As social media becomes ever-present, we are often asked, how can a futures participant, private fund manager or other investment adviser use these powerful tools, and still be compliant with both regulations and best practices?
Both the National Futures Association (“NFA”) and the US Securities and Exchange Commission (“SEC”) have established guidance regarding the use of social media by futures participants and investment advisers, respectively. Effective December 24, 2009, NFA members are generally required to treat any social media sites they use as “promotional material,” which carries a number of compliance-related obligations. Moreover, members have an affirmative duty to monitor reader/user generated posts on these sites, remove misleading content, ban users who repeatedly violate rules or for egregious conduct, and monitor their employees’ use of social media.
Meanwhile, SEC-registered investment advisers are encouraged to review their social media use, assess the risks and adopt policies and procedures with respect to use of social media. The SEC provides a number of considerations to guide this analysis. The best practice here is similar to NFA requirements: treat all social media use as advertising, subject to SEC Rule 206(4)-1, and consider other compliance requirements such as recordkeeping.
Some tips for managing social media use by a firm and/or its employees:
1. Treat all social media content as promotional material or advertising, as applicable. Although some social networking can be considered correspondence, it is usually directed to more than one person and discusses the futures or securities industry in general or the firm’s business specifically. Fund managers relying on Regulation D and/or the Investment Company Act exemptions should not discuss these offerings on social media.
2. Firms should ensure that their electronic archiving systems capture social media content. If the current service provider cannot capture social media, the firm should either refrain from using it for business purposes, or retain a service provider that offers this service. The firm’s compliance staff should review all social media sites used by the firm on a regular basis. Employee sites should be reviewed as well if they are permitted to use their own sites for business purposes. Even if this is prohibited, compliance staff should run periodic searches to make sure that employees are complying. Required records should be kept for five years, and accessible such that it can be produced upon request to examiners.
3. Avoid testimonials from clients or investors. Employees’ use of social media should be monitored to ensure that endorsing skills or accepting recommendations on LinkedIn, liking a post or page on Facebook, favoriting or re-tweeting posts on Twitter do not constitute testimonials. To the extent that a particular platform will not permit declining likes, favorites or re-posting, the firm should avoid using the site for business purposes.
4. Blogs should set the commenting feature so that any reader comments must be approved by someone at the firm before they are visible on the blog. If such a setting is not available, any inappropriate content should be deleted promptly.
5. Do not disclose any client, investor or prospect information anywhere online. Be careful to ensure that such information is not inadvertently disclosed through a personally directed tweet or post. For its own business reasons, the firm should be aware that any information published on a third party’s site generally ceases to be owned by the firm. Accordingly, trade secrets or other proprietary or sensitive information including financial processes, methods of selecting investments, or analysis of market trends should never be disclosed online.
6. Create and implement a written social media policy that:
o Is firm-specific (i.e., not just off-the-shelf) and clearly explains how it prevents violations of applicable regulations, contain specific definitions, and detail permitted and prohibited platforms, activities and content.
o Addresses third party use of the firm’s websites or blogs, including prohibitions such as testimonials or recommendation of a specific investment. Consider pre-approving all postings and communications;
o Addresses confidentiality of client and prospect information, and use of confidential company information; and
o Provides parameters for employees’ use of social media and addresses possible disciplinary measures in the event of misuse.
o Requires archiving and monitoring of social media platforms (see also points 2 and 8).
7. Provide employee training and education regarding the policy. If the firm permits employees to use social media for business purposes, only those who have received training should use social media on behalf of the firm. Employee attestations should include compliance with the firm’s social media policy.
8. Regularly and actively supervise and monitor social media activity, including third parties’ use of social media outlets to ensure that any improper content (such as testimonials) is removed. The CCO should periodically examine employees’ social media usage to ensure compliance with the policy. Review methods may include:
o Conducting an internet search and viewing content on the sites;
o Searching an employee’s personal account if that account is accessed and/or stored on the firm’s computers or network;
o Retaining a service provider to archive social media content and review it regularly as part of general surveillance of electronic communications.
9. Don’t forget about mobile use. Most social media platforms offer apps for use/access on mobile phones and tablets. A firm’s policy should address this use and, similar to 2, above, ensure that content is captured for monitoring and recordkeeping purposes. This may be of particular concern to the extent that employees use personal devices, not issued or managed by the firm, for business purposes.