Unblocking The Main Thread Solving ANRs and Frozen Frames
Actiance bdi 7.12
1. Social Media Security & Compliance
July 12, 2012
Joanna Belbey
Social Media and Compliance Specialist
http://linkedin.com/in/belbey
www.facebook.com/#!/joanna.belbey
Twitter: @belbey
https://about.me/belbey
2. Agenda
Introductions
Changing landscape
Social Media Maturity Curve
Early successes
Regulatory landscape
9 things you can do to get started
Materials
3. Why are we presenting to you today?
Joanna Belbey
Social Media and Compliance Specialist
FINRA Education Department
Running training firm
I help firms use social media while complying with the regulations
Twitter: @belbey, @actiance
LinkedIn: http://www.linkedin.com/in/belbey
My biggest challenge?
4.
5.
6. Internet Application Usage: Perception vs Reality
Perception: 62% of IT Professionals estimated social networking was used within
their corporate network
Reality: 100% used social networking
Perception: 60% of IT Professionals estimated IM was used on their network
Reality: 98% used IM
Actual customer traffic history (150+ organizations)
Representing all Internet activity from over 150K end users
7. Social media usage
A majority of respondents indicate using social media for one or more
business purposes.
SOCIAL MEDIA USAGE
For which of the following business purposes do you use social media today?
Respondents
under 35 are
more likely to
use social
media for
business
purposes
than those 55
or older (68%
vs. 45%)
Base: all respondents in 2012 (1,428) and 2011 (1,597); multiple responses.
8. Social Media Maturity Curve
Early Majority
Early Adopters • Corporate social presence
• Corporate presence • Social media usage
Early Consideration
• Acceptable use policy by distributed teams
• Some corporate advisors
• Social media being
presence
used by distributed • Acceptable use policy
Pre-Consideration • Banned/ restrictive teams/advisors • Next: use social
policy in place
• No social presence • Next: use social to to develop, strengthen
• Pilot program for develop, strengthen relationships, for some
• Restrictive social
content distribution relationships, for also as a sales channel
policy
may be in place some also as a sales
• No social tools • Previous concerns
• Next: justify channel about FINRA and/ or
• Need to: identify distributed teams impact of social media
options, best practices usage overcome by market
acceptance and
demonstrable results.
9. Case Study: Wealth Management Firm (NJ)
Outline Real Results
LinkedIn Only LinkedIn Connection retirement
status change = $2.75m account
Listening is Key, watching
acquisition
connections who matter
– Job Change noticed on Status
Using Social as an integral element
Update = 401k rollover
of communications mix to spot
change – FA obtains 400 new prospects in
Energy market
– New Commercial Account
Opportunity through colleagues
LinkedIn Connections
10. Case Study: RW Baird
Outline Real Results
LinkedIn Already Available to 1200 @MaryS_rwbaird
Veteran Advisers, tech savvy – 51 followers
Authentic Content – 93 Tweets (at the time)
