interactive electronic forums, such as chat rooms, blogs used for real-time interactive communications and the interactive portions of social networking sites, do not require the prior approval of a registered principal.
  • Static content, such as blog postings and certain portions of social networking sites content (e.g., profile, background and wall information), are considered "advertisements," and do require prior principal approval.

FINRA's Recommendations for Supervising Social Media Sites

  • Prohibit participation in business communications via a social media site that is not subject to the firm's supervision.
  • Require "appropriate training" on the firm's policies and procedures.
  • Restrict the use of social media sites by any person who has presented compliance risks in the past, particularly those concerning sales practices.
  • Monitor the use of such sites and impose discipline for policy violations.

Third-Party Posts

  • As a general matter, posts by customers or other third parties are not considered to be the firm's communications, but they may become attributable to the firm where it has involvement in preparing the post or approving its content.
  • FINRA's advice: Establish appropriate usage guidelines for customers and other third parties; screen and monitor third-party content; and include a disclaimer. 

When It Comes to Social Networking Sites, Regulatory Compliance Is Only Half the Story

As FINRA's latest guidance underscores, the financial sector faces many complex digital age compliance issues and firms must ensure that they promulgate and enforce appropriate policies. In addition, securities firms need electronic communications policies in place which address the rights and obligations of the firm vis-à-vis their employees. As with regulatory compliance, however, this is no easy task.

For example, the issue in the Supreme Court case noted above centers on whether employees have privacy rights in their text messages, emails and the like. Although the case before the Court involves a public employer, its ruling may have significance for private employers, especially in light of a number of recent lower court decisions which suggest that private workers may have legally-enforceable privacy rights in their electronic communications, even those sent and received over employer-owned or issued equipment, and even where the employee has been formally notified of the company's monitoring practices.

Thus, considering their heavy reliance on electronic communications, financial firms need to ensure to the extent possible that their electronic communications policies and practices will withstand a legal challenge from employees as well as regulators.

*          *         *
For more information about this Advisory, please contact: 
William J. Milani or Frances M. Greenin New York;
or Carmine A. Iannaccone in Newark.


Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.