With newer methods to communicate and interact with the so-called social network popping up on almost a daily basis, securities regulators have been giving more and more attention to social media and how companies and certain regulated professionals are employing it. As we discussed in a previous blog, the SEC has signed off on public companies utilizing social media for disclosure purposes, provided that, among other things, companies disclose to investors the types of social media outlets they will employ for such purposes. The SEC has issued guidance on the use of social media by public companies for Regulation FD and other disclosure purposes, which can be found in this SEC Press Release and in the SEC’s report on its investigation of the Facebook postings made by Netflix’s CEO.
Now it appears that social media is gaining the attention of FINRA as well, the primary self-regulatory organization for registered broker-dealers. As reported in a recent article on CNN, FINRA wants state privacy laws to provide exemptions for registered broker-dealer firms that would permit such firms to access Facebook and other social media accounts of their associated persons (i.e., stockbrokers). Because of the prominence and proliferation of Facebook and the personal or sensitive nature of the information contained on an individual’s Facebook page and other social media accounts, state legislatures have proactively enacted legislation that prevent or restrict companies from monitoring employees through social media. According to the National Conference on State Legislatures, six states enacted legislation in 2012 that prohibits employers from requesting or requiring an employee, student or applicant to disclose a user name or password for a personal social media account.
FINRA is concerned, however, that prohibiting access to employee social media accounts may affect a registered broker-dealer’s ability to fully comply with its mandated supervisory duties under federal laws and regulations. For example, registered broker-dealers are required to maintain copies of all “business communications” as discussed in guidance issued by FINRA in Regulatory Notice 11-39. Under Rule 17a-4(b)(4) of the Exchange Act, “business communication” includes “[o]riginals of all communications received and copies of all communications sent (and any approvals thereof) by the member, broker or dealer (including inter-office memoranda and communications) relating to its business as such, including all communications which are subject to rules of a self-regulatory organization of which the member, broker or dealer is a member regarding communications with the public.” Thus, if a stockbroker is using social media to transmit business communications, the broker-dealer is required to maintain copies of those communications. FINRA believes that access to social media accounts is therefore necessary to permit Broker-Dealers to comply with regulatory requirements. As a result, FINRA has recently sent a number of letters to state legislatures urging them to permit broker-dealers to be exempted from these state privacy laws to the extent necessary to comply with their respective regulatory requirements.
For the time being, broker-dealers will have to do their best to balance their supervisory obligations with the constraints imposed by applicable privacy laws. One idea would be to prohibit employees’ use of social media altogether. However, this approach would seem unrealistic in practice. Alternatively, firms could adopt policies that prohibit employees from using social media to post or disseminate business-related information. If this approach is taken, broker-dealers likely have an obligation to conduct employee training so that employees are aware of what sort of information can and cannot be posted via social media (according to Regulatory Notice 11-39). As this regulatory area develops, firms will need to continue to be informed of the issues so that appropriate internal policies and procedures can be implemented or updated as necessary.