– $1m prospect
11. 20% of enterprises that employ social
Media beyond marketing will lead their industries
in revenue growth by 2015. GARTNER, MAY 2011
12. Why is social important in Financial Services?
In the USA Gen Y accounts for $2.4 trillion worth of personal income
In 2025 Gen Y will account for 46% of personal income
Source: Javelin Research
http://www.stltoday.com/business/local/article_719f49d8-15e6-5c5d-94b7-
992ab12d9f97.html?print=1
Based on 26,749 online adults, USA, Source: Forrester Research, June 2011
13. So who’s using Social Media? And Why?
Sales & Marketing
Promotions
Advertising
Branding
Financial Advisors / Producers
HR
Background checks
Recruiting
Scientists & Researchers
Information exchange
Collaboration
IT
Investigation of security breaches
15. Risks of Using Social Media and Web 2.0
Data Leakage Incoming Threats Compliance & eDiscovery User Behavior
Personal SEC, FINRA, IIROC Employee
Information Malware, Spyware Productivity
HIPAA, FISMA
Intellectual Property Viruses, Trojans Bandwidth
SOX, PCI, FSA
Credit Card, Explosion
Inappropriate
SSN FRCP- eDiscovery
Content Every employee is
Client Records FERC, NERC the face of business
16. Industry-Specific Legislation and Regulatory Bodies
Fin Services Energy Healthcare Gov’t
FINRA FERC HIPAA FRCP
SEC NERC State of Oregon
GLBA CFTC Florida GRS
State of North
SOX NFA
Carolina
Red Flag Rules
17. Key Legal Issues of Social Media
Privacy
Content Ownership
Intellectual Property Infringement
Unauthorized Activities
• Harassment
• Discrimination
• Unfair competition
• Defamation
• Confidential info
Regulatory Compliance
20. Types of financial advisors
Registered Representatives Investment Advisors
(Broker-Dealer)* (Registered Investment Advisor)*
Regulated by FINRA and the SEC Regulated by SEC or state regulators
Paid via commission Paid fee by client
Suitability- recommendations must be Fiduciary responsibility – must place clients
consistent with best interest of clients interests above own
Ethics Legality
Transactions Advice
*Dually registered firms must adhere to both SEC and FINRA rules.
21. Financial Industry Regulatory Authority (FINRA) Regulatory
Guidance 10-06, 11-39
Rule Description Best Practice
Recordkeeping Capture, save and make Third party vendor(s).
easily available, all written
business correspondence
Suitability Recommendations must be Prohibit recommending
suitable for each investor specific products, investment
strategies
Communications with the Content standards, third party Disable the ability to make
public standards, adoption and recommendations. Block
entanglement retweet, “like
Advertising Static v. interactive Pre-approval, post-review
Supervision Demonstrate adherence with Follow risk-based written
content standards supervisory procedures,
training
FINRA Regulatory Notice 07- Ethical walls between Restrict communications
59 research and investment
banking
22. New Regulatory Notices from FINRA
Suitability (12-25) – effective 7/9/12
Investment Strategies
Communications with the Public (12-29) – effective 2/4/13
3 categories (institutional, retail, correspondence)
Exempts from pre-review:
online interactive electronic forum
not a financial or investment recommendation nor
promotes a product or service of the firm
23. The Securities Exchange Commission (SEC) National
Examination Alert
Guidance Description Best Practice
13 factors to consider for Identify risks Consider pre-review of all
effective compliance program content posted by IAs
Third Party Content Possibly testimonials May need to re-evaluate
separate professional pages
Recordkeeping (Advisers Act) Capture, save and make Third party vendors
easily available, all written
business correspondence
24. Regulators and Social Media
FINRA: RR Jenny Ta used Twitter to tout stock. Ta’s “tweets” were
unbalanced, overwhelmingly positive and frequently predicted
increases. Fined $10K and suspended for one year.
SEC Division of Enforcement: Alleges that Anthony Fields of Lyons IL
offered more than $500 billion in fictitious securities through various
social media sites.
