As anyone who has been part of the financial services world for any length of time can attest, the regulatory landscape for broker-dealers and investment advisers is markedly different today than it was just 15 or 20 years ago. Over that time period, firms have had to adapt to changes in regulatory filing and disclosure requirements, custody rule changes and other types of new or revised rules. However, none of those changes were quite as broad in scope, or posed the same challenges to firms, as the growing use of digital communications and the virtual explosion of social media sites.
The potential marketing and sales opportunities that come with digital and social media communications are very real. Many successful firms have realized that using print marketing and television ads is not the best way to reach the Millennial demographic, a group made up of more than 75 million Americans. (Source: Pew Research Center.)
To reach this new group of consumers, financial services companies have been forced to adapt by creating Facebook and Twitter profiles, producing YouTube videos, creating dynamic websites and leveraging technology to create ways to interact with clients in new ways.
Instead, this younger set of potential clients gets much of their information from the internet and apps that help them engage with the companies and people they care about. So, to reach this new group of consumers, financial services companies have been forced to adapt by creating Facebook and Twitter profiles, producing YouTube videos, creating dynamic websites and leveraging technology to create ways to interact with clients in new ways.
If the marketing opportunities are huge, the regulatory implications and challenges might be described by some industry compliance personnel as “enormous.” The potential risk to the company’s brand and reputation if a registered representative or investment adviser representative misuses social media channels is potentially catastrophic, so companies must be proactive in identifying, and monitoring, social media users.
1. Regulatory compliance: policies and procedures
First, firms that are regulated by the SEC or FINRA need to ensure their sales and marketing personnel are on the same page as their compliance teams. A full discussion of the rules governing communications with the public is outside the scope of this article, however regulated firms are subject to rules governing electronic communications with the public, which has been specifically interpreted as encompassing social media communications. Investment advisers are also subject to a strict prohibition against using testimonials.
While firms and their registered personnel are required to adhere to those regulations, they are also required to develop and implement policies and procedures that are tailored to their own firms and the types of business they handle. Those policies and procedures need to be reasonably designed to achieve compliance with the overarching regulatory framework.
2. Monitoring activity
Once policies and procedures are in place, firms need to review their effectiveness periodically and make adjustments as needed. A mantra familiar to many broker-dealer and investment adviser compliance officers is “trust, but verify.” For any firm with more than one person on staff, verifying compliance with all policies and procedures, including those governing electronic communications and social media use, is both necessary and helpful. For supervisors and managers, the challenge then is how to effectively monitor activity.
Most firms of any size have systems in place to comply with electronic e-mail review and retention requirements. However, when it comes to social media monitoring, firms have been slower to adapt, with some small- to mid-size firms completely prohibiting social media use by registered persons, and other firms trying to manually oversee and individually approve social media posts.
For institutional firms, the challenge is to make sure that those involved with the marketing and sales sides of the organization are aware of the firm’s rules. For retail organizations, the potential for rule violations, whether inadvertent or deliberate, grows exponentially. This is certainly true for decentralized companies with a sales force dispersed across the country.
3. Cybersecurity risk
Marketing and compliance challenges aside, the risk of cybersecurity and fraudulent activity from digital communications and social media use is very real.
Marketing and compliance challenges aside, the risk of cybersecurity and fraudulent activity from digital communications and social media use is very real. Fraudsters are becoming more and more proficient at using these means of communication to try to gain access to clients’ accounts. Firms must therefore have a solid IT infrastructure, and protocols for employees to follow in the event of a potential breach.
In addition to potential client losses and reputational risks, there’s another incentive for firms to be on top of their cybersecurity game: the regulators are watching. In September 2015, a St. Louis, MO based firm was fined $75,000 for its failure to have cybersecurity policies and procedures in place before its systems were breached. While statistics about how many firms have experienced data breaches or cybersecurity fraud are not readily available, most firms today realize the question is not “if” they will experience them; it’s “when” it will occur.
Firms are addressing these challenges in various ways, with varying degrees of success. Most firms would agree that it is critical to:
- Conduct a risk assessment, to identify where policies or procedures should be shored up.
- Implement tailored policies and procedures, including policies about acceptable social media use, supervision of digital and social media communications, and cybersecurity policies.
- Look for ways to leverage technology solutions to help with compliance. For social media use, this may be vetting and implementing technology to monitor registered persons’ social media activity, or using tools to schedule compliance approved tweets or posts.
- Continuously training staff on how to use digital and social media in compliance with company policies
While the potential for reaching new, tech-savvy clients through digital and social media means is exciting, it is critical for supervisors and management personnel to fully understand the potential risks, and to ensure measures are in place to prevent, detect and correct any violations of the firm’s policies.