IA BRIEF: The state of adviser social media compliance in the U.S.

August 10, 2015

In the past year compliance professionals have been preoccupied with preventing cybercrime, and rightfully so, with recent high-profile cyber attacks and increased regulatory attention. However, the compliance implications of social media in the financial services sector remain an evolving trend as well, with high importance. A recent investment adviser survey offers a glimpse at the state of the current adviser programs while exposing new risks.

The survey , currently in its 10th year, was conducted by the U.S. Investment Adviser Association, ACA Compliance Group and OMAM. The highest percentage of firms surveyed were established firms with 6-25 years in the business and having assets under management ranging between $1-10 billion.

The survey identified that social media use is on the rise, It highlights specific social media sites that advisers are using and adviser testing practices, and it identifies a risk element to keep an eye on: social media-hosted email accounts.

Regulatory guidance

Advisers may be surprised to hear this, but the Securities and Exchange Commission has not written any new rules to govern social media, merely applying existing rules to this new and evolving technology. The current advertising and recordkeeping adviser compliance requirements can be the best basis for an adviser’s policies and procedures when it comes to social media use.

A January 2012 SEC release gave adviser chief compliance officers a renewed focus on social media. Advisers were in a rut without official guidance from the SEC and had to rely only on guidance obtained from conferences and regulatory notices 11-39 and 10-06 from FINRA, the regulator to broker-dealers.

Practices, and recommendations

  • Almost nine in 10 firms (89 percent) have adopted formal written policies and procedures to govern the use of social media by employees – up from 83 percent in 2013, the survey found. The 89 percent breaks down to nearly 34 percent having a written, stand-alone policy with the additional participants including social media in other written policies and procedures.

    The most recent SEC alert stated that compliance program approaches to social media, but in many cases firms rely on multiple overlapping procedures to cover social media use. The SEC believes these overlapping procedures (advertisements, client communications or electronic communications) may create confusion as to which standards and procedures apply to the use of social media.

    The SEC suggests that each adviser should consider establishing clear guidelines for the appropriate use of social media, standards for content and effective procedures for monitoring the social media sites used by the firm, its representatives or solicitors. These three factors could be considered the foundation of a social media policy.

  • Seven in 10 test compliance with the firm’s social media policy – compared to 63 percent in 2013. Nearly 31 percent of advisers test social media compliance annually and fewer than 13 percent surveyed test on a quarterly basis. However, a relatively high population (29.62 percent) of advisers do not test for social media compliance.
  • A majority of firms (62.71 percent) permit the use of personal email accounts on company-issued computers and devices.
  • The survey questioned whether firms permit employees to use social media-hosted email accounts for business use, such as LinkedIn email- a risk not necessarily identified in the past. The majority (73 percent) did not allow the use.

    The topic of social-media hosted email adds a review and attestation dimension that may have not been identified in the past. In addition, many social media outlets have messaging tools that may fall into the category of social media email.

  • A high number of advisers (83 percent) do not review and retain employee emails from personal or social media-hosted accounts on company issued computers.

    The high percentage indicates that firms are relying heavily on attestations and not reviewing personal accounts to ensure that they are in fact personal. A firm may require associated individuals to complete an annual or quarterly attestation that outlines the social media policies and procedures. It may be prudent to outline specifically what is prohibited and what is allowed; many firms have opted to use a list format.

  • Nearly half (47 percent) prohibit the use of personal social networking websites for business purposes – down slightly from 49 percent in 2013.
  • LinkedIn continues to top the list for business social media use. Nearly half allow LinkedIn for the employee and 28.91 percent allow for firm use. Next is Twitter, Facebook, YouTube and blogs.

    Advisers must take into consideration certain risks unique to each form of social media when reviewing and creating policies and procedures. For example, the “recommendations” feature that allows users to post recommendations and endorsements on the public profile page of other users on LinkedIn could be a regulatory risk. LinkedIn also contains a “request recommendations” feature that allows users to solicit recommendations for posting on their public profile page.

  • Nearly 36 percent of firms allow the use of cloud-based file sharing programs (i.e. Dropbox, Box.com). The firms that use it are fairly split on having it self-managed by the employee and the corporate IT department. However, a relatively high 25 percent lack a policy regarding these programs or don’t know if they have a policy covering these systems.

    A finding of this nature stresses the point that advisers must be aware of all the different social media sites and cloud-based tools available to them and address the use or non-use. This is especially important for small to midsize advisory representatives as they may be looking for inexpensive tools to make their jobs easier, often turning to the cloud.

(This article was produced by Thomson Reuters Regulatory Intelligence. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @RiskMgment)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/