FINRA exams: lists of RR using social media, checking against social
media policy
25. 9 steps to mitigate risks to deploy social media
1. Understand your firms landscape, get visibility.
2. Engage stakeholders in policy setting. Set the policy.
3. Consider and address the risks, in a granular fashion.
4. Protect your network from malware, phishing, attacks, data leakage
5. Issue and implement best practice guidelines.
6. Understand and manage the fallibility of human beings.
7. Record and retain (appropriate) communications.
8. Provide education for your users on acceptable and appropriate use.
9. Review and refine policies (regularly).
26. About Actiance, Inc
A decade of expertise, a history of firsts
Global Operations
• 3 US offices, three continents
• 210 employees
Dedicated Social Engagement Team
• Partnering: networks, platforms, service providers
• Regulators: FINRA, IIROC, FSA, SEBI…
• Best Practice enablement, education
Client Engagement
• 9 out of the top 10 US Banks, Top 5 CDN Banks
• 284 FINRA firms
• 100,000 Social Networking users under license
27. Contact Information
jbelbey@actiance.com
@Actiance, @belbey
Further reading:
Marketers Guide to Social Media in Financial
Services
FINRA 10-06 and11-39 requirements mapped to
Facebook, LinkedIn, and Twitter features
Social Media Handbook
Osterman Research:
The Impact of New Communication Tools for
Financial Services Firms
Actiance Collateral Library
http://actiance.com/products/collateral-
library.aspx
Hello and good afternoon. My name is Joanna Belbey and I am the social media and compliance specialist at Actiance. My background is that I am an enthusiastic social media user, plus worked at FINRA for more than 6 years creating and developing as many at 350 educational programs on compliance topics to FINRA’s member firms. I also ran my own training firm for awhile. What I do at Actiance is help regulated firms deploy social media while adhering to the rules and regulations. You can follow me on Belbey on Twitter and feel free to LinkedIn to me as well. As for my biggest challenge, as social media impacts for many departments within an enterprise, I gather everyone together -- groups like Marketing and Corporate Communications, Risk, Goverance, Legal and Compliance, ItT Security, Human Resources – I gather them all together so that they can begin to craft social media policies that Actiance can then implement.
Here at Actiance, we conducted our 6th annual survey on usage trends, end user attitudes, and IT impact earlier this year. We asked end users, “what you do on the corporate network?” We then asked IT professionals, “what do you think that your end users are doing on the corporate network?” We compared theanswers with data collected from 150 of our appliances. These appliances are deployed at customer sites throughout the globe and Actiance was given permission to capture their real data. The difference between the perception andreality was staggering.Take, for example, social networking. 62% of IT Professionals (that would be the light gray bar) estimated social networking was used within their corporate network, yet in reality, we found it being used in 100% of networks. Likewise, with IM, 60% of IT Professionals estimated IM was used on their network, yet in reality, that figure was 98%.
OBJECTIVE: Show leadership in understanding the market and brand association with registered rep and wealth management magazine.TEXT:When it comes financial services, we’ve been working with the folks at registered rep magazine and wealth management.com. WE worked with them on a joint survey to nearly 1600 regulated users, asking about their usage of social media. This survey took place in September and to show the rate of change in the market, we re ran it in February of this year. You can see in just some of these results – as to how much this has changed. CALL OUT SOME OF THE DIFFERENCES> Respondents under 35 are more likely to use social media for business purposes than those 55 or older (68% vs. 45%). Those from insurance firms (67%) and RIAs (67%) are more likely to use social media than those from bank brokerages (35%) or wirehouses (48%). Advisors are more likely to use social media to network with other professionals than to stay in contact with clientsSEGUE: And here at actiance, we’ve taken this understanding of the market a step further..
We commissioned a third party organization to undertake some very specific research for us. They conducted 90 minute interviews with some 20 organizations to identify the stage of maturity that they were at when it comes to the enablement of social within the organization. Some firms are only at the Pre-Consideration stage , where they have no social presence at all. Others are Early Consideration stage, where there is some corp. presence, perhaps there are restrictive policies in place. Maybe there’s a pilot going on. Then, there are the Early Adopters, they have a corp. presence and an acceptable use policy in place and social might be being used by distributed teams. And finally, there are the early majority. These folks have everything that I mentioned, plus, they’ve also have started to experience successes so that many of their earlier concerns about being in compliance have been overcome by proper planning and demonstrable results.Wherever you are along this curve, I’m hoping I can help you move to the next phase.
- a FA noticed one of her new LI connections was retiring that led to a 2m account acquisition- a FA noticed on LI a client was changing jobs and captured a 401k rollover- a FA noticed a fellow FA was linked in to a contact at a company she was chasing that opened up a commercial account opportunity- a FA with existing ties in the energy market has linked in to 400 new prospects internationally that is expected to yield strong returns in AuM build - all FAs in the pilot use LI to research targets to see how they are connected before calling to increase their hit rates- ML also sees strong interest from their Institutional Research team who want to use LI to deepen their company information for the ones they cover
Crop logo91 tweets, $1m prospectEngagement details1200 people live
This slide shows why it’s so important to get social…. research from Carol Rozwell of Gartner in May 2011…. identified that the 20 percent of enterprises that employ social media beyond marketing will lead their industries in revenue growth by 2015.
