Unraveling Multimodality with Large Language Models.pdf
Social Media Compliance for Regulated Industries
1. WHITE PAPER
SocIAl MEdIA for
Regulated Industries
www.socialvolt.com
2. Social Media
Executive
overview
SocIAl MEdIA REgulATIon
Most companies have accepted the fact that by now they ought This whitepaper will discuss the various regulations and risks that
to be engaging in social media activities in one form or another. certain industries must keep in mind, and offer guidelines on how
Those who are late to the party, however, are often from highly- to develop a compliant corporate social media strategy.
regulated industries such as financial services, pharmaceuticals
or healthcare. despite the promise of genuine, real-time
communications with customers that could greatly benefit
marketing and public relations efforts, social media can present
quite a challenge with regard to regulatory compliance.
for example, brokerage firms dealing with financial Industry
Regulatory Authority (fInRA) regulations need to be concerned
about whether responses their employees provide to customers “despite the promise
in social media communities adhere to suitability and investment
product recommendation rules. likewise, pharmaceutical of genuine, real-time
companies engaging in social media must ensure that any
conversations about a product, whether they are on facebook or communications with
Twitter, feature the fdA-required safety information. Healthcare
companies must be cognizant of Health Insurance Portability customers that could
and Accountability Act (HIPAA) laws and not disclosing patient
information online. And, any public company needs to be on
top of every tweet to monitor whether it complies with the
Securities and Exchange commission’s (SEc) public disclosure and sales efforts, social
requirements.
Heavily regulated companies need to arm themselves with
media can present quite
the proper tools and information to engage in social media in
an intelligent, compliant way – without completely stifling the
a challenge with regard
creative, genuine nature of the medium. This can be a difficult
balance to strike, but it can definitely be achieved.
to regulatory compliance.”
SocIAl MEdIA foR REgulATEd InduSTRIES .2.
3. Social Media
Social Media
And THE fInAncIAl SERVIcES
InduSTRY
A deluge of regulatory requirements has slowed the financial
services industry’s adoption of social media. According to a recent
survey conducted by Accenture1, 60 percent of retail banks still
consider themselves social media novices. And a recent research
report by celent2 adds that when it “comes to acquiring and re-
taining clients, social media channels are on their way to becoming
as important as traditional media channels for wealth managers.”
“Sixty percent
of retail banks
clearly, the industry is starting to realize that social media can reap
positive benefits for firms, from building relationships with current
and prospective clients to finding new business. However, the
financial services industry is forced to comply with strict industry
regulations, especially from fInRA, the SEc and, for uK compa-
still consider
nies, the fSA.
themselves social
media novices.”
1
Accenture, “Social Banking: The Social networking Imperative for Retail Banks”
2
celent, “Social Media in Wealth Management,” January 18, 2012
SocIAl MEdIA foR REgulATEd InduSTRIES .3.
4. Social Media
understanding the guidelines:
fInRA
4. Supervision of Social Media Sites: firms are required to
one of the industry’s largest regulatory authorities, fInRA,
supervise interactive communication on social media and
now provides comprehensive guidance for how regulated
adopt policies to stay in compliance. This means that firms are
banks can maintain compliance while engaging in social media
responsible for making sure any social media communications
activity – Regulatory notice 10-06 and Regulatory notice 11-39.
made through their accounts, no matter which employee
Regulatory notice 10-06 details the recordkeeping, suitability,
posts it, remains in compliance with fInRA guidelines.
supervision and content requirements for such communications,
while Regulatory notice 11-39 explains the ins and outs of social
5. Third-Party Posts: Social media posts from third parties are
networking site usage and communication. Together, these
not considered communications from a firm, unless the firm
provide the framework for how to maintain compliance while
has endorsed or is involved in the preparation of the content.
engaging in social media.
This means that firms are not responsible for what others
say or claim about their products and services, unless they
Here are five main areas in which fInRA provides guidance for
actively involve themselves with the third-party content.
social media3:
1. Recordkeeping: All social media activities must be kept
to comply with record retention guidelines. This means
that firms cannot delete, and must archive, social media
activities.
2. Suitability Responsibilities: Social media communications
that include recommendations of any type must follow nASd
Rule 2310. This means that firms cannot make promises
through social media that they could not make via traditional
communication methods.
