Actiance bdi 7.12

  • 380 views
Uploaded on

Social Media Compliance and Security

Social Media Compliance and Security

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
380
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
13
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Hello and good afternoon. My name is Joanna Belbey and I am the social media and compliance specialist at Actiance. My background is that I am an enthusiastic social media user, plus worked at FINRA for more than 6 years creating and developing as many at 350 educational programs on compliance topics to FINRA’s member firms. I also ran my own training firm for awhile. What I do at Actiance is help regulated firms deploy social media while adhering to the rules and regulations. You can follow me on Belbey on Twitter and feel free to LinkedIn to me as well. As for my biggest challenge, as social media impacts for many departments within an enterprise, I gather everyone together -- groups like Marketing and Corporate Communications, Risk, Goverance, Legal and Compliance, ItT Security, Human Resources – I gather them all together so that they can begin to craft social media policies that Actiance can then implement.
  • Here at Actiance, we conducted our 6th annual survey on usage trends, end user attitudes, and IT impact earlier this year. We asked end users, “what you do on the corporate network?” We then asked IT professionals, “what do you think that your end users are doing on the corporate network?” We compared theanswers with data collected from 150 of our appliances. These appliances are deployed at customer sites throughout the globe and Actiance was given permission to capture their real data. The difference between the perception andreality was staggering.Take, for example, social networking. 62% of IT Professionals (that would be the light gray bar) estimated social networking was used within their corporate network, yet in reality, we found it being used in 100% of networks. Likewise, with IM, 60% of IT Professionals estimated IM was used on their network, yet in reality, that figure was 98%.
  • OBJECTIVE: Show leadership in understanding the market and brand association with registered rep and wealth management magazine.TEXT:When it comes financial services, we’ve been working with the folks at registered rep magazine and wealth management.com. WE worked with them on a joint survey to nearly 1600 regulated users, asking about their usage of social media. This survey took place in September and to show the rate of change in the market, we re ran it in February of this year. You can see in just some of these results – as to how much this has changed. CALL OUT SOME OF THE DIFFERENCES> Respondents under 35 are more likely to use social media for business purposes than those 55 or older (68% vs. 45%). Those from insurance firms (67%) and RIAs (67%) are more likely to use social media than those from bank brokerages (35%) or wirehouses (48%). Advisors are more likely to use social media to network with other professionals than to stay in contact with clientsSEGUE: And here at actiance, we’ve taken this understanding of the market a step further..
  • We commissioned a third party organization to undertake some very specific research for us. They conducted 90 minute interviews with some 20 organizations to identify the stage of maturity that they were at when it comes to the enablement of social within the organization. Some firms are only at the Pre-Consideration stage , where they have no social presence at all. Others are Early Consideration stage, where there is some corp. presence, perhaps there are restrictive policies in place. Maybe there’s a pilot going on. Then, there are the Early Adopters, they have a corp. presence and an acceptable use policy in place and social might be being used by distributed teams. And finally, there are the early majority. These folks have everything that I mentioned, plus, they’ve also have started to experience successes so that many of their earlier concerns about being in compliance have been overcome by proper planning and demonstrable results.Wherever you are along this curve, I’m hoping I can help you move to the next phase.
  • - a FA noticed one of her new LI connections was retiring that led to a 2m account acquisition- a FA noticed on LI a client was changing jobs and captured a 401k rollover- a FA noticed a fellow FA was linked in to a contact at a company she was chasing that opened up a commercial account opportunity- a FA with existing ties in the energy market has linked in to 400 new prospects internationally that is expected to yield strong returns in AuM build - all FAs in the pilot use LI to research targets to see how they are connected before calling to increase their hit rates- ML also sees strong interest from their Institutional Research team who want to use LI to deepen their company information for the ones they cover
  • Crop logo91 tweets, $1m prospectEngagement details1200 people live
  • This slide shows why it’s so important to get social…. research from Carol Rozwell of Gartner in May 2011…. identified that the 20 percent of enterprises that employ social media beyond marketing will lead their industries in revenue growth by 2015.
