Social Media and Compliance

The October 3, 2011 issue of InvestmentNews included the “On Social Media” column by Kristin Andree, titled: “About FINRA’s social-media update: Advisory firms now have more guidance on record keeping and supervision.” The lead is: “Compliance is the big reason that most financial advisers are merely dipping their toes into the social-media waters.” The same is true for insurance producers, although on the insurance side, we have even less regulatory guidance than financial advisors do.

A foundation of FINRA’s model of self-regulation that is making its way into insurance regulation is the importance of supervision. We see it very clearly in the annuity suitability regulations that are based on FINRA procedures and I think we will see it too with social media. However, if we look at the FINRA model of a broker-dealer/registered principal to be responsible for supervision of associated persons, there is a disconnect to the insurance world because there is no real equivalent for the broker-dealer. Instead of the firm being responsible for the conduct of associated persons, insurance companies are generally held responsible for the conduct of their agents. It is often a big leap between a home office and the agent in the field and we see those challenges for suitability supervision and we see it even more clearly in the use and regulation of social media.

Under Notice 11-39, a registered principal “must review prior to use any social media site that an associated person intends to employ for a business purpose. The registered principal may approve use of the site for a business purpose only if the registered principal has determined that the associated person can and will comply with all FINRA rules, the federal securities laws, including recordkeeping requirements and any additional requirements established by the firm.” The Notice makes clear that the review of the site must be in the form in which it will be launched, “to ensure that the registered principal will be reviewing not only the initial communication, but the social media site itself in its completed design.” That of course, is easier said than done. For example, we all know that Facebook changes its format and appearance regularly. (I often have to laugh when people lament the new Facebook. What was the old Facebook? Last week, last month? Social Media sites such as Facebook, LinkedIn and Twitter try to change regularly to maintain interest and add new features.) In that context, what does “completed design” mean? As of the day of launch? Or every day thereafter, with every change?

Personally, I like the distinction FINRA draws between “unscripted participation” in interactive electronic forum and “static postings.” The former are considered within the definition of a “public appearance under FINRA Notice 11-39 and the latter an “advertisement” under NASD Rule 2210. Firms are permitted to use a risk-based, post-use supervisory approach for public appearances. Advertisements must be approved by a registered principal prior to use. However, the distinction is not without its landmines: In the Answer to Question 6 in the Notice, it makes clear that interactive content (post use review) can become static if it is copied or forwarded and posted in a static forum, such as a blog or static area of a website. It would then become an advertisement and subject to prior approval by the registered principal.

In the InvestmentNews column, Ms. Andree recommends that “prior to allowing reps to use social media, firms establish very clear policies on what is allowed and what isn’t, and then do a ton of well-documented training around it. Don’t go overboard with the rules, but establish policies that protect consumers yet still allow advisers to brand themselves and serve as a resource to clients and prospects.” In general I agree that this is good advice for insurers looking at social media policies as well. A blanket prohibition creates a level playing field but just isn’t realistic for today’s world. To date that has worked for many companies, but more and more are reworking their social media policies to allow some use.

However, the more complex the rules, the more frustration and the greater the likelihood that they will not be consistently followed, perhaps only because they are misunderstood. Instead, clear rules, simply stated should be crafted so that they are easily understood and applied to the daily uses of social media. Once the rules are in place, they should be applied consistently and compliance monitored regularly. On-going training is essential. Social media is part of the culture and here to stay, though evolution will continue. As that evolution occurs, regulatory mandates will as well, that is a given. Compliance doesn’t have to keep insurance companies and producers out of the social media marketplace. Compliance does not have to be what prevents insurance producers from using social media. Compliance should ensure only that new media, like older media, does not result in market abuses, it should not be what keeps producers off Facebook, LinkedIn, Twitter and blogs.