compliance best practices: linkedin for financial services · another best practice is to set a...

==

COMPLIANCE BEST PRACTICES: LinkedIn® for Financial Services

LAST UPDATED FEBRUARY 2014

www.hearsaysocial.com |

Compliance Best Practices | © 2014 Proprietary & Confidential

| 2

TABLE OF CONTENTS

INTRODUCTION 3

THE HEARSAY SOCIAL SOLUTION 3

THREE PILLARS OF SOCIAL MEDIA COMPLIANCE 4

1. POLICY & TRAINING 4 2. SUPERVISION & REVIEW 5 3. RECORDKEEPING 6

COMPLIANCE GUIDANCE: LINKEDIN 7

LINKEDIN PROFILE INFORMATION 7

HEADLINE 8 SUMMARY 9 PROFILE PICTURE 10 SKILLS & EXPERTISE 11 EXPERIENCE 13 EDUCATION 14 HONORS & AWARDS 15 INTERESTS 15

LINKEDIN ACTIONS 16

EDIT PROFILE 16 SHARE AN UPDATE 17 COMMENT ON A STATUS UPDATE 18 RECOMMENDATIONS 19 SEND A MESSAGE (“INMAIL”) 20 LINKEDIN GROUPS 21 JOIN A GROUP 21 PARTICIPATE IN OR START A GROUP DISCUSSION 23 CREATE A GROUP 24 LIKE A POST OR A COMMENT 25

NEXT STEPS 26



| 3

Introduction Social media has become an essential tool for financial advisors (FAs) to connect with prospects and deepen relationships with clients. FAs can now use social media to collect information in advance of in-person meetings or phone calls, and to keep up-to-date with clients. Today, successful advisors also use status updates, comments and other online activities to get updates on their clients’ lives in real-time. In addition, social networks help advisors establish themselves as thought leaders in wealth management and their niche markets. This helps them leverage their Center of Influence (COI) relationships for referrals from estate attorneys and accountants. With a network of over 240 million professionals, LinkedIn® offers a unique view into potential social business opportunities. But like all social media, it also comes with regulatory risk. It’s imperative that financial service organizations make sure their advisors aren’t posting inappropriate content or misrepresenting their brand in any way. This is where Hearsay Social comes in. We offer a fully compliant social business platform that allows financial services firms to capture, monitor and archive social communications between producers and their clients from the Hearsay platform, mobile devices, remote locations and corporate networks. In addition, organizations can create and distribute pre-approved content that advisors can share with their networks to establish themselves as thought leaders and strengthen relationships with clients.

The Hearsay Social Solution The Hearsay Social Compliance Solution maximizes the efficiency of your compliance resources, while helping minimize your organization’s regulatory and reputational risk. Our enterprise technology helps your team with their compliance requirements in the areas of policy, supervision and recordkeeping per FINRA Regulatory Notices 10-06 and 11-39, advertising communication rules, as well as state advertising regulations. Our solution offers customizable workflows and notifications. By providing review, routing and notification workflows to streamline supervisory procedures, your firm’s compliance team can more efficiently monitor your advisors use of social networks. You can easily configure and adjust supervision and review preferences based on your organizational policies, preferences and existing systems. And you can customize compliance settings based on the line of business level, allowing multiple lines of



| 4

business with different regulatory requirements to function within the same organization. Hearsay Social works with some of the world’s leading financial services firms. In this document, we outline the best practices we’ve learned from our US-based financial services customers for compliance with LinkedIn and Hearsay Social.

Three Pillars of Social Media Compliance

1. POLICY & TRAINING Regulations require financial services firms, registered

investment advisors, broker dealers and wealth management firms regulated by the FFIEC to adopt and implement written policies and procedures reasonably designed to prevent violation of compliance rules. Once established, policies and procedures must be reviewed annually for adequacy and the effectiveness of their implementation. In addition, firms need to designate who in the company will administer compliance policies (e.g. compliance officers)

and the scope of their responsibilities. Policies need to be clearly and concisely written. When drafting, consider advertising rules and other important factors such as intellectual property, confidentiality, tort (e.g. slander and libel), employment laws (e.g. harassment) and brand guidelines. And don’t forget to clearly define the consequences of noncompliance. We have resources available to help you start this process. Once your policy is established, it’s important to train your advisors on how to implement it and document training as it occurs. Many companies we work with also ask their advisors to sign an annual attestation indicating they understand the policy and any updates.