  • Osterman Research conducted a study and found that corporate users spend an average of 18 minutes on a typical workday using social networking tools (or about 4% of their workday). In fact, our own survey showed a change from 2009 to 2010 in the business use of Twitter, going from 13% of users to 78% , a 6-fold increase.Adoption of social computing and social networking in the enterprise is being driven by individuals and departments within the company, such as the Marketing & PR teams who want to use social networking for corporate messaging and advertisements or analysts who wish to publish “market”-relevant data. And some firms are allowing their Financial Advisors and Producers to use social media to conduct business “as such”. These are the folks who need write access.Conversely, there are those corporate users that only need read-only access. This could be departments like HR/Compliance/IT Security, which use social media to research new hires or conduct investigations. And then there’s the issue of personal use. We’ve found that restricted personal use is generally OK so long as clear guidelines are made available company-wide. This growth of usage across the enterprise is pretty impressive but it comes a new set of risks...
  • So far, we’ve seen different countries around the world that have issued specific guidelines for financial service firms. The US was the first in January 2010 with FINRA 10-06, closely followed by the UK in the summer of 2010 with a notice from the Financial Services Authority. We’ve since seen guidelines from IROC and the Canadian Securities Administration and SEBI out of India. India is the fastest growing social networking nation, btw.
  • Text:Today, we’ll be talking about recent guidance offered by FINRA for Registered Representatives and SEC for Registered Investment Advisors. But, first, we’d like to provide some context. There are two major types of financial advisors, Broker-Dealers and their registered representatives and Registered Investment Advisors and their Investment Advisors.  As you can see from this chart, there are subtle, but, important differences between the two. As you know, FINRA issued specific guidance Broker Dealers for social media back in January 2010 in 10-06 and then again, this past August with 11-39. However, until January of this year, the SEC had not provided written guidance for Investment Advisors specifically on social media, however it had included it in its exam sweeps. So, in the absence of guidance from the SEC, RIAs were using FINRA issued guidance.However, in short, both the SEC and FINRA consider social media as a form of electronic communications. Therefore, regulated users are required to follow the rules and regulations surrounding electronic communications even during their “down time” or time away from the office, if they are identifiable as a representative of the organization (i.e., they list the firm as their employer). To make it even clearer, if it’s written down, it’s a written communication.
  • Financial Industry Regulatory Authority (FINRA) FINRA issued specific guidance for Broker Dealers for social media in January 2010 and then again, in August of 2011 . FINRA reiterated that there are new rules. Instead, firms are challenged to interpret how to apply these existing categories of rules and regulations to social media: Recordkeeping: Firms must capture, save and make easily available, all written business correspondence, including communications within social media such as updates, tweets, direct messages, including communications from both business and personal devices. The content is determinative. Timeframes vary, but, in some cases these communications need to be archived for at least five years. Best practice: As social media networking sites do not offer this capability, firms are challenged to find another solution, typically by working with a third party vendor(s). Suitability: Broker-dealers must ensure that recommendations that registered representatives make to their clients are suitable for each investor. That means that the RRs must know their customer’s investing goals and tolerance for risk at that moment in time. For Investment Advisors, the bar is higher. They have a fiduciary responsibility, which means that they must put their clients’ interest above their own. Best practice: Firms typically prohibit recommending specific products, unless a registered principal of the firm has approved the communication.  Communications with the public: Firms need to adhere to content standards for all communications. For example, they must disclose all the facts, cannot be misleading nor can guarantee results. Furthermore, testimonials are specifically prohibited for Investment Advisors and are only allowed in certain circumstances for Registered Representatives. Best practice: Firms typically monitor communications to makes sure content standards are being upheld, and also disable the ability to make recommendations, and in some cases, to “like”. Firms also need to make sure communications are reviewed, either before or after they are made public, depending on how they are categorized, and depending on the content. Static content, such as an advertisement, or brochure or profile on a social media site, needs to be pre-approved by a registered principal of the firm before it is made public. However, interactive communications, such as real-time interactions, do not require pre-approval, but must be supervised at some pre-determined percentage. Both static and interactive communications must meet content standards, be supervised and all communications must be captured and retained. Best practice: Communications rules are fairly complex. Marketing departments typically confer with their compliance department to develop processes for review and approval of content, either before it is posted, or after, depending on the category and content of communications.  