Security, Privacy and The Law : Security & Privacy Lawyer & Attorney : Foley Hoag Law Firm : Boston, Washington D.C.

Third-Party Content

The alert warns that particular attention should be paid to potential federal securities law violations stemming from third-party content posted on a firm’s social media site. Specifically, firms should be careful to prevent “testimonials” from being posted on a site. The staff advises that, depending on the facts and circumstances, certain functions on a social media site such as a “like” button could be considered a testimonial under the Advisers Act. If such function cannot be disabled, investment advisers should consider monitoring and removing third-party postings if necessary. A firm should also consider the extent to which a third-party should be allowed to post on the firm’s social media site. For example, some firms restrict postings to authorized users, others only allow the firms’ employees to post on the site and others have no restrictions on posting. Regardless of the extent to which third-party posts are allowed, a firm should consider having policies and procedures concerning third-party posts. A firm should also consider disclaimers on their social media site stating that it does not approve or endorse any third-party communications.

Record Keeping Responsibilities

The record keeping obligations for communications that relate to the advisers’ recommendations or advice under the Advisers Act do not distinguish between various forms of media used by advisers. In the alert, the staff states that “investment advisers that communicate through social media must retain records of those communications if they contain information that satisfies an investment adviser’s recordkeeping obligations under the Advisers Act.” A firm should review any document retention policies to ensure that communications generated by social media communications are covered by the policy and will be retained in compliance with the federal securities laws.  

Compliance Programs

Rather than possibly having multiple overlapping policies and procedures covering advertisements, client communications and electronic communications that may each address in part the different risks associated with the use of social media, the alert suggests developing a separate and distinct policy for the use of social media. The staff suggests considering the following factors when crafting a social media policy:

Usage Guidelines. Consider creating guidelines that provide investment adviser representatives and solicitors with guidance on the appropriate and inappropriate use of social media. This might include a list of approved social media sites and permitted or restricted activities on those sites.

Content Standards. Consider whether content contains investment recommendations, information on specific investment services or investment performance and whether such content implicates any fiduciary duties or other regulatory issues.

Monitoring and Frequency of Monitoring. Consider procedures for monitoring the firm’s social media sites or use of third-party sites. The alert notes that a firm should consider the volume and pace of communications posted on a social media site to determine whether periodic, daily or real-time monitoring of posts is appropriate. The alert also states that “[t]he after-the fact review of violative content days after it was posted on a firm’s social networking site, depending on the circumstances, may not be reasonable, particularly where social media content can be rapidly and broadly disseminated to investors and the markets.”

Approval of Content. Consider a requirement to have content pre-approved.

Firm Resources. Consider whether the firm has sufficient resources to adequately monitor the use of social media and whether the use of outside vendors is necessary.

Criteria for Approving Participation. Before approving the use of a social networking site, consider the reputation of the site, the site’s privacy policy, the ability to remove third-party posts, controls on anonymous posting and the site’s advertising practice.

Training and Certification. Consider implementing training related to the use of social media to prevent potential violations of federal securities laws and internal policies. A firm may also consider a requirement for employees to certify that they understand and are complying with the social media policies and procedures.

Functionality. Consider upgrades or modifications to the site that may affect any risk exposure for the firm or its clients. If the site includes a functionality that exposes the firm or its clients to violations of federal securities laws and/or privacy risks, and if that functionality cannot be disabled, consider whether use of such site is appropriate.

Personal/Professional Sites. Consider adopting policies and procedures to address how investment adviser representatives or solicitors use personal or third-party social media sites to prevent firm business from being conducted on such site.

Information Security. Consider whether allowing access to social media sites poses any information security risks. Firms should consider policies and procedures to create a firewall between sensitive customer information as well as the firm’s proprietary information and any social media sites.

Enterprise Wide Sites. Consider creating usage guidelines to prevent violations of the Advisers Act with respect to the advertising practices of a firm wide social media site if an investment adviser is part of a larger enterprise.

Advisers should expect that the SEC will be inquiring about the firm’s use of social media, and the firm’s policies and procedures on the same, in exams. The Commonwealth of Massachusetts has also expressed interest in adopting regulations on the use of social media by investment advisers and issued a report on the same (see Foley Adviser of July 15, 2011 on the Massachusetts report).