Relevant Rules & Regulations:

FINRA Notices 10-06 & 11-39 Investment

Company Act of 1940 Rule 206(4)-7 FFIEC Guidance



| 5

2. SUPERVISION & REVIEW

To meet FINRA regulations, firms must supervise or review electronic communications from their financial advisors. This

includes social media activity when it’s being used for a business purposes. Start by identifying the types of content that need to be pre- vs. post-reviewed. FINRA Notice 10-06 details how firms should handle two categories of social media content:

Static

Static content remains posted until it’s changed by the firm or individual who originally created it. Such content includes profile information, professional background, cover photos and educational information. To address requirements in FINRA Notice 10-06, static content needs to be reviewed and approved by a registered principal (e.g. compliance officer) before its posted or updated.

Interactive

Interactive content is used for real-time communications. Such content includes status updates, messages, ‘likes’ and comments. According to FINRA Rule 2210, interactive content is not subject to pre-review requirements providing: (a) it’s posted on an online interactive electronic forum (such as social network) and (b) it doesn’t make any financial or investment recommendations or otherwise promote a product or service of the firm. However, firms are required to supervise these interactive electronic communications under FINRA Rule 3110 to ensure that they don’t violate the content requirements of FINRA’s communications rules.

In addition to defining a policy and procedure for each type of content, firms must have a process for monitoring and controlling a variety of social networking activities that could present a compliance risk. These include:

• Prohibiting unsuitable content • Enforcing FINRA Rule 2111 (Suitability) • Filtering and blocking mentions of investment products or services

Relevant Rules & Regulations

FINRA Rule 2210 FINRA Notices 10-06 &11-39

NYSE Rule 472 FFIEC Guidance



| 6

• Blocking testimonials and recommendations

Our clients use keyword-based lexicons in Hearsay Social Compliance platform to monitor the types of content described above. These rules can be applied to both pre- and post-updates to minimize risk for the firm.

3. RECORDKEEPING

Firms must develop a recordkeeping strategy to document any social media communications made by the their personnel. This includes activity on company-owned computers and communications that take place on social media via personal devices such as cell phones or home computers. This is no small feat and has many channels of nuance.

In response to this challenge, Hearsay Social developed a platform to perform this function automatically no matter what device an advisor is using to access LinkedIn.

Relevant Rules & Regulations

FINRA 3110 (Books & Records)

SEC 17a-3 & a-4 FINRA Notice 11-39

FFIEC Guidance



| 7

Compliance Guidance: LinkedIn

LinkedIn Profile Information Most of the information that appears on a LinkedIn profile is considered static content, which FINRA considers “advertisements” under Rule 2210. This includes fields like employment history, educational background and professional licensing. Such content must be pre-approved before it is posted or updated. Hearsay Social offers two ways to manage this review and approval process. First, our platform lets teams distribute compliance-approved LinkedIn profile content (such as title, job description, etc.) to their producers based on their role, region and other characteristics. To streamline the review and approval process, most of our customers create “pre-approved” content for their advisors to use as a template for developing their profile. Advisors can then enter this profile content directly into the Hearsay Social platform and route it to compliance for approval. If the submitted content doesn’t match the pre-approved text, compliance is notified that there is content pending review and can quickly access the submitted static content in context right on their dashboards. If content is inappropriate, misleading or otherwise problematic, compliance can email the advisor comments or corrections from the Hearsay Social Review screen or send them to the advisor’s Hearsay Social dashboard. We also recommend that organizations continually review profiles for changes made outside of the Hearsay Social system (e.g. changes made natively on social networks) that have not gone through the approval process. As with the content process described above, you can configure the Hearsay Social platform so that compliance is alerted to these changes as they happen. Another best practice is to set a service level agreement (SLA) for the review process. For most of our customers, compliance has two weeks (14 days) to fix any problematic areas of an advisor’s profile. After that time, the advisor and the compliance team will receive another alert indicating reviews are still pending. The following is a list of relevant LinkedIn profile sections and their descriptions. Each includes the FINRA communication category, content type, common regulatory considerations and best practices for usage.