Firms are not responsible for third party content unless they have involved themselves in the preparation of the content or explicitly or implicitly endorsed or approved the content. Best practices: Establish and publish usage guidelines for customers and other third parties that are permitted to post on firm-sponsored websites. Monitor, and block inappropriate third-party content and provide disclaimers regarding its responsibility for third-party posts. As retweeting or “liking” or marking as “favorite” could be considered an endorsement of the post, firms typically block these capabilities. Supervision: Like with any type of electronic communications (such as email, or instant messages), firms must demonstrate that they are supervising communications to ensure adherence with content standards. Regulators do not specify what percentage of communications must reviewed. Instead, FINRA allows firms to use a risk-based approach, ie, firms create supervision policies based on their own tolerance for risk, the type of content, plus compliance history of staff. However, FINRA does specify those associated people who use social media must first receive training. Best practice: Work with your Compliance department to develop and follow risk-based written supervisory procedures. Put processes in place to pre-approve static and product related content. For interactive content that does necessarily require pre-approval, determine how and what percentage of content will be reviewed and when. Develop training programs for everyone who will be using social media.
  • As mentioned earlier, FINRA does not regulate Investment Advisors. Instead, they are regulated by the Securities Exchange Commission. There have been conversations about having either FINRA regulate both registered representatives and financial advisors or creating a new Self-Regulatory Organization (SRO) to regulate both. That may happen at some point. But, for now, for now, firms need to make sure they are following the appropriate guidelines for each type of advisor.  In January 2012, the SEC issued guidance about social media for the first time. Before then, firms with Investment Advisors were using FINRA issued guidance.In the SEC’s National Examination Alert, Investment Advisor Use of Social Media, the SEC staff of the Office of Compliance Inspections and Examinations, states that firms use of social media must comply with federal securities laws, including anti-fraud provisions, compliance provisions and recordkeeping. In other words, like the direction from FINRA, there are no new rules for social media, instead firms must interpret the existing rules and apply them to social media.  In the Alert, the SEC listed a number of factors that firms should consider when evaluating the effectiveness of its compliance program. Factors include usage guidelines, content standards, approval of content, making sure there were enough firm resources to monitor IAR activity on social media sites, and others. In a departure from FINRA, the SEC also specifically mentioned that post review of certain content may be problematic. To summarize, the SEC recommended that firms identify risks of using social media and then test whether their in-house policies and procedures effectively address these risks. The SEC also suggested that firms develop policies and procedures specifically for social media to avoid confusion to train staff on the compliant use of social media. Best Practice: Consider pre-review of all content posted by IAS, or at the very least, prompt after the fact monitoring and deletion of inappropriate content.  Third Party Content:The SEC expressed concern about how third party postings on Investment Advisors sites could be interpreted as testimonials, which are prohibited for IAs. The SEC states “the use of ‘social plug-ins’ such as the “like” button could be interpreted as a testimonial … its’ an explicit or implicit statement of a client’s experience with an advisor. In cases where social media sites do not allow the ability to disable ‘like’ or similar feature, RIAs should develop a system to monitor and remove third party postings.” Best Practice: Firms may need to reevaluate practice of IAs setting up separate professional pages on Facebook, which customers connect to via the “like” button, to avoid the appearance of a testimonial.  Recordkeeping: SEC states that social media is like any other written communication, and needs to be retained according to the provisions of the existing Advisers Act. And like FINRA, the SEC states that the “content is determinative”, meaning that both regulators are only interested in business communications. Best practice: As social media networking sites do not offer this capability, firms are challenged to find another solution, typically by working with a third party vendor(s).  