3. Types of Interactive Electronic Forums: Static social media
content requires principal approval; interactive social media
content does not. This means that any social media content
that is real-time communication does not require principal
approval, while static content on social media, including
profiles and advertising, does require the approval of the
firm’s registered principal.
3
guidelines sourced from fInRA Regulatory notice 10-06 and fInRA Regulatory
notice 11-39
SocIAl MEdIA foR REgulATEd InduSTRIES .4.
5. Social Media
understanding the guidelines: A firm may want to consider the
appropriateness of pre-approval requirements (as opposed to
SEc after-the-fact review).
Analyze the risk
exposure for a firm and its clients considering the social
The SEc recently released its first set of guidelines4 to help networking site’s reputation, privacy policy, ability to remove
investment advisers comply with strict federal securities antifraud, third-party posts, controls on anonymous posting and its
compliance and recordkeeping mandates. The “national advertising practices.
Examination Risk Alert: Investment Adviser use of Social Media”
instructs investment advisers using social media to continually consider implementing social
evaluate their compliance program in terms of social media usage media training to promote compliance and prevent potential
guidelines, content standards, monitoring, approvals, training and violations of the federal securities laws and the firm’s internal
more. It also stresses the importance of paying close attention to policies. A firm may also consider whether to require a
third-party content and recordkeeping. certification by investment advisory representatives (IARs)
and advisory solicitors confirming that those individuals
Approaching social media in the same way as other compliance understand and are complying with the firm’s social media
areas required by Advisers Act Rule 206(4)-75, investment advisers policy.
that use or permit the use of social media by their representatives,
solicitors and third parties should write compliance policies and A firm may need to define
procedures governing the use of social media. Pwc provides a appropriate behavior on personal social media sites, in
good explanation6 of the guidelines and the potential risks. addition to sites that are supervised or operated by the firm.
following is a summary of some of the SEc’s suggestions for Engaging in social media activities may be perceived as a real
social media use (paraphrased from the Alert): information security risk to financial services firms. Per the SEc
Alert, “information and information systems from unauthorized
consider creating access, use, disclosure, disruption, modification, perusal,
usage guidelines instructing advisers and their partners on inspection, recording or destruction is an important risk faced
the appropriate use of social media and appropriate content by all firms. Although hacking and other breaches of information
to post, as well as restrictions. security can be posed in multiple ways, use of social media,
especially third party social media sites, may pose elevated risks.”
consider how to
effectively monitor the firm’s social media sites and whether Also consider that content posted on social media sites might
complete access can be given to a supervisor or compliance be construed as investment advice – something that might come
staff. Also determine how frequently to monitor activity – for riddled with fines or potential lawsuits. In order to combat these
some firms, real-time monitoring may be needed whereas risks, financial services companies should develop and document
periodic monitoring may suffice for others. And determine if a clear social media policy that outlines both internal and
your firm has dedicated compliance resources to adequately regulatory compliance rules, and provide definitive guidelines for
monitor activity on social media sites. what is allowed and what is prohibited.
4
SEc office of compliance Inspections and Examinations, “national Examination Risk
Alert: Investment Adviser use of Social Media,” January 4, 2012
5
SEc Advisers Act Rule 206(4)-7, “final Rule: compliance Programs of Investment
companies and Investment Advisers,” february 4, 2004
6
Pwc, “SEc Staff Provides guidance on the use of Social Media by Advisers”
SocIAl MEdIA foR REgulATEd InduSTRIES .5.
6. Social Media
understanding the guidelines:
fSA
The financial Services Authority (fSA) is the regulator of the
u.K. financial services industry. In 2010, it issued guidelines7 for
using new media for financial promotion, which it defines as: “a
communication that is an invitation or an inducement to engage
in investment activity.” Per the fSA, social media communications
(both promotional in nature and otherwise), must comply with
standard communications rules found in the fSA Handbook8,
including sections coBS 4, BcoBS 2,
IcoBS 2 and McoB 3. A brief summary of those rules follow:
all communications
More can be read about the specific guidelines for investment,
insurance and mortgage firms in the fSA’s “Stand-Alone
compliance” document9. not meant to discourage social media
use, the fSA’s guidelines are just another step in the financial
services world to ensure that firms are using the medium
appropriately and legally to minimize risk and potential litigious
side effects.