| 8

HEADLINE This short-form text field (up to 140 characters) describes an individual and their role from a high-level. It’s often "Job Title at XYZ Company" or a description of a unique business proposition, for example, “Financial Advisor specializing in the unique planning needs of physicians.” Compliance Implications: Headlines are considered static content and should be pre-reviewed before publication or being updated. Content and approval processes should be captured and archived. Most firms we work with provide recommended headlines based on roles and regions. Some companies also use this field to indicate professional certifications such as CFP, CRPC, CIMA, CFA, etc.

FINRA Category Content Type Regulatory Requirements

Retail Communication Static Pre-review. Supervise.

Archive.

Sample Headline



| 9

SUMMARY In this section, advisors can summarize their professional and educational experience. It’s usually a short paragraph that succinctly describes what the viewer of the profile (often a client or prospect) would be most interested in. Summaries can also include multi-media content including PDFs, videos and slides via Slideshare. Compliance Implications: Summaries are considered static content and should be pre-reviewed before publication or being updated. Content and approval processes should be captured and archived. Most firms we work with provide pre-approved summaries based on roles and regions. They can either be a summary of the company or an individual advisor’s business and specialties. Many organizations also require their advisors include a disclosure about themselves or the company. (See an example below.)



Archive.

Sample profile with an extensive Summary section and video

Example company disclosure that a leading firm requires advisor’s include on their profile:

[Firm], reserves the right, to the extent permitted under applicable law, to retain and monitor all electronic communications. [Firm] will not accept purchase or sale orders via LinkedIn or its

messaging systems. [Firm] is not responsible for content posted by third-parties. Statements and messages for US residents only and subject to the following terms; [link to website]

Some firms require advisors to limit their Summaries to their FINRA certifications



| 10

PROFILE PICTURE A LinkedIn profile usually includes a headshot. The photo should be professional, current, and not include anyone other than the advisor. If your organization provides headshot services, we recommend advisors use their corporate photos. Compliance Implications: Profile photos are considered static content and should be pre-reviewed before publication or being updated. Content and approval processes should be captured and archived. Many organizations are requiring their representatives to use a professional picture for brand consistency. The photo may be watermarked with the firm’s logo and/or name so it cannot be reused elsewhere.



Archive.

Sample profile with professional headshot



| 11

SKILLS & EXPERTISE In this section, advisors can list relevant skills based on their experiences and training. Listing these skills helps make an advisor more “findable”. However, if an advisor lists “Skills & Expertise” on their profile, there’s no way to prevent their connections from endorsing those skills. This has some potential compliance implications that we’ll go into more detail below. Compliance Implications: Rule 206(4) states that advertisements cannot “use or refer to testimonials.” An endorsement or recommendation from a client could be regarded as a violation of the Advisors Act. The SEC’s staff has consistently interpreted testimonials to include a statement of a client’s experience with, or endorsement of, an investment advisor. Therefore, we believe that receiving “endorsements” of “Skills & Expertise” on LinkedIn could be considered a testimonial under the Advisors Act. There are two ways an advisor can receive a LinkedIn endorsement:

1. An advisor’s contact can make an endorsement on a skill that already exists on his or her profile.

2. An advisor’s contact or third-party can initiate an endorsement for a skill that doesn’t currently exist on his or her profile.

In the first case, there’s currently no way for a software solution to block an endorsement of a pre-existing skill. To prevent endorsements from occurring, we strongly encourage creating a policy that prohibits advisors from adding skills to their profiles. Once in the policy is in place, your compliance team can see whether advisors are straying from the directive by monitoring profile updates from the Hearsay Social platform.

