In August 2011, FINRA issued its third part (Notice 11-39) of a series of guidance on supervision of electronic communications. Previous guidance was issued in January 2010 (Notice 10-06) and December 2007 (Notice 07-59).
In the first guidance, FINRA changed its position from requiring firms to have supervisory policies and procedures to monitor all electronic communications technology used by the firm and its associated persons to conduct the firm’s business, by allowing modified risk-based principles.
This new guidance generally allows firms the flexibility to design supervisory review procedures for electronic communications that are appropriate to each firm’s business model. For example, if the type of review will be automated, manual, or a combination of both methods.
A firm may use risk-based principles, including an examination of existing review processes, to determine the extent to which review of any communications is necessary. However, there are specific exceptions requiring supervisory review of internal electronic communications and communications to the public.
FINRA rules and federal securities laws require review of all electronic communications in the following areas:
(1) NYSE Rule 472(b)(3) and NASD Rule 2711(b)(3)(A) require that a member’s legal and compliance department be copied on communications between non-research and research departments concerning the content of a research report; NYSE Rule 472(a)
and NASD Rules 2210 and 2211 require pre-approval by a principal of specified
communications with the public;
(2) NYSE Rule 351(d) and NASD Rule 3070(c) require the identification and reporting of customer complaints; NYSE Rule 401A requires that the receipt of each complaint be
acknowledged by the member to the customer within 15 business days; and
(3) NYSE Rule 410 and NASD Rule 3110(j) require the identification and prior written approval of every order error and other account designation change.
Also, the first guidance listed the following recommendations for executing risk-based procedures to review electronic communications effectively:
(1) Flag electronic communications that may evidence or contain customer complaints, problems, errors, orders or other instructions for an account; or evidence
conduct inconsistent with FINRA rules, federal securities laws and other
matters of importance to the member’s ability to adequately supervise its
business and manage the member’s reputational, financial and litigation risk.
(2) Identify such other business areas the member may identify as warranting supervisory review.
(3) Educate employees to understand and comply with the member’s policies and procedures regarding electronic communications.
(4) Identify the types of correspondence that will be pre- or post-reviewed.
(5) Identify the organizational position(s) responsible for conducting reviews of the
different types of correspondence.
(6) Monitor the implementation of, and compliance with, the member’s procedures for reviewing public correspondence.
(7) Periodically re-evaluate the effectiveness of the member’s procedures for reviewing public correspondence and consider any necessary revisions.
(8) Provide that all customer complaints, whether received via email or in other written form, are reported to FINRA in compliance with the FINRA reporting requirements.
(9) Prohibit employees from the use of electronic communications unless such communications are subject to supervisory and review procedures developed by the member.
(10) Conduct necessary and appropriate training and education.
It was noted that unless a member’s size and/or structure (e.g., a sole proprietor) is such that the member has no other reasonable alternative for reviewing an individual’s electronic communications, an individual may not conduct supervisory reviews of his or her own electronic communications. Further risked-based procedures should prescribe
reasonable timeframes within which supervisors are expected to complete their reviews of correspondence, taking into consideration the type of review being conducted and the method of review being used.
The areas of concern for review of social media and other electronic communications can be found in the “content standards” listed in NYSE Rule 472 and NASD Rule 2210. For example, the use of confidential, proprietary and inside information; anti-money laundering issues; gifts and gratuities; private securities transactions; customer complaints; front-running; and rumor spreading). When reviewing customer complaints, members should look for evidence that a customer has received a communication that is not in conformance with the member’s policies and procedures.
FINRA also noted that firms must adopt procedures to manage data feeds into their own websites. Firms should also regularly review aspects of these data feeds for any red flags that indicate that the data may not be accurate, and should promptly take necessary measures to correct any inaccurate data.
FINRA allowed lexicon-based reviews (those based on sensitive words or phrases, the presence of which may signal problematic communications) of correspondence. The firm should utilize an appropriate lexicon, and take reasonable security measures to keep the list confidential and periodically evaluate the efficacy of the lexicon. Including the ability to conduct searches that exclude any trailers or disclaimers used by the member, as these trailers or disclaimers often contain sensitive words such as “guarantee” (e.g., “firm does not guarantee”) which would “flag” every such e-mail.
For record retention of social media and other electronic communications, firms must ensure that it can retain records of those communications as required by Rules 17a-3 and 17a-4 under the Securities Exchange Act of 1934 and NASD Rule 3110.
Communications that recommend specific investment products was sited to often present greater challenges for a firm’s compliance program than other communications. They may trigger the FINRA suitability rule, thus creating possible substantive liability for the firm or a registered representative. Consequently, these communications must often include additional disclosure in order to provide the customer with a sound basis for evaluating the facts with respect to the product. They also might trigger other requirements under the federal securities laws. FINRA has brought disciplinary actions
regarding interactive electronic communications that contained misleading statements about investment products that the communications recommended. For these reasons, firms must adopt policies and procedures reasonably designed to address communications that recommend specific investment products. As a best practice,
FINRA advised that firms should consider prohibiting all interactive electronic
communications that recommend a specific investment product and any link to such
a recommendation unless a registered principal has previously approved the content. In addition, if their social media sites include functions that make their content widely available or that limit access to one or more individuals. Rule 2310 requires a broker-dealer to determine that a recommendation is suitable for every investor to whom it is made.
The definition of “public appearance” in NASD Rule 2210 includes unscripted participation in an interactive electronic forum such as a chat room or online seminar. Rule 2210 does not require firms to have a registered principal approve in advance the extemporaneous remarks of personnel who participate in public appearances. However, these interactive electronic forums are subject to other supervisory requirements and to the content requirements of FINRA’s communications rule.
The content standards of FINRA’s communications rules apply to interactive electronic communications that the firm or its personnel send through a social media site. While prior principal approval is not required under Rule 2210 for interactive electronic forums, firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.
FINRA considers static postings to constitute “advertisements” under Rule 2210. If a firm or its registered representative sponsors such a blog, it must obtain prior principal approval of any such posting. Today, however, many blogs enable users to engage in real-time interactive communications. If the blog is used to engage in real-time interactive communications, FINRA would consider the blog to be an interactive electronic forum that does not require prior principal approval; however, such communications must be supervised. Under certain circumstances, third-party posts may become attributable to the firm. Whether third-party content is attributable to a firm depends on whether the firm has (1) involved itself in the preparation of the content, the “entanglement theory.” or (2) explicitly or implicitly endorsed or approved the content, the “adoption theory.”
Social networking sites also contain non-static, real-time communications, such as interactive posts on sites such as Twitter and Facebook. The portion of a social networking site that provides for these interactive communications constitutes an interactive electronic forum, and firms are not required to have a registered principal approve these communications prior to use. Of course, firms still must supervise these communications.