7
fSA, “financial Promotions Industry update: financial Promotions using new Media”,
June 2010
8
The fSA Handbook
9
fSA, “financial Promotions Industry update: Stand-alone compliance,” Sept. 2009
SocIAl MEdIA foR REgulATEd InduSTRIES .6.
7. Social Media
Social Media
And THE PHARMAcEuTIcAl InduSTRY
The pharmaceutical industry has long been reluctant to engage
in social media activities, and strict fdA regulations have made
pharmaceutical marketers notoriously risk averse. In fact, the
federal drug Administration’s (fdA) strict communications rules
and contrasting silence on social media parameters led to an
abrupt shut down of many pharmaceutical facebook pages
when the site eliminated the option to shut off public comments in
August 2011.
In January, the fdA finally issued draft guidance for
pharmaceutical companies on how they should interact with
consumers on social media. Though the guidelines represent
an opportunity for pharmaceutical companies to appropriately
engage in social media, many still have concerns. for example,
“despite the fact that
pharmaceutical companies want to know the extent to which they
might be held liable for information posted on social media sites by
social media use is still
outside parties (i.e., false claims about drugs, adverse effects).
in its infancy within the
despite the fact that social media use is still in its infancy within the
pharmaceutical industry – and will be until the fdA issues clear pharmaceutical industry
guidelines – the industry is starting to realize that social media
engagement can reap positive benefits for the business, from – and will be until the fdA
building relationships with consumers to conducting activities that
drive sales. Some big brands are already testing the social media issues clear guidelines –
waters with positive results.
the industry is starting to
realize that social media
engagement can reap
SocIAl MEdIA foR REgulATEd InduSTRIES .7.
8. Social Media
understanding the guidelines:
fdA
The fdA recently issued its first draft guidance10 for Per the fdA, “If a firm responds to public unsolicited requests
pharmaceutical companies on how they should respond to for off-label information, including those encountered through
unsolicited requests for drug information. Section VI in the draft emerging electronic media, in the manner described above, fdA
guidance, entitled “Responding to Public unsolicited Requests does not intend to use such responses as evidence of the firm’s
for off-label Information, Including Those Encountered through intent that its product be used for an unapproved or uncleared
Emerging Electronic Media by drug or Medical device firms” use. Such responses also would not be expected to comply with
specifically addresses social media interactions. the disclosure requirements related to promotional labeling and
advertising.”
following are the specific recommendations, taken directly from
the draft guidance: Though not by any means a comprehensive guide for how
pharmaceutical companies should engage in social media, it is
1. If a firm chooses to respond to public unsolicited requests for certainly a start.
off-label information, the firm should respond only when the
request pertains specifically to its own named product (and is
not solely about a competitor’s product).
2. A firm’s public response to public unsolicited requests for off-
label information about its named product should be limited
to providing the firm’s contact information and should not
include any off-label information.
3. Representatives who provide public responses to unsolicited
requests for off-label information should clearly disclose their
involvement with a particular firm.
4. Public responses to public unsolicited requests for off-label
information described in numbers 2 and 3 should not be
promotional in nature or tone.
10
food and drug Administration, “Responding to unsolicited Requests for off-label
Information About Prescription drugs and Medical devices,” december 30, 2011
SocIAl MEdIA foR REgulATEd InduSTRIES .8.
9. Social Media
Social Media
THE HEAlTHcARE InduSTRY
Some hospitals have avoided leveraging social media platforms
like Twitter and facebook due to fears over HIPAA. But, with
patients frequently turning online to research – and in some
cases even diagnose – illnesses, social media can certainly be an
effective tool to help find reliable healthcare information.
So, with HIPAA prohibiting the distribution of patient information
by both healthcare systems and their employees, is it possible for
doctors to engage with patients safely online? The answer is yes,
and already more than 1,200 u.S. hospitals are currently engaging
patients through social media11.
“Already more than
1,200 u.S. hospitals
are engaging
patients through
social media.”