This Skills & Expertise section shows an advisor’s endorsements and could be in violation of the Advisers Act.



| 12

In the second case, an advisor or compliance representative must accept the endorsement before it appears publicly on LinkedIn. By instituting a policy barring endorsements via social media, your compliance team can prohibit advisors from surfacing these skills on their profiles. Again, Hearsay Social can be used to monitor profile updates.


Retail Communication Static

Institute a policy that prohibits the use and

acceptance of “endorsements.”

Monitor for profile changes.



| 13

EXPERIENCE In this section, advisors can describe their professional history. It can include prior roles, titles and companies an individual has worked for, and descriptions of these roles and organizations. The Experience section often includes same information that would be on a professional resume or CV. Most organizations require advisors to include some information about their professional experience. As a best practice, we recommend the Experience section include (at minimum) an advisor’s current title, company name and length of tenure. Providing information about previous roles will help make advisors more findable in search results as such data acts as keywords. Compliance Implications: Because this is considered static content, it should be pre-reviewed before publication or being updated. Content and approval processes should be captured and archived. Organizations need to pay special attention to the accurateness of the content added to the Experience field. Inaccurate information can be seen as misleading or untruthful, and be in violation of regulations.



Archive

This LinkedIn profile doesn’t include the user’s experience



| 14

EDUCATION In this section, advisors can share their educational history including schools attended, areas of study, activities, business training, and certifications. Adding educational content helps advisors become more findable and build more connections. For example, a client looking for a new financial advisor might choose someone who went to their alma mater because they feel they may have more in common. Compliance Implications: Because this is considered static content, it should be pre-reviewed before publication or being updated. Content and approval processes should be captured and archived. Organizations need to pay special attention to the accurateness of the content added to the Education field. Inaccurate information can be seen as misleading or untruthful, and be in violation of regulations.



Archive.

Education section that includes area of study and activities



| 15

HONORS & AWARDS In this section, advisors can share any professional awards or honors they’ve received (i.e. Barron’s Top Advisor List, Presidents’ Circle). Compliance Implications: Because this is considered static content, it should be pre-reviewed before publication or being updated. Content and approval processes should be captured and archived.

INTERESTS In this section, advisors can share any personal or professional interests that might be interesting to their professional network. Compliance Implications: Because this is considered static content, it should be pre-reviewed before it is published or being updated. Content and approval processes should be captured and archived.



Archive.



Archive.



| 16

LinkedIn Actions With the exception of editing a profile (which is considered static content), most LinkedIn actions are considered “interactive” content under FINRA Rule 2210. As described earlier, interactive content doesn’t require compliance approval before it’s published. However, it should be supervised as described in the “content standards” listed in NYSE Rule 472 and FINRA Rule 2210. Below are details on specific actions advisors can take on LinkedIn. Each includes the FINRA communication category, content type, common regulatory considerations and best practices for usage

EDIT PROFILE Advisors can change or update their LinkedIn profile information at any time as described in the previous sections. Compliance Implications: Because this is considered static content, it should be pre-reviewed before it is published or updated. Content and approval processes should be captured and archived.


Retail Communication Static Pre-approve. Monitor for

changes that haven’t gone through approval. Archive.



| 17

SHARE AN UPDATE Through this action, advisors can post an update to let connections know what they’re working on or other relevant news. These updates can be text-based or include a link, image or video. Compliance Implications: Updates and status posts are usually time sensitive and occur in real-time. Because of this, they are considered interactive content. Updates are typically not an issue, unless the message violates FINRA or SEC guidelines. For example, making an investment recommendation (e.g. “I recommend buying Apple”) could be out of compliance with FINRA Rule 2111 regarding suitability concerns. To prevent compliance risk, organizations should consider sharing pre-approved posts that reference the company and/or its products, and leveraging lexicon-based rules to monitor posts that are not pre-reviewed and approved. Most of our customers use Hearsay Social to block posts with keywords or content that could be considered inappropriate. As “retail communication” these activities should be archived.

FINRA Category Content Type Regulatory Requirements Retail Communication

(Formerly “Public Appearance”)

Interactive Monitor. Set lexicon-based

alerts for inappropriate content. Archive.

