Broker-dealers are actively engaged in using Twitter, Facebook and YouTube. As social media has evolved to include corporate communications, a variety of compliance issues have developed. One such conflict is between the Financial Industry Regulatory Authority’s (FINRA) supervision rules and recently enacted state laws that limit an employer’s ability to gain access to an employee’s personal social media account.
Over the last three years, FINRA has issued two regulatory notices that provide guidance on the application of its rules to social media communications. FINRA requires broker-dealers to supervise social media communications and to retain records. At the same time, new laws in 11 states prohibit employers from seeking access to personal social media accounts of employees.
By limiting access, these social media privacy laws may hinder compliance with FINRA’s supervision requirements. Consequently, broker-dealers will face tough decisions, as complying with FINRA’s supervision rules could put them in violation of state laws, some of which have criminal penalties.
FINRA wants access
FINRA requires that firms adopt policies and procedures to ensure that associated persons who use social media for business purposes are appropriately supervised. Firms must be able to retain, retrieve and supervise business communications, even when associated persons use their own personal computer or other device. Static content must be approved before it is posted, and all interactive electronic communications, which are made in real time, must be supervised.
FINRA recently announced new measures to ensure compliance with these communication rules. This past summer, FINRA issued a targeted examination letter announcing spot checks of written and electronic communications. Firms will be required to explain 1) how they use social media; 2) the firm’s written supervisory procedures for social media communications; and 3) the measures the firm has adopted to monitor compliance. FINRA noted that it makes sense to incorporate social media reviews into routine surveillance.
In addition to the targeted examination letter, FINRA has shown a willingness to enforce its rules with respect to social media communications. FINRA recently suspended and fined a registered representative for violations involving equity-indexed annuities (EIA). FINRA found that the registered representative published videos on YouTube that did not comply with its rules. The registered representative failed, among other things, to communicate the risks and limitations of EIAs and included incomplete comparisons to other annuities.
State laws differ
While broker-dealers are adapting supervision methods to include social media, some states are making it impossible to do so. New laws in several states restrict an employer’s ability to obtain access to current employees’ personal social media accounts. Under these laws, employers may not request or require employees to provide passwords, user names, login information or ask to look at an employee’s personal social media account. As of September, there are 11 states that have enacted such laws on social media and many others have proposed legislation.
Several of these laws make it impossible for broker-dealers to comply with supervision rules if associated persons use their own social media accounts for business. How can firms “retain, retrieve and supervise” communications if they have no access to such communications and are forbidden from asking for access?
The conflict between protecting employees’ privacy under these new laws and the duty to supervise communications may not be easily reconciled in some states. Fortunately, a few of the laws contain exceptions for complying with government regulations.