11
food and drug Administration, “Responding to unsolicited Requests for off-label
Information About Prescription drugs and Medical devices,” december 30, 2011
SocIAl MEdIA foR REgulATEd InduSTRIES .9.
10. Social Media
understanding the Regulations:
HIPAA
According to HIPAA, a patient has control of his or her own Patients should not be allowed access to this personal profile.
protected health information and no one can release that Most importantly, go to your privacy settings and ensure what
information without the patient’s consent. The exception is that you share is exposed to your personal circle only. Then, set up a
a patient’s information can be shared internally, from a hospital separate facebook page that serves as your public persona that
to a physician (and vice versa) and to payment companies for patients can view. This page needs to be HIPAA-compliant and
insurance purposes. Though HIPAA does not specifically address professionally self-aware.”
social media in its documentation, the same rules apply regarding
patient privacy. By keeping guidelines like these in mind, healthcare organizations
and their employees can participate in social media while staying
After a few well-publicized cases about physicians divulging out of professional danger.
patient information online, dave Ekrem, social media manager for
Massgeneral Hospital for children, provided a few suggestions
for how physicians can remain HIPAA-compliant when using social
media, including “The Elevator Rule.” He states: “This is a famous
test, probably repeated by compliance departments and trainers
at hospitals all over the u.S. If you wouldn’t say it in the elevator,
don’t put it online. You can try speaking your post out loud before
hitting the enter key. Take particular care when replying to people
in real-time venues like Twitter. You don’t have to respond right
away and if you have any doubt at all, ask a friend or colleague for
their reaction before you post.”
Kevin Pho, an internal medicine physician who sits on the board
of uSA Today, reminds doctors that separating personal and
professional content on facebook is critical : “I embrace the ‘dual-
citizenship’ approach, recently discussed in an Annals of Internal
Medicine perspective piece. With facebook in particular, limit your
personal profile to friends and family. These are people who can
follow your personal, day-to-day happenings, pictures and video.
12
KevinMd.com, “7 Tips to Avoid HIPAA Violations in Social Media,” June 7, 2011
13
KevinMd.com, “How doctors can use facebook Responsibly,” April 2011
SocIAl MEdIA foR REgulATEd InduSTRIES . 10 .
11. Social Media
Practice
compliant
Social Media:
BEST PRAcTIcES
Even the most regulated industries can successfully participate compliance. It is also prudent to make sure the policy
in social media if they adhere to internal policies and regulatory leverages a method to limit the number of employees granted
guidelines by building security and control into their social media admin rights to social media accounts.
programs.
When Appropriate: It’s
document a clear, concise corporate important to continually monitor the various social sites.
social media policy and communicate it to employees. check facebook posts and Tweets on an ongoing basis
Include it in new hire documentation and training. Make sure it and remove inappropriate posts or comments, or implement
includes both corporate and regulatory guidelines, and clearly a social media management system that will do this
define what is allowed, what is prohibited, and what the automatically based on the constraints you define.
ramifications are if an employee does not adhere to the policy.
Ensure that external audiences are just as aware of the policy Whether it’s
as employees by posting it on facebook pages, blogs and a doctor/patient conversation or a financial adviser/client
websites. conversation, take it offline if complying with regulations is a
concern. Meet in person or discuss over the phone instead of
Any company-facing regulatory controls could in a public, internet forum.
also face an audit at any moment. A social media policy
should account for this reality by implementing technology Employee education and training is the
that archives all content in a way that could quickly and best way to uphold policies, meet regulatory requirements
adequately help prepare for an audit. for example, systems and mitigate risk. Regularly educate employees about current
that automatically delete or remove social media content social media policies, new programs or networks, and best
are not permitted under fInRA guidelines and should be practices. Hold regular “lunch and learn” events and launch a
prohibited in your policy. social media certification program that grants graduates new
levels of privileges in social communities.
Implement a process for review of all
authored content. Everyone has heard the horror stories of By making sure a complete and thorough social media policy
employees who have posted inappropriate content and the and system is in place, heavily regulated industries can start to
resulting consequences. Making sure all content is reviewed recognize the value of social media immediately without living in
by a compliance officer or other manager will help maintain fear of violating federal regulations.
SocIAl MEdIA foR REgulATEd InduSTRIES . 11 .