Your SlideShare is downloading. ×
0
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop for Financial Institutions

1,295

Published on

Presented by: Joanna Belbey, Co-Founder, The BGK Group …

Presented by: Joanna Belbey, Co-Founder, The BGK Group

www.bdionline.com

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,295
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Social Media Risks and Compliancefor Financial InstitutionsTuesday, July 26, 2011Joanna Belbey@belbey, @thebgkgroup © 2011 The BGK Group
  • 2. No more excusesKnow the rulesKnow the tools and best practicesPrepare your caseGet started! 2 © 2011 The BGK Group
  • 3. Risks of Social MediaPlus ça change, plus c’est la même choseSimilar to other electronic communications▪ Legal▪ Operational▪ Reputation▪ ComplianceSource: BITS Financial Services Roundtable, Social Media Risks and Mitigation, June 2011 3 © 2011 The BGK Group
  • 4. Risks of Using Social Media▪ Legal ▪ Lack of separation between personal and professional communications (mistakes, terms of service) ▪ Civil litigation (court cases, sharing client information, sensitive data, infected with malware) ▪ E-Discovery – location of ESI to support litigation (preservation, privacy, authenticity) 4 © 2011 The BGK Group
  • 5. Risks of Using Social Media▪ Operational ▪ Loss of employee productivity ▪ Corporate identify theft (tips guessing passwords, answers to security questions) ▪ Malware (malicious software) ▪ Social engineering (manipulate, trickery, blackmail) ▪ Disclosure of intellectual property (secrets, code, client info) ▪ Fraud ▪ Security risk (geo-tagging, insider information, stalking, kidnapping) 5 © 2011 The BGK Group
  • 6. Risks of Using Social Media▪ Reputation (defensive and proactive) ▪ Reputational threat ▪ Lack of monitoring ▪ Insufficient employee training ▪ Negative brand impact ▪ Responding in a crisis (BCP) 6 © 2011 The BGK Group
  • 7. Risks of Using Social Media▪ Compliance ▪ Foreign and domestic privacy laws (Gramm-Leach- Bliley Act) ▪ Existing company policies (Code of Conduct / Ethics, Branding / Logo, Trademark, Sarbanes-Oxley, Promotion / Sweepstakes, Employee Verification, etc) ▪ Data retention (outside the network, volume of data, rapid change, integration personal and private) 7 © 2011 The BGK Group
  • 8. Risks of Using Social Media▪ Compliance (cont.) ▪ Endorsements (FTC – disclose relationships with advertisers) ▪ Labor relations (pre-screening, unfair labor practices, harassment, safety, “concerted activity”) ▪ Payment cards industry (PCI Security Standards) ▪ Marketing laws and regulations (Truth in Lending, Truth in Savings, FDIC, etc) ▪ FINRA, IIROC (Canada), FSA (UK), SEBI (India) 8 © 2011 The BGK Group
  • 9. Mitigation of Risks▪ Collaboration with IT department / outside vendors▪ Develop written policies and guidance for social media▪ Specify ramifications of violations▪ Establish ongoing training▪ Monitor to detect non-compliance 9 © 2011 The BGK Group
  • 10. Risks of Using Social Media▪ Compliance with SEC and FINRA Requirements ▪ Registered Representatives (RR, Rep, Broker - sell securities working for broker dealers) ▪ Rules designed to protect investors ▪ RR required to follow the rules and regulations surrounding electronic communications even during their “down time” OR time away from the office, if they are identifiable as a representative of the organization (i.e., they list the firm as their employer). 10 © 2011 The BGK Group
  • 11. FINRA Regulatory Notice 10-06 10-▪ Recordkeeping▪ Suitability▪ Communications with the Public▪ Advertising▪ Supervision 11 © 2011 The BGK Group
  • 12. RecordkeepingNASD Rule 3110, SEC Rules 17a-3, 17a-4, Securities Exchange Act 1934▪ Firms must make and preserve books, accounts, records, memoranda, and correspondence in conformity with all applicable laws, rules, regulations and statements of policy of applicable SROs and as prescribed by SEC Rule 17a-3. The recordkeeping format, medium, and retention period shall comply with Rule 17a-4. 12 © 2011 The BGK Group
  • 13. Recordkeeping▪ Correspondence with public customers, both written and electronic, must be maintained. (includes RRs electronic correspondence with the public relating to the firms business, generated both at the office and at home.)▪ ALL written communications with the public falls under FINRA jurisdiction. If you type it out, it’s written.▪ Although includes social media, most social networking sites do not provide any sort of archiving, making supervision and review difficult 13 © 2011 The BGK Group
  • 14. SuitabilityNASD Rule 2310 and NTM 01-23▪ Requires a broker-dealer to determine that a recommendation is suitable for every investor to whom it is made.▪ Firms should consider prohibiting electronic communications recommending specific products unless a registered principal pre- approved. 14 © 2011 The BGK Group
  • 15. Communications with the PublicNASD Rule 2210 – Content standards Principals of fair dealing and good faith Full disclosure of material facts Fair, balanced and sound basis No sins of omission Review must try to ensure that the document is not misleading No puffery – false or misleading facts, claims 15 © 2011 The BGK Group
  • 16. Communications with the PublicNASD Rule 2210 – Content standards (cont.) No fine-print or foot note defense Testimonials – most firms don’t allow RRs: knowledge and experience to form a valid opinion, may not be representative experience of others, no guarantees about success, disclosure if paid) IAs: prohibited 16 © 2011 The BGK Group
  • 17. Broker in Trouble Over Tweets▪ A California broker touted certain investments to her 1,400 Twitter followers without notifying her firm of the stock- picking “tweets.” Some of the “overly positive” messages predicted that stocks, including Advanced Micro Devices, or AMD, would soon surge. 17 © 2011 The BGK Group