Transcript

  • 1. Social Media Security & ComplianceJuly 12, 2012Joanna BelbeySocial Media and Compliance Specialisthttp://linkedin.com/in/belbeywww.facebook.com/#!/joanna.belbeyTwitter: @belbeyhttps://about.me/belbey
  • 2. Agenda Introductions Changing landscape Social Media Maturity Curve Early successes Regulatory landscape 9 things you can do to get started Materials
  • 3. Why are we presenting to you today?Joanna Belbey Social Media and Compliance Specialist FINRA Education Department Running training firm I help firms use social media while complying with the regulations Twitter: @belbey, @actiance LinkedIn: http://www.linkedin.com/in/belbey My biggest challenge?
  • 4. Internet Application Usage: Perception vs Reality Perception: 62% of IT Professionals estimated social networking was used within their corporate network Reality: 100% used social networking Perception: 60% of IT Professionals estimated IM was used on their network Reality: 98% used IMActual customer traffic history (150+ organizations)Representing all Internet activity from over 150K end users
  • 5. Social media usage A majority of respondents indicate using social media for one or more business purposes. SOCIAL MEDIA USAGE For which of the following business purposes do you use social media today? Respondents under 35 are more likely to use social media for business purposes than those 55 or older (68% vs. 45%)Base: all respondents in 2012 (1,428) and 2011 (1,597); multiple responses.
  • 6. Social Media Maturity Curve Early Majority Early Adopters • Corporate social presence • Corporate presence • Social media usage Early Consideration • Acceptable use policy by distributed teams • Some corporate advisors • Social media being presence used by distributed • Acceptable use policy Pre-Consideration • Banned/ restrictive teams/advisors • Next: use social policy in place • No social presence • Next: use social to to develop, strengthen • Pilot program for develop, strengthen relationships, for some • Restrictive social content distribution relationships, for also as a sales channel policy may be in place some also as a sales • No social tools • Previous concerns • Next: justify channel about FINRA and/ or • Need to: identify distributed teams impact of social media options, best practices usage overcome by market acceptance and demonstrable results.
  • 7. Case Study: Wealth Management Firm (NJ)Outline Real Results LinkedIn Only LinkedIn Connection retirement status change = $2.75m account Listening is Key, watching acquisition connections who matter – Job Change noticed on Status Using Social as an integral element Update = 401k rollover of communications mix to spot change – FA obtains 400 new prospects in Energy market – New Commercial Account Opportunity through colleagues LinkedIn Connections
  • 8. Case Study: RW BairdOutline Real Results LinkedIn Already Available to 1200 @MaryS_rwbaird Veteran Advisers, tech savvy – 51 followers Authentic Content – 93 Tweets (at the time) – $1m prospect
  • 9. 20% of enterprises that employ socialMedia beyond marketing will lead their industriesin revenue growth by 2015. GARTNER, MAY 2011
  • 10. Why is social important in Financial Services?In the USA Gen Y accounts for $2.4 trillion worth of personal incomeIn 2025 Gen Y will account for 46% of personal incomeSource: Javelin Researchhttp://www.stltoday.com/business/local/article_719f49d8-15e6-5c5d-94b7-992ab12d9f97.html?print=1Based on 26,749 online adults, USA, Source: Forrester Research, June 2011
  • 11. So who’s using Social Media? And Why? Sales & Marketing  Promotions  Advertising  Branding  Financial Advisors / Producers HR  Background checks  Recruiting Scientists & Researchers  Information exchange  Collaboration IT  Investigation of security breaches
  • 12. e
  • 13. Risks of Using Social Media and Web 2.0 Data Leakage Incoming Threats Compliance & eDiscovery User BehaviorPersonal SEC, FINRA, IIROC EmployeeInformation Malware, Spyware Productivity HIPAA, FISMAIntellectual Property Viruses, Trojans Bandwidth SOX, PCI, FSACredit Card, Explosion InappropriateSSN FRCP- eDiscovery Content Every employee isClient Records FERC, NERC the face of business
  • 14. Industry-Specific Legislation and Regulatory Bodies Fin Services Energy Healthcare Gov’t FINRA FERC HIPAA FRCP SEC NERC State of Oregon GLBA CFTC Florida GRS State of North SOX NFA Carolina Red Flag Rules
  • 15. Key Legal Issues of Social Media Privacy Content Ownership Intellectual Property Infringement Unauthorized Activities • Harassment • Discrimination • Unfair competition • Defamation • Confidential info Regulatory Compliance
  • 16. Overview of Regulation & Compliance
  • 17. Types of financial advisors Registered Representatives Investment Advisors (Broker-Dealer)* (Registered Investment Advisor)* Regulated by FINRA and the SEC Regulated by SEC or state regulators Paid via commission Paid fee by client Suitability- recommendations must be Fiduciary responsibility – must place clients consistent with best interest of clients interests above own Ethics Legality Transactions Advice *Dually registered firms must adhere to both SEC and FINRA rules.
