What ‘The Social Network’ Can Teach Advisors About Avoiding Enforcement Actions

Instant messaging and social media brought up concerns about being able to preserve communications, according to the paper. Rubin and Crenshaw noted that FINRA was the first regulator to show interest in instant messaging. In February 2007, the regulator fined four affiliated firms for failing to preserve communications, and in April fined a representative for inadequately supervising electronic communications.

However, the paper found regulators weren’t satisfied with storing electronic communications electronically. In July 2010, the SEC fined a broker-dealer and its chief compliance officer for keeping instant messages stored on a computer instead of in hard copy or disabling the program altogether.

“Regulatory guidance indicates that firms should preserve all business-related communications, including not just emails but also text messages and social media (as well as whatever channel or forum of communication is developed by the next generation of dropouts from Harvard College or Reed College),” the authors wrote. They stressed that even when firms have policies and procedures in place, they need to confirm that they can access communications easily. The authors refer to a scene in “The Social Network” between Zuckerberg and Eduardo Saverin, one of the co-founders or Facebook, played by Andrew Garfield. Saverin asks Zuckerberg who he’s going to share the website with. Zuckerberg replies, “Just a couple of people. The question is, who are they gonna send it to?”

Information online is easily shared, and advisors and broker-dealers can’t always control who sees what. With Regulation Fair Disclosure (Regulation FD), the SEC prohibited firms from disclosing material information to some groups without making it available to the marketplace. The SEC noted that in some cases, posting the information on the company’s website may be sufficient to meet the disclosure requirement.

In December 2012, the SEC considered action against Netflix after CEO Reed Hastings used Facebook to say viewers watched more than a billion hours of video in June. No action was ultimately taken because, as the authors wrote, Stanford Law School Professor and former SEC Commissioner Joseph Grundfest wrote that the posting reached a significant enough portion of the marketplace to meet Regulation FD. The SEC followed up in April with a report saying companies may use Facebook and Twitter to make disclosures to investors as long as investors have been previously informed of where that information will appear.

In “The Social Network,” Zuckerberg, played by Jesse Eisenberg (right), is brought before an administrative board meeting, accused of intentionally breaching security, among other misdeeds. He tells the board he deserves recognition instead of punishment because, as he tells the administrators, “I believe I pointed out some pretty gaping holes in your system.”

Passwords and encryption are common ways for firms to protect data, but, as the authors noted, they can frequently become an annoyance “when they have to be changed every month, and especially when so many different passwords are being used that it becomes difficult to remember them.” Firms have been fined for having inadequate passwords or session inactivity time-outs. In April 2010, a broker-dealer was fined after a hacker broke into its database, which was neither encrypted nor protected by a password. Failing to train employees can also lead to enforcement actions.