  • 18. Broker in Trouble Over Tweets▪ On Sept. 9, 2009, she tweeted, “Keep an i on AMD ppl! Just bike abve $5 = margins & institutionals can now ‘play ball!’ Barclay upgraded to $7 ystrdy, but it should be $10+”▪ A couple months later, she tweeted, “How accurate am I with AMD? Just check out my tweets! The future of AMD in 2010? Ummm..I would say $12 is conservative!” 18 © 2011 The BGK Group
  • 19. Broker in Trouble Over Tweets▪ FINRA: “failed to disclose material information” about her recommendations, including that she held big stakes in some of the investments she was recommending▪ The broker’s misbehavior extended to two Web sites she created, which contained misleading information about her “career accomplishments” and undeclared outside business activities▪ FINRA charged the broker for sending a series of “misrepresentative and unbalanced” messages on Twitter. FINRA fined the broker $10,000 and suspended her for one year. 19 © 2011 The BGK Group
  • 20. Communications with the PublicNASD Rule 2211▪ Correspondence - written letter or electronic mail message and any marketing letter distributed to: ▪ One or more existing retail customers; and ▪ Fewer than 25 prospective retail customers within any 30 calendar-day period ▪ Not pre-approved, unless product recommendations, subject to supervision 20 © 2011 The BGK Group
  • 21. Communications with the PublicNASD Rule 2210▪ Advertisements: Publicly available websites, such as Twitter, banner advertisements, and bulletin boards. Static (non-interactive) content on social networking sites and blogs.▪ Sales literature: An email or instant message sent to 25 or more prospective retail customers, and password protected websites, such as Facebook, LinkedIn.▪ Both require pre-approval by principal of firm. 21 © 2011 The BGK Group
  • 22. Communications with the PublicNASD Rule 2210▪ Public Appearance: Real-time interactive or non-static electronic forums including extemporaneous chat room, social networking and blog comments.▪ FINRA Regulatory Notice 10-06: Does not require pre-approval, however, requires supervision, content requirements 22 © 2011 The BGK Group
  • 23. Static and Interactive▪ Facebook, Twitter and LinkedIn contain both: ▪ Static: profile, background, wall, photo, disclosures and hyperlinks are considered “advertisements” and require pre-approval and retention ▪ Interactive: responses to a post or discussion, online seminars, chat rooms are considered “a public appearance”, do not need pre-approval, but require supervision and retention ▪ All must meet content standards 23 © 2011 The BGK Group
  • 24. Big question▪ What’s a tweet? 24 © 2011 The BGK Group
  • 25. Communications with PublicThird Party Content▪ Firm not responsible for third party content unless: ▪ Firm has involved itself in the preparation of the content or explicitly or implicitly endorsed or approved the content ▪ Third party info hyperlinks linked to website 25 © 2011 The BGK Group
  • 26. Third Party ContentBest practices:▪ Establish and publish usage guidelines for customers and other third parties that are permitted to post on firm-sponsored websites▪ Establish processes for monitoring, screening, blocking inappropriate third-party content▪ Disclaimers regarding its responsibility for third- party posts 26 © 2011 The BGK Group
  • 27. Third Party Content▪ Retweeting or “liking” or marking as “favorite” could be considered an endorsement of the post▪ Firms should consider blocking these capabilities▪ When setting policies and procedures, notifying RRs of why a particular function is blocked will assist in training of employees 27 © 2011 The BGK Group
  • 28. Supervision▪ Firms must maintain and enforce all written procedures, including social media, to meet content requirements of FINRA’s communications rules ▪ Static content considered an advertisement must be pre-approved ▪ Interactive content does require pre-approval but must be supervised 28 © 2011 The BGK Group
  • 29. Supervision▪ May adopt supervisory procedures for social media similar to those outlined for electronic correspondence▪ May employ risk-based principles to determine level of review to meet standards with a few exceptions 29 © 2011 The BGK Group
  • 30. Supervision▪ General policy prohibiting any associated person from engaging in business communications in a social media site that is not subject to the firm’s supervision▪ Require that only those associated persons who have received appropriate training may engage in such communications. 30 © 2011 The BGK Group
  • 31. Managing Social Media UseFirms should update procedures to cover social media:▪ Review and approval of content in advance▪ Monitoring activity▪ Archiving communications▪ Controlling the use of unauthorized networks▪ Blocking access to various functionalities▪ Blocking access by unauthorized users 31 © 2011 The BGK Group
  • 32. Summary: Educating Employees▪ Firms should educate employees on the use of social media and what is and is not appropriate.▪ Include the various functionalities of the social media site and how the functionality will be handled (blocked, prior approval, etc.) 32 © 2011 The BGK Group
  • 33. Resourceswww.FINRA.orgFINRA Regulatory Notice 10-06 - Guidance for Social Media WebsitesFINRA – Guide to the Internet Guide for Registered RepresentativesFINRA Regulatory Notice 7-59 – Supervision of Electronic CommunicationsNASD Notice to Members 01-23 – Online SuitabilityFINRA Notice to Members 99-03 – Review of Incoming Written CorrespondenceFINRA Regulatory Notice 97-43 – Broker-Dealer Record Retention Rulewww.BITS.orgBITS Financial Services Roundtable – Social Media Risk and Mitigation 33 © 2011 The BGK Group
  • 34. Contact InformationJoanna BelbeyJoanna.Belbey@thebgkgroup.com@belbeywww.linkedin.com/in/belbeyThe BGK Groupeducation@thebgkgroup.com@thebgkgroupLinkedIn: The BGK GroupFacebook: The BGK Group 34 © 2011 The BGK Group

×