Here’s how an advisor could share approved updates or posts through Hearsay Social



| 18

COMMENT ON A STATUS UPDATE Through this action, an advisor can post a comment on any of their connections’ status updates (as defined above). Comments then appear publicly on the timelines of both the advisor and their connection.

Compliance Implications: Because comments can be used in many different ways, they present unique compliance challenges. Therefore, your social media policy should explicitly provide recommendations around their use. Consider these situations. A comment that sounds like a recommendation and/or implicitly or

explicitly endorses a contact’s products or services could be construed as an endorsement or testimonial and therefore be in violation of the SEC Investment Advisers Act. Generally speaking, comments should adhere to the firm’s policy on appropriateness and not be in violation of such rules. Some more conservative firms prevent advisors from making comment on another person’s status update. Carefully consider your firm’s tolerance for exposure, explicitly set guidelines in your social media policy and monitor your advisors’ profiles for non-compliance.


Retail Communication (Formerly “Public

Appearance”) Interactive

Supervise. Set lexicon-based alerts for

inappropriate content. Archive.

Comment on a status update



| 19

RECOMMENDATIONS This action lets connections write recommendations for each other. (Most come from colleagues or former colleagues.) Once a recommendation is given, LinkedIn asks the party receiving the recommendation to approve it. After approval, recommendations appear on the public profiles of both the author and the person who is being recommended. Compliance Implications: Because recommendations appear on an advisor’s profile, they are considered static content and advertisements. As described previously, the Investment Advisers Act of 1940 prohibits financial professionals from using testimonials in advertisements. And many would consider a Recommendation on LinkedIn as a form of testimonial. As part of the social media policy, most financial services firms prevent their advisors from accepting or providing recommendations on LinkedIn. Some firms even go as far as to ask advisors to remove recommendations concerning previous positions, including those that were outside the financial services industry.


Public Appearance Interactive

Craft a policy that doesn’t let advisors accept or give recommendations. Monitor

for violations.



| 20

SEND A MESSAGE (“INMAIL”) Private messages on LinkedIn are called InMails and all LinkedIn users can send InMails to their connections. With a premium LinkedIn membership, users can also send InMails to people outside of their network. They provide a good direct communication channel to privately connect with prospects or clients. Compliance Implications: Consider InMails as emails and treat them accordingly. Therefore, they should be similarly monitored and recorded. Our customers use Hearsay Social to monitor InMails to detect inappropriate messages and audit or spot-check them for infractions.


Correspondence Correspondence Monitor. Archive.

Initiating and composing an InMail message to an existing connection.



| 21

LINKEDIN GROUPS LinkedIn groups let users connect with like-minded individuals in their profession or who share similar interests. These are subsets of the larger LinkedIn community where members can ask questions for the entire group to answer, share their points of view, post articles and/or create polls. Groups also stay in touch with members through email updates that include links to the newest and most talked about discussions.

Groups an advisor might participate in and how they appear on a profile



| 22

JOIN A GROUP There are over a million open and private professional groups on LinkedIn. When a user joins a group, they get access to group updates, news and can join group discussions. Financial advisors who join groups (e.g. alumni groups) have opportunities to connect with more prospects and COIs (e.g. estate attorneys, CPAs).

Compliance Implications: Joining a group isn’t of itself problematic. However, when a user joins a group they can participate in a number of activities that should be carefully looked at from a compliance perspective. Consider these scenarios. After joining a group, advisors can begin participating in conversations. As with status updates and comments, discussions can potentially violate advertisement or suitability regulations depending on their content. In addition, group icons showing an advisor’s membership are displayed on their profile and could cause entanglement issues. To address these concerns, your firm’s social media policy should consider all types of group participation and explicitly state how users should interact with LinkedIn groups. For example, carefully vet group affiliations so there are no entanglement or adoption violations. And use Hearsay Social to monitor advisors’ LinkedIn profiles to ensure advisors’ profiles follow the stated policy.


Retail Communication Interactive Supervise. Archive. Spot

check.