Osterman Research conducted a study and found that corporate users spend an average of 18 minutes on a typical workday using social networking tools (or about 4% of their workday). In fact, our own survey showed a change from 2009 to 2010 in the business use of Twitter, going from 13% of users to 78% , a 6-fold increase.Adoption of social computing and social networking in the enterprise is being driven by individuals and departments within the company, such as the Marketing & PR teams who want to use social networking for corporate messaging and advertisements or analysts who wish to publish “market”-relevant data. And some firms are allowing their Financial Advisors and Producers to use social media to conduct business “as such”. These are the folks who need write access.Conversely, there are those corporate users that only need read-only access. This could be departments like HR/Compliance/IT Security, which use social media to research new hires or conduct investigations. And then there’s the issue of personal use. We’ve found that restricted personal use is generally OK so long as clear guidelines are made available company-wide. This growth of usage across the enterprise is pretty impressive but it comes a new set of risks...
So far, we’ve seen different countries around the world that have issued specific guidelines for financial service firms. The US was the first in January 2010 with FINRA 10-06, closely followed by the UK in the summer of 2010 with a notice from the Financial Services Authority. We’ve since seen guidelines from IROC and the Canadian Securities Administration and SEBI out of India. India is the fastest growing social networking nation, btw.
Text:Today, we’ll be talking about recent guidance offered by FINRA for Registered Representatives and SEC for Registered Investment Advisors. But, first, we’d like to provide some context. There are two major types of financial advisors, Broker-Dealers and their registered representatives and Registered Investment Advisors and their Investment Advisors. As you can see from this chart, there are subtle, but, important differences between the two. As you know, FINRA issued specific guidance Broker Dealers for social media back in January 2010 in 10-06 and then again, this past August with 11-39. However, until January of this year, the SEC had not provided written guidance for Investment Advisors specifically on social media, however it had included it in its exam sweeps. So, in the absence of guidance from the SEC, RIAs were using FINRA issued guidance.However, in short, both the SEC and FINRA consider social media as a form of electronic communications. Therefore, regulated users are required to follow the rules and regulations surrounding electronic communications even during their “down time” or time away from the office, if they are identifiable as a representative of the organization (i.e., they list the firm as their employer). To make it even clearer, if it’s written down, it’s a written communication.
Financial Industry Regulatory Authority (FINRA) FINRA issued specific guidance for Broker Dealers for social media in January 2010 and then again, in August of 2011 . FINRA reiterated that there are new rules. Instead, firms are challenged to interpret how to apply these existing categories of rules and regulations to social media: Recordkeeping: Firms must capture, save and make easily available, all written business correspondence, including communications within social media such as updates, tweets, direct messages, including communications from both business and personal devices. The content is determinative. Timeframes vary, but, in some cases these communications need to be archived for at least five years. Best practice: As social media networking sites do not offer this capability, firms are challenged to find another solution, typically by working with a third party vendor(s). Suitability: Broker-dealers must ensure that recommendations that registered representatives make to their clients are suitable for each investor. That means that the RRs must know their customer’s investing goals and tolerance for risk at that moment in time. For Investment Advisors, the bar is higher. They have a fiduciary responsibility, which means that they must put their clients’ interest above their own. Best practice: Firms typically prohibit recommending specific products, unless a registered principal of the firm has approved the communication. Communications with the public: Firms need to adhere to content standards for all communications. For example, they must disclose all the facts, cannot be misleading nor can guarantee results. Furthermore, testimonials are specifically prohibited for Investment Advisors and are only allowed in certain circumstances for Registered Representatives. Best practice: Firms typically monitor communications to makes sure content standards are being upheld, and also disable the ability to make recommendations, and in some cases, to “like”. Firms also need to make sure communications are reviewed, either before or after they are made public, depending on how they are categorized, and depending on the content. Static content, such as an advertisement, or brochure or profile on a social media site, needs to be pre-approved by a registered principal of the firm before it is made public. However, interactive