The SEC charged an Illinois-based investment adviser on January 4, 2012 with trying to sell fictitious securities, allegedly offering more than $500 billion of the bogus investments on various social media web sites such as LinkedIn. In the SEC’s order instituting administrative proceedings (the “OIP”) against the adviser, the SEC alleges the adviser used LinkedIn discussions to promote fictitious “bank guarantees” and “medium-term notes.” The postings in LinkedIn purportedly resulted in interest from multiple potential buyers who responded to the postings by email.
According to the OIP, the adviser made multiple fraudulent offers through his two sole proprietorships and provided potential customers false and misleading information about assets under management, clients and operational history through the adviser’s web site and in SEC filings.
The SEC also alleges the adviser failed to maintain required books and records, did not implement adequate compliance policies and procedures, and held himself out to be a broker-dealer though he was not registered with the SEC. A copy of the OIP is available at: http://www.sec.gov/litigation/admin/2012/33-9291.pdf
The Alerts
The SEC, in response to increasing social media financial scams, has issued two alerts in an agency-wide effort to highlight the risks investors and advisory firms face when using social media.
The first alert, titled “Investment Adviser Use of Social Media,” provides SEC staff observations based on a review of investment advisers of varying sizes and strategies that use social media. A second alert, “Social Media and Investing: Avoiding Fraud,” informs investors of fraudulent investment schemes that use social media and provides tips for checking the backgrounds of advisers and brokers.
An overview of the alert relating to investment adviser use of social media and related compliance considerations is provided below.
National Examination Risk Alert – “Investment Adviser Use of Social Media”
The alert addresses compliance concerns that may arise from social media use by firms and their associated persons, and offers suggestions for complying with the antifraud, compliance, and recordkeeping provisions of the federal securities laws. According to the SEC, firms should consider how to implement new compliance programs or revisit their existing programs in the face of rapidly changing technology.
Compliance Programs Relating to Social Media Use
The SEC listed the following factors that investment adviser firms may want to consider when evaluating the effectiveness of their compliance programs:
Usage Guidelines: Firms may consider whether to create firm usage guidelines that provide guidance to investment advisory representatives (“IARs”) and solicitors on the appropriate and inappropriate use of social media. Firms may also consider addressing appropriate restrictions and prohibitions regarding the use of social media sites based on their analysis of the risk to them and their clients. For example, a firm may choose to provide an exclusive list of approved social media networking sites for IARs’ use or prohibit the use of specific functionalities on a site.
Content Standards: Firms may consider the risk that content created by them or their IARs or solicitors implicates a fiduciary duty or other regulatory issues (e.g., such as content that contains investment recommendations, information on specific investment services or investment performance). Firms may also articulate clear guidelines with respect to such content, and consider whether to prohibit specific content or impose other content restrictions.
Monitoring: Firms may consider how to effectively monitor their social media sites or use of third-party sites, taking into account that many third-party sites may not provide complete access to supervisors or compliance personnel.
Frequency of Monitoring: Firms may consider the frequency with which they monitor IAR or solicitor activity on a social media site. For example, using a risk-based approach, a firm may conclude that periodic, daily or real-time monitoring of the postings on a site is appropriate. The after-the fact review of violative content days after it was posted on a firm’s social networking site, however, depending on the circumstances, may not be reasonable, particularly where social media content can be rapidly and broadly disseminated to investors and the markets.
Approval of Content: Firms may consider the appropriateness of pre-approval requirements (as opposed to after-the-fact review, as discussed above).
Firm Resources: Firms may consider whether they have dedicated sufficient compliance resources to adequately monitor IAR or solicitor activity on social media sites, including the ability to monitor the activity of numerous IARs or solicitors. Conversation monitoring or similar services provided by outside vendors may be appropriate. Consistent with current practices utilized in the securities industry for the review of electronic communications, firms may use sampling, spot checking, or lexicon-based or other search methodologies, or a combination of methodologies, to monitor social media use and content.
Criteria for Approving Participation: In analyzing the risk exposure for a firm and its clients relating to the use of a social networking site, the firm’s compliance procedures may consider, without limitation, the reputation of the site, the site’s privacy policy, the ability to remove third-party posts, controls on anonymous posting and the advertising practices of any social media site that the firm or its IARs or solicitors use to conduct business.
Training: In establishing or reviewing any training requirements for IARs, firms may implement training related to social media that seeks to promote compliance and to prevent potential violations of the federal securities laws as well as their internal policies.
Certification: Firms may require a certification from their IARs and advisory solicitors confirming acknowledgement of and compliance with internal social media policies and procedures.
Functionality: Firms may consider the functionality of each social media site approved for use, including the continuing obligation to address any upgrades or modifications to the functionality that affect the risk exposure for the firms or their clients. Such consideration is particularly significant given the rapidly evolving nature of this new media. For example, a firm that opts to host social media on a site that includes a functionality or engages in a practice that exposes a client-user’s privacy, which practice or policy cannot be disabled or modified, may need to consider whether the firm’s participation is appropriate.
Personal/Professional Sites: Firms may adopt policies and procedures to address an IAR or solicitor conducting firm business on personal (non-business) or third-party social media sites. For example, a firm may choose to specify what types of firm communications or content are permitted on a site that is not operated, supervised or sponsored by the firm. While a firm may determine that it is appropriate to permit business card information on a specific personal site or third-party site, it may choose to prohibit conducting firm business on that site.