  • 18. Financial Industry Regulatory Authority (FINRA) RegulatoryGuidance 10-06, 11-39Rule Description Best PracticeRecordkeeping Capture, save and make Third party vendor(s). easily available, all written business correspondenceSuitability Recommendations must be Prohibit recommending suitable for each investor specific products, investment strategiesCommunications with the Content standards, third party Disable the ability to makepublic standards, adoption and recommendations. Block entanglement retweet, “likeAdvertising Static v. interactive Pre-approval, post-reviewSupervision Demonstrate adherence with Follow risk-based written content standards supervisory procedures, trainingFINRA Regulatory Notice 07- Ethical walls between Restrict communications59 research and investment banking
  • 19. New Regulatory Notices from FINRA Suitability (12-25) – effective 7/9/12 Investment Strategies Communications with the Public (12-29) – effective 2/4/13 3 categories (institutional, retail, correspondence) Exempts from pre-review: online interactive electronic forum not a financial or investment recommendation nor promotes a product or service of the firm
  • 20. The Securities Exchange Commission (SEC) NationalExamination Alert Guidance Description Best Practice 13 factors to consider for Identify risks Consider pre-review of all effective compliance program content posted by IAs Third Party Content Possibly testimonials May need to re-evaluate separate professional pages Recordkeeping (Advisers Act) Capture, save and make Third party vendors easily available, all written business correspondence
  • 21. Regulators and Social Media FINRA: RR Jenny Ta used Twitter to tout stock. Ta’s “tweets” were unbalanced, overwhelmingly positive and frequently predicted increases. Fined $10K and suspended for one year. SEC Division of Enforcement: Alleges that Anthony Fields of Lyons IL offered more than $500 billion in fictitious securities through various social media sites. FINRA exams: lists of RR using social media, checking against social media policy
  • 22. 9 steps to mitigate risks to deploy social media 1. Understand your firms landscape, get visibility. 2. Engage stakeholders in policy setting. Set the policy. 3. Consider and address the risks, in a granular fashion. 4. Protect your network from malware, phishing, attacks, data leakage 5. Issue and implement best practice guidelines. 6. Understand and manage the fallibility of human beings. 7. Record and retain (appropriate) communications. 8. Provide education for your users on acceptable and appropriate use. 9. Review and refine policies (regularly).
  • 23. About Actiance, Inc A decade of expertise, a history of firsts Global Operations • 3 US offices, three continents • 210 employees Dedicated Social Engagement Team • Partnering: networks, platforms, service providers • Regulators: FINRA, IIROC, FSA, SEBI… • Best Practice enablement, education Client Engagement • 9 out of the top 10 US Banks, Top 5 CDN Banks • 284 FINRA firms • 100,000 Social Networking users under license
  • 24. Contact Information jbelbey@actiance.com @Actiance, @belbeyFurther reading: Marketers Guide to Social Media in Financial Services FINRA 10-06 and11-39 requirements mapped to Facebook, LinkedIn, and Twitter features Social Media Handbook Osterman Research: The Impact of New Communication Tools for Financial Services Firms Actiance Collateral Library http://actiance.com/products/collateral- library.aspx
  • 25. Thank youJoanna BelbeySocial Media and Compliance Specialisthttp://www.linkedin.com/in/belbey@belbeyConfidential and Proprietary © 2012, Actiance, Inc.All rights reserved. Actiance and the Actiance logo are trademarks of Actiance, Inc