The SEC’s National Examination Risk Alert issued yesterday through the Office of Compliance Inspections and Examination comes at an interesting time. Almost two years after FINRA issued specific guidance in its Notice to Members 10-6 defining the social media it sought toregulate and suggesting ways member firms should supervise use of social media, and on the same day the SEC’s Division of Enforcement issued an Order Instituting Administrative and Cease-and-Desist Proceedings in an enforcement action against an Illinois investment adviser, alleging, among other things, that the adviser used social media platforms, including LinkedIn, to offer to buy and sell fraudulent bank guarantees and medium term notes in exchange for transaction-based compensation, now comes a social media alert to investment advisers and their associated persons. Undoubtedly, the alert’s guidance is important, but the timing is a bit off. Adviser use of social media has been around for a while now. However, to their credit, the SEC has in many ways endorsed FINRA guidelines and, in the past, issued its own guidance with respect to website use.
In addition to those mentioned in the summary, what are the key takeaways from the alert?
1. Adopt and Periodically Review Social Media Procedures. If you decided to take a break from the guidance, including notices (for e.g. NTM 11-39, NTM 10-6, and other comments coming from FINRA and other regulators over the past two years that the SEC endorsed) and chose not to address the use of social media in your compliance policies and procedures, you should start addressing them. They need to comply with the federal securities laws, including the recordkeeping provisions of Section 204 of the Advisers Act of 1940, and Rule 204-2, thereunder;
2. The Social Media Policies and Procedures need to be Specific. Here one size doesn’t fit all. Just using your existing advertisement/electronic/client communication policies, won’t cut it. Advisers will need to specifically a address the types of social networking activity they will allow. This is also true for any third-party solicitor the firm employs. The alert provides a non-exhaustive list of factors that firms should use to identify conflicts and risk exposure to them and their clients. Those factors include: Usage Guidelines, Content Standards and their approval, Monitoring and its frequency, Firm resources, Criteria for participation in social media, Training, Possible Certification requirements for users, Personal/Professional and Enterprise-Wide Sites, and Security;
3. The Policies and Procedures Should Address Third-Party Postings. This is particularly true with third-party testimonials which are prohibited. Adviser will need to address whether they will limit third-party postings to authorized users and prohibit postings by the general public, and also determine what steps they might take to avoid having third-party postings attributed to the adviser; and
4. With Social Media, Advisers Have RecordKeeping Obligations. The alert reminds advisers of their recordkeeping obligations under Rule 204-2 of the Advisers Act of 1940 that would also apply to social media. What this also means is that before advisers allow use, they should determine whether they have the capacity to retain the required data, given the possible large volume of communications. They should be ready to make such information available to the SEC for inspection any required records generated by social media.
Pull out the compliance procedures and let the revisions and training begin.