9 Best Practices For Using Social Media Compliantly In Financial Services

9 Best Practices For Using Social Media Compliantly In Financial Services

September 2016


The first question that Legal and Compliance departments ask before rolling out social media to their financial advisers is “What are other firms doing?” Lucky for the late adopters, using social media compliantly in financial services is a well-traveled road. In fact, it’s been over six years since Financial Regulatory Industry Authority (FINRA) issued the first guidance to the broker community.

Since then, we’ve also seen guidance from regulators around the world. Regulators from financial services (broker-dealer, retail banking, insurance), pharma and healthcare have all weighed in. The requirements are similar. In short, firms need to institute robust social media policies and procedures, demonstrate that these polices have been implemented and comply with recordkeeping requirements.

Regulators didn’t create new rules and regulations specifically for social media. FINRA and other regulators view social media as just another form of electronic communications, such as email or instant messsaging. Instead, firms are tasked with interpreting existing rules and regulations around electronic communications. The five key regulatory to consider for social media compliance are Recordkeeping, Testimonials, Suitability, Advertising and Supervision . As a note: FINRA’s guidance (10-06, 11-39) are the sources for this article, however, these concepts are fairly consistent across industries and around the world.


Firms need to capture, archive and make e-discoverable all written business communications. And to clarify, the regulators aren’t interested in personal communications, only “business as such”. Firms cannot rely on LinkedIn, Twitter, or the newer networks such as WhatsApp or WeChat to retain those business records for them. Best Practice #1: Firms need to work with third-party archiving firms to capture and store business records that appear on social media.

Which leads to Best Practice #2: Firms tend to prohibit their financial advisers from “retweeting” or “favoriting” on social networks avoid recordkeeping and advertising responsibilities associated with the SEC’s theory of “adoption or entanglement” of third party content.

A bit about third party content. Many firms share in-house content that is currently available and already preapproved by their compliance and legal departments when they are getting started on social media. However, at some point, the marketing team will want to share content that was developed outside the firm, or third party content. And that makes sense, as third party content may be interesting and useful to your followers on social media. However, regulators such as FINRA are very clear that if you share third party content, it could be interpreted that you have “adopted or become entangled” with that content and now all the existing rules and regulations apply. Best practice #3: Treat third party content the same way that your treat your in-house content. It needs to be pre-approved for suitability and appropriateness and recordkeeping rules apply. That means you need to put processes in place that capture what the content looked like when it was posted originally and on an ongoing basis. After all, an article from the New York Times is one thing, a blog with comments over months is quite another. Firms can do this manually by taking screen shots and saving them or by using special technology designed for this purpose.


Testimonials are prohibited for Investment Advisers (IAs) by the Investment Advisers Act of 1940 and the bar is set pretty high for Registered Representatives. Best Practice #4: Although there’s been some recent guidance from the SEC on allowing testimonials on social media, firms still tend to block either by policy or technology, testimonials, or “recommendations” and “skills and expertise” on LinkedIn to avoid the appearance of an endorsement. Even with recent SEC Guidance, IAs will need to be very careful to maintain independence from the creation and positioning testimonials. The SEC was very clear that they do not want IAs to be involved in the creation of testimonials or to “cherry pick” through their testimonials and highlight only those that are favorable.


Financial Advisers need to “Know their Customer” (their investing criteria, risk tolerance, etc) before offering any investment advice. For example, FINRA expressly prohibits investing recommendations for specific products or general investing recommendations, such as “buy”, “sell”, “hold”, unless your advisor knows his customers and can make suitable recommendations based on their risk profiles and investing objectives. Best Practice #5: Most firms tend to block specific products or investing terms like “buy”, “sell” or “hold” on social media. After all, how could you possible know the investing criteria for everyone who is following you on social media? Therefore, most firms do not allow their registered representative to pitch products or to make any general investing recommendations on social media. Which actually is in alignment with best practices on social media, where no one appreciates a pitch.


Communications with the public need to be appropriate, fair and truthful. The important thing to remember is that firms must follow existing advertising rules. For example, just as you wouldn’t guarantee returns in a brochure or print ad, you can’t make performance guarantees on social media either. Plus, specifically for social media, FINRA also made a distinction between static advertising and interactive communications. Advertising that is static, such as a profile on LinkedIn that includes promotional information about your firm, must be pre-reviewed by a registered principal of your firm, unless it is simply business card information. Whereas, interactive communications such as InMail and updates on LinkedIn, may be reviewed, or supervised either before or after the fact, depending on the risk profile of the firm. Best practices #6 and #7: Firms may add social media content into the existing pre-review process for other marketing materials. Firms also should create processes to review social media profiles before they are used to conduct business.


The final area is supervision. Which in my opinion, is the most important, as regulators have made it clear that you cannot outsource supervision. Firms need to evidence (or prove) that they are supervising a predefined percentage of business communications of financial advisers to ensure adherence to industry rule and regulations. Best Practice #7: Firms need Written Supervisory Procedures (WSPs) in place for electronic communications before they allow their employees to use social media and other forms of electronic communications. More importantly, firms need to be able to “evidence” that they are following their own procedures. We are seeing FINRA fine member firms for not archiving electronic communications and for lack of a WSPs. Best Practice #8: If you create a policy, be sure to follow it. The first thing that regulators will check is to see if your written processes match reality.

Some questions remain…

There has been guidance from regulators over the years on how to use social media compliantly. FINRA, the SEC, Investment Industry Regulatory Organization of Canada (IIROC), Financial Conduct Authority (FCA) in the UK, Federal Financial Institutions Examination Council’s (FFIEC) and even the Food and Drug Administration (FDA) have all weighed in. However, there are still some compliance questions and challenges outstanding. For example, there’s the challenge of disclosures within financial services, particularly on mobile. Where should disclosures be placed so that the investor has a clear understanding of the risks? Or how do firms capture and retain business communications (stories and text) on platforms where “stories” disappear within 24 hours? Or what about live streaming videos that may be interpreted as a public appearance in the moment, but then become available as an archived video over time? FINRA is aware that the industry has questions and is expected to offer additional social media guidance soon. Until then, Best Practice #9: Carefully interpret the existing rules and then document your rationale for your decisions. Your regulator may not agree with your decision, but your thoughtfulness will be appreciated in the event of an exam.


This article was written by Joanna Belbey from Forbes and was legally licensed through the NewsCred publisher network.

BNY Mellon is the corporate brand of The Bank of New York Mellon Corporation and may be used as a generic term to reference the corporation as a whole and/or its various subsidiaries generally.  This material does not constitute a recommendation by BNY Mellon of any kind.  The information herein is not intended to provide tax, legal, investment, accounting, financial or other professional advice on any matter, and should not be used or relied upon as such.  The views expressed within this material are those of the contributors and not necessarily those of BNY Mellon.  BNY Mellon has not independently verified the information contained in this material and makes no representation as to the accuracy, completeness, timeliness, merchantability or fitness for a specific purpose of the information provided in this material.  BNY Mellon assumes no direct or consequential liability for any errors in or reliance upon this material.