communications, such as real-time interactions, do not require pre-approval, but must be supervised at some pre-determined percentage. Both static and interactive communications must meet content standards, be supervised and all communications must be captured and retained. Best practice: Communications rules are fairly complex. Marketing departments typically confer with their compliance department to develop processes for review and approval of content, either before it is posted, or after, depending on the category and content of communications. Firms are not responsible for third party content unless they have involved themselves in the preparation of the content or explicitly or implicitly endorsed or approved the content. Best practices: Establish and publish usage guidelines for customers and other third parties that are permitted to post on firm-sponsored websites. Monitor, and block inappropriate third-party content and provide disclaimers regarding its responsibility for third-party posts. As retweeting or “liking” or marking as “favorite” could be considered an endorsement of the post, firms typically block these capabilities. Supervision: Like with any type of electronic communications (such as email, or instant messages), firms must demonstrate that they are supervising communications to ensure adherence with content standards. Regulators do not specify what percentage of communications must reviewed. Instead, FINRA allows firms to use a risk-based approach, ie, firms create supervision policies based on their own tolerance for risk, the type of content, plus compliance history of staff. However, FINRA does specify those associated people who use social media must first receive training. Best practice: Work with your Compliance department to develop and follow risk-based written supervisory procedures. Put processes in place to pre-approve static and product related content. For interactive content that does necessarily require pre-approval, determine how and what percentage of content will be reviewed and when. Develop training programs for everyone who will be using social media.
As mentioned earlier, FINRA does not regulate Investment Advisors. Instead, they are regulated by the Securities Exchange Commission. There have been conversations about having either FINRA regulate both registered representatives and financial advisors or creating a new Self-Regulatory Organization (SRO) to regulate both. That may happen at some point. But, for now, for now, firms need to make sure they are following the appropriate guidelines for each type of advisor. In January 2012, the SEC issued guidance about social media for the first time. Before then, firms with Investment Advisors were using FINRA issued guidance.In the SEC’s National Examination Alert, Investment Advisor Use of Social Media, the SEC staff of the Office of Compliance Inspections and Examinations, states that firms use of social media must comply with federal securities laws, including anti-fraud provisions, compliance provisions and recordkeeping. In other words, like the direction from FINRA, there are no new rules for social media, instead firms must interpret the existing rules and apply them to social media. In the Alert, the SEC listed a number of factors that firms should consider when evaluating the effectiveness of its compliance program. Factors include usage guidelines, content standards, approval of content, making sure there were enough firm resources to monitor IAR activity on social media sites, and others. In a departure from FINRA, the SEC also specifically mentioned that post review of certain content may be problematic. To summarize, the SEC recommended that firms identify risks of using social media and then test whether their in-house policies and procedures effectively address these risks. The SEC also suggested that firms develop policies and procedures specifically for social media to avoid confusion to train staff on the compliant use of social media. Best Practice: Consider pre-review of all content posted by IAS, or at the very least, prompt after the fact monitoring and deletion of inappropriate content. Third Party Content:The SEC expressed concern about how third party postings on Investment Advisors sites could be interpreted as testimonials, which are prohibited for IAs. The SEC states “the use of ‘social plug-ins’ such as the “like” button could be interpreted as a testimonial … its’ an explicit or implicit statement of a client’s experience with an advisor. In cases where social media sites do not allow the ability to disable ‘like’ or similar feature, RIAs should develop a system to monitor and remove third party postings.” Best Practice: Firms may need to reevaluate practice of IAs setting up separate professional pages on Facebook, which customers connect to via the “like” button, to avoid the appearance of a testimonial. Recordkeeping: SEC states that social media is like any other written communication, and needs to be retained according to the provisions of the existing Advisers Act. And like FINRA, the SEC states that the “content is determinative”, meaning that both regulators are only interested in business communications. Best practice: As social media networking sites do not offer this capability, firms are challenged to find another solution, typically by working with a third party vendor(s).