Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Practice Management > Marketing and Communications > Social Media

Compliance clash: FINRA rules and state laws at odds over social media

By Susan T. Stead, Benjamin C. Chynsky

X
Your article was successfully shared with the contacts you provided.

Broker-dealers are actively engaged in using Twitter, Facebook and YouTube. As social media has evolved to include corporate communications, a variety of compliance issues have developed. One such conflict is between the Financial Industry Regulatory Authority’s (FINRA) supervision rules and recently enacted state laws that limit an employer’s ability to gain access to an employee’s personal social media account.

Over the last three years, FINRA has issued two regulatory notices that provide guidance on the application of its rules to social media communications. FINRA requires broker-dealers to supervise social media communications and to retain records. At the same time, new laws in 11 states prohibit employers from seeking access to personal social media accounts of employees.

By limiting access, these social media privacy laws may hinder compliance with FINRA’s supervision requirements. Consequently, broker-dealers will face tough decisions, as complying with FINRA’s supervision rules could put them in violation of state laws, some of which have criminal penalties.

FINRA wants access

FINRA requires that firms adopt policies and procedures to ensure that associated persons who use social media for business purposes are appropriately supervised. Firms must be able to retain, retrieve and supervise business communications, even when associated persons use their own personal computer or other device. Static content must be approved before it is posted, and all interactive electronic communications, which are made in real time, must be supervised.

FINRA recently announced new measures to ensure compliance with these communication rules. This past summer, FINRA issued a targeted examination letter announcing spot checks of written and electronic communications. Firms will be required to explain 1) how they use social media; 2) the firm’s written supervisory procedures for social media communications; and 3) the measures the firm has adopted to monitor compliance. FINRA noted that it makes sense to incorporate social media reviews into routine surveillance.

In addition to the targeted examination letter, FINRA has shown a willingness to enforce its rules with respect to social media communications. FINRA recently suspended and fined a registered representative for violations involving equity-indexed annuities (EIA). FINRA found that the registered representative published videos on YouTube that did not comply with its rules. The registered representative failed, among other things, to communicate the risks and limitations of EIAs and included incomplete comparisons to other annuities.

See: FINRA finds violations in broker’s YouTube video

State laws differ

While broker-dealers are adapting supervision methods to include social media, some states are making it impossible to do so. New laws in several states restrict an employer’s ability to obtain access to current employees’ personal social media accounts. Under these laws, employers may not request or require employees to provide passwords, user names, login information or ask to look at an employee’s personal social media account. As of September, there are 11 states that have enacted such laws on social media and many others have proposed legislation.

Several of these laws make it impossible for broker-dealers to comply with supervision rules if associated persons use their own social media accounts for business. How can firms “retain, retrieve and supervise” communications if they have no access to such communications and are forbidden from asking for access?

The conflict between protecting employees’ privacy under these new laws and the duty to supervise communications may not be easily reconciled in some states. Fortunately, a few of the laws contain exceptions for complying with government regulations.

See also: How to manage privacy and information security risk

The law in Arkansas is designed to permit an employer to comply with the requirements of federal, state, or local laws/rules/regulations or the rules or regulations of self-regulatory organizations, such as FINRA. This language will likely be sufficient to allow broker-dealers to comply with the FINRA supervision rules without violating the social media privacy law.

Firms located in Illinois may not have a problem either, as the state recently amended its social media privacy law to add that “nothing in this subsection shall prohibit or restrict an employer from complying with a duty to monitor or retain employee communications as required under Illinois insurance laws or federal law or by a self-regulatory organization.” While these exceptions will help a firm that has employees located in those states, it will not apply to a firm’s employees who are residents of other states.

At least three states, California, Maryland and Colorado, have laws that do not have a carve-out provision for regulatory compliance. For example, the California law would permit an employer to request an employee to divulge personal social media if the employer reasonably believes it is relevant to an investigation regarding employee misconduct or violation of law, so long as the social media content is used solely for purposes of that investigation or a related proceeding. The term “investigation” is not defined, but it seems reasonable that routine supervisory responsibilities under FINRA rules would not be considered an investigation of employee misconduct. In fact, a regulatory compliance exception was suggested in California but rejected by the legislature.

In addition to the 11 states that passed social media privacy rules, at least 20 have proposed similar laws this year, some of which do not contain exceptions for regulatory compliance. This may ultimately lead broker-dealers to face tough decisions regarding whether to violate state laws or FINRA’s supervision rules. As it stands, there are three states with social media privacy rules that are in conflict with FINRA’s rules.

Until it has been determined that broker-dealers may fulfill their supervision responsibilities without violating social media privacy laws, broker-dealers must walk a fine line between these competing legal obligations.

Broker-dealers should consider prohibiting their associated persons from using personal social media accounts for business communications. This may mean that firms will have to establish social media accounts for use by associated persons. Given the inherent personal nature of social media accounts, particularly the fact that personal names are used to identify accounts, it may prove challenging to keep any account purely business or purely personal.

For more on social media, see:

How you can win on Facebook

Build credibility the LinkedIn way

How to develop your best social media strategy

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.