How Can We Spot-Check Employee Behavior on Social Media?
As social media changes the way people interact, it's also recasting the relationship between financial advisors and their employers. Some professionals may feel that the life they live on social media is a private matter that doesn't concern their firm, but in fact the things that they say on the Web can draw regulators' notice.
So it's important for chief compliance officers to know what accounts their employees have on social media and what they're saying on those accounts. Even on Yelp, the online business review site that covers everything from restaurants to cardiologists, if an advisor in any way is representing his firm, the things he says can be deemed to be official and must attend to rules set by the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC). Those comments also must be archived according to regulators' rules.
BUSINESS USE OF PERSONAL WEBSITES
The personal can easily turn into the professional where social media is concerned. Take LinkedIn. This network for professionals is a place where communications almost always matter for regulatory purposes, since the individual is representing his or her firm through their profile on the site. After all, current employment is the first thing people look at on the site.
On Facebook, however, this may not be the case. An advisor may be using it just to comment on family activities or the performance of his favorite
FIGURE 35.1 Spot-Checks Move from the Paper World to the Online World
baseball team. But if he uses the site to promote investment opportunities, his firm may be held accountable for such conduct.
Regulators expect firms to have systems for monitoring employee behavior on social media, so compliance experts recommend that firms outline internal practices for doing so (Figure 35.1). As part of an annual compliance review, employers can require their advisors to disclose the sites on which they're active – the employee, for instance, would say, “The sites I use in social media are the following, and I don't refer to the firm in my personal accounts, except on LinkedIn, where I've listed that I'm an employee of the firm.” Many advisors already disclose their personal brokerage accounts to a firm, so a social media disclosure would not be a novel exercise.
It's a good idea to track what your advisors are doing on social media. In the first place, regulators expect firms to know if their financial reps are offering a webinar or representing the firm in a certain fashion or talking about investment products – any behaviors being done outside of the supervised social networking sites that the firm's chief compliance officer (CCO) is monitoring. (The SEC put out an advisory on this in January 2012.) The practice of reviewing employee behavior on social media is sometimes called creeping, and it could be considered a form of snooping if not for the regulatory necessity of doing so. (And remember, the social sites under review are already open to the public. The firm is only interested in seeing what anyone else can see on an advisor's site.)
THE REGULATORS ARE SEARCHING ON SOCIAL MEDIA
Keep in mind that regulators themselves are monitoring social behavior. It's not clear how often spot-checking of web postings occurs, but in almost every social community there is a regulator present – at LinkedIn, Facebook, and even at major financial firms such as Schwab and Fidelity.
The Office of Compliance Inspections and Examinations at the SEC says it looks at social media practices when its auditors visit financial practices. Audits focus on practices that are newly registered and that have not been examined before. For new firms, it's not likely to take place until your third anniversary. The OCIE solicits tips from the public over the Web asking for reports of misbehavior on social media.
So if a financial practice wants to avoid a conflict when examiners come to visit, the best thing to do is establish procedures and certification by the advisors that they are not, for example, using their Facebook account for business purposes. The good news is there are third-party firms that can provide platforms that allow CCOs to monitor employees' personal and business accounts. Again, the first step in the process is requiring employees to disclose whether or not they have social media accounts; then the firms certify whether the activities on those accounts comply with its policies. An ounce of policy protection is worth a pound of audit unpleasantness.
-  SEC, “Investment Adviser Use of Social Media,” National Examination Risk Alert, January 4, 2012, https://sec.gov/about/offices/ocie/riskalert-socialmedia.pdf.