How to join a group on LinkedIn



| 23

PARTICIPATE IN OR START A GROUP DISCUSSION There are many ways to post content to a LinkedIn group. Group owners and moderators can start discussions that any group member can participate in. And group members can create or post messages that will be visible to the entire group. Discussions and messages will be visible on LinkedIn.com and emailed out as part of a digest. Compliance Implications: Participating in such discussions poses similar compliance risks as posting status updates. Advisors should be encouraged to publish content that has been pre-approved by your firm. However, your social media policy should contain clearly defined rules for posting content that hasn’t been formally approved, participating in discussions started by other group members, and responding to group comments. As with other interactive content, most firms allow group participation, while supervising and archiving activity.

FINRA Category Content Type Best Practice

Retail Communication Interactive Supervise. Archive

A LinkedIn group discussion



| 24

CREATE A GROUP Every LinkedIn member has the ability to create a group that other users can join and participate in. Group owners can decide if a group will be made public (content can be seen by anyone on LinkedIn) or private (content can only be seen by group members).

Compliance Implications: Creating a group has similar compliance implications as group participation. It’s not the simple act of creating a group that could cause a compliance concern. As with other forms of interactive content, an issue would arise as a result of inappropriate or misleading content being published on the group.

Your firm’s policy for creating LinkedIn groups should be considered in parallel to your policy on participating in such groups. It should clearly define what types of groups are appropriate and explain how compliance will monitor content posted to such forums.



check.

The first step in creating a new group



| 25

LIKE A POST OR A COMMENT Advisors can engage with connections on LinkedIn by ‘liking’ their posts and status updates. It’s a low-touch way for users to show support for their connections. Compliance Implications: Many firms view ‘likes’ as a compliance risk. In some situations, likes could be construed as an endorsement or a testimonial, as in an instance where an advisor is endorsing some product, person or service. However, regulators are unlikely to consider it inappropriate if an advisor likes an update to a profile photo or a corporate press release. The like feature received special attention in the SEC’s January 4, 2012, National Examination Risk Alert. According to the risk alert, advisors who permit third-party postings on their social media sites should consider having policies and procedures for preventing testimonial posts about the firm, its IARs or solicitors. Depending on the facts and circumstances, the use of social plug-ins, such as the like feature, might be construed as a testimonial. In a footnote, the SEC stated that some social media sites don’t permit an advisor to disable like buttons or similar features. In these cases, a firm should develop a system to monitor these sites and remove third-party postings as necessary. At the 2012 FINRA Annual Conference, there was more discussion on this topic. The consensus was that a client or advisor liking a page isn't a problem, but liking a specific post could be considered a prohibited testimonial. As with other interactive content, we recommend firms train advisors on these risks, monitor likes to detect inappropriate use, and archive activity.



check.

How ‘liking’ a post shows up on a user’s profile



| 26

NEXT STEPS As you consider this document, remember to develop the social media policy and process that best fits your organization’s risk tolerance and needs. Once your management and social media taskforce agree on the firm’s policy and procedure for LinkedIn, make sure it is well documented and the roles and responsibilities are clearly defined. It’s not enough to simply have a social media policy in place. Educating your organization on its guidelines and enforcing the policy are equally important. Once the policy is written—using simple language and clear examples—it’s important to distribute it through as many company communication channels as possible. For example, provide training sessions and incorporate the policy into your employee handbook, and include it in new employee orientation. Consider requiring a yearly attestation of your policies and any updates. Don’t forget social media features and trends change rapidly, as does guidance put out by lawmakers and regulators. As a result, your policy should be a living document subject to constant modification. Make sure your marketing, legal and compliance teams stay up-to-date on new developments. Learn from your mistakes. Revise your policy as often as it’s appropriate for your industry and business (at least once a year). If you have any questions, your Hearsay Social Customer Success Executives can provide additional recommendations for rolling out your LinkedIn program. Disclaimer: The material available in this document is for informational purposes only and not for the purpose of providing legal advice. We make no guarantees on the accuracy of the information provided herein. Third party references are offered as a convenience to our readers and do not constitute an endorsement, recommendation or guarantee of accuracy. We assume no liability for the content provided.

compliance best practices: linkedin for financial services · another best practice is to set a...

Documents