Information Security: Firms may consider whether permitting IARs to have access to social media sites poses any information security risks. Firms may consider appropriate firewalls between sensitive customer information, as well as their own proprietary information, and any social media site to the extent that IARs are permitted to access to such sites.
Enterprise Wide Sites: Firms that are part of a larger financial services or other corporate enterprise may create usage guidelines reasonably designed to prevent the advertising practices of firm-wide social media sites from violating the Investment Advisers Act of 1940 (the “Advisers Act”).
Third-Party Content: Firms permitting third-party postings on their social media sites should consider adopting policies and procedures concerning third-party postings, including the posting of testimonials about them or their IARs as well as reasonable safeguards to avoid violations of the securities laws.
Testimonials: According to the SEC, a facts and circumstances analysis is used in determining whether a third-party statement is a testimonial. While the term “testimonial” is not defined in Rule 206(4)-1(a)(1) under the Advisers Act, the SEC staff has consistently interpreted the term to include a statement of a client’s experience with, or endorsement of, an investment adviser. Accordingly, the use of “social plug-ins” such as the “like” button could be a testimonial under the Advisers Act, such as in instances where a “like” feature is an explicit or implicit statement of a client’s experience with an investment adviser or IAR. For example, if the public is invited to “like” an IAR’s biography posted on a social media site, that election could be viewed as a testimonial.
Recordkeeping – A Content-Driven Approach
The recordkeeping obligations set forth in the Advisers Act do not differentiate between the various social media, including paper and electronic communications, and other internet-based communications that relate to the adviser’s recommendations or advice. According to the SEC, the content of communications through social media determines whether a recordkeeping obligation exists. Accordingly, firms that communicate through social media sites must retain records of those communications if they contain information that satisfies an investment adviser’s recordkeeping obligations under the Advisers Act.
Generally, Rule 204-2 under the Advisers Act requires, among other things, the retention of advertising and recommendations to investors. Because much of the information disseminated through social media sites could be considered by the SEC to be advertising or recommendations, firms should ensure that their social media policies and procedures address the retention and maintenance of such communications pursuant to Rule 204-2. Firms should also be mindful of the requirement that such records be kept in an easily accessible place for a period of not less than five years.
Retention Policies
According to the SEC, investment advisers should adopt policies and procedures that address the following factors relating to the recordkeeping and production requirements of records generated by social media communications:
- Determining, among other things, (1) whether each social media communication used is a required record, and, if so, (2) the applicable retention period, and (3) the accessibility of the records. As explained above, the content of communications through social media determines whether a recordkeeping obligation exists.
- Maintaining social media communications in electronic or paper format (e.g., screen print or pdf of the social media page, if practicable).
- Conducting employee training programs regarding recordkeeping provisions.
- Arranging and indexing social media communications that are required records and kept in an electronic format to promote easy location, access and retrieval.
- Periodic test checking (using key word searches or otherwise) to ascertain whether employees are complying with retention policies and procedures.
- Using vendors to keep records consistent with the recordkeeping requirements.
For further information, the alert is available at: http://www.sec.gov/about/offices/ocie/riskalert-social media.pdf
FINRA Considerations
While investment advisers are not subject to FINRA oversight, unless dually registered, given the lack of specific regulations and the limited guidance from the SEC concerning which types of communications or social media features must be retained and supervised by firms, some industry participants are nevertheless looking to recent guidance from FINRA regarding social media usage.
Recordkeeping
In Regulatory Notices 10-06 and 11-39 (the “Notices”), FINRA reminded members that Rule 17a-4(b)(4) under the Securities Exchange Act of 1934, as amended (the “Exchange Act”), requires members to retain records of communications that relate to their “business as such.” Whether a particular communication is related to the business of the firm depends upon the facts and circumstances. According to FINRA, this analysis does not depend on the type of device or technology used to transmit the communication; rather, the content of the communication is determinative. Notably, every firm that intends to communicate, or permit its representatives to communicate, through social media sites must first ensure that it can retain records of those communications as required by Rules 17a-3 and 17a-4 under the Exchange Act.
Supervision
To date, FINRA has provided more guidance than the SEC in the area of which types of communications require supervisory review or prior approval by a registered principal. FINRA’s rules provide that certain broker-dealer communications be subject to supervision or prior approval. See NASD Rules 2210 and 3010. In the context of social media, determining what level of review is required involves an analysis of the static or interactive (non-static) nature of the communications. In contrast, such analysis is not required when determining whether records are subject to retention requirements. According to FINRA, static content is generally considered an “advertisement” requiring approval by a registered principal prior to posting while interactive communications are generally considered communications subject to monitoring or supervisory review.
While the Advisers Act does not address specific supervision or approval requirements, investment advisers may consider incorporating supervision standards established by FINRA into their social media policies and procedures.
Static v. Non-Static
FINRA recognizes that social media sites, such as blogs, Facebook, Twitter and LinkedIn, typically include both static and non-static (interactive) content. Static content remains posted until it is changed by the firm or individual who established the account on the site. Further, static content is generally accessible to all visitors to the site. Examples of static content include profile, background or wall information. In contrast, non-static communications enable users to engage in real-time interactive communications. For example, interactive posts on sites such as Twitter and Facebook constitute non-static communications subject to supervisory review.
FINRA Regulatory Notices 10-06 and 11-39 are available at:
http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf
http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p124186.pdf
Published January 21, 2012.
