OCIE Provides Social Media Guidance for Investment Advisers

Investment advisers seeking clarity about the appropriate use of social networking Websites such as Facebook, Twitter, and LinkedIn now have some much-needed guidance from the Securities and Exchange Commission's Office of Compliance Inspections and Examinations. Anyone else worried about social media risks would do well to give it a read, too.

In early January the department issued a “National Examination Risk Alert,” citing 13 different factors investment advisers should consider when creating a social media policy that satisfies the anti-fraud, compliance, and recordkeeping provisions of federal securities laws. It also discusses the potential risks associated with third-party content.

“As investment advisers increasingly use social media to communicate with clients and potential clients, firms need to be mindful of the applicable standards governing those communications,” Carlo di Florio, director of the OCIE said in a statement.

The OCIE mentioned a few criteria companies should consider when crafting a policy:

Usage Guidelines: Guidance on the appropriate and inappropriate use of social media, as well as possible restrictions and prohibitions, such as an exclusive list of approved social media sites;

Content Standards: Prohibiting specific content or other content restrictions, such as content that contains investment recommendations, information on specific investment services, or investment performance;

Monitoring: The effective monitoring of social media sites the firm uses or any use of third-party sites, and how often it monitors this activity;

Training and Certification: The implementation of training related to social media that seeks to promote compliance of federal securities laws and the firm's internal policies. A firm may consider whether to require a certification confirming that individuals understand and comply with the firm's social media policies and procedures.

Yes, the OCIE social media guidance is intended for investment advisers and their specific issues. But it's also one of the few pieces of guidance published by regulators that addresses social media, so compliance officers of any industry who want some pointers on the subject should probably give it a read.

Moreover, the alert stresses that it isn't a summary of all compliance matters an investment adviser might encounter in social media, but rather is more of a guide for creating and enforcing a social media policy. The alert says “here are the things you should consider in your internal discussions around creating reasonably designed policies,” says Sam Kolbert-Hyle, vice president of business development and strategic initiatives at Smarsh.

The guidance couldn't come soon enough for some investment advisers. It coincided with the announcement of an SEC enforcement action brought that same day against an Illinois-based investment adviser whom the SEC accused of offering to sell fictitious securities on LinkedIn.

Both the enforcement action and the release of the Risk Alert highlight the dangers investors and advisory firms face when using social media. “Fraudsters are quick to adapt to new technologies to exploit them for unlawful purposes. Social media is no exception,” said Robert Kaplan, co-chief of the SEC Enforcement Division's Asset Management Unit. He added that the latest enforcement action reflects the SEC's “determination to pursue fraudulent activity on new and evolving platforms.”

“Fraudsters are quick to adapt to new technologies to exploit them for unlawful purposes. Social media is no exception.”

—Robert Kaplan,

Co-Chief, Asset Management Unit,

SEC

The Risk Alert states that investment advisers should also consider whether allowing access to social media sites poses any information security risks, such as breaches by hackers or some other exposure of sensitive data. Firms may consider adopting compliance policies and procedures to create appropriate firewalls around sensitive customer information as well as the firm's own proprietary information, the alert says.

In analyzing risk exposure, a firm's compliance procedures may consider the reputation of the site, its privacy policy, the ability to remove third-party posts, controls on anonymous posting, and the advertising practices of any social media site that the firm uses to conduct business.

And for each social media site used, firms should take care to address any upgrades or modifications the social media Websites might implement, that in turn could change the firm's risk exposure. That will be particularly important given the rapidly evolving nature of social media—such as Facebook's timeline format rolling out this week, or the changes to Google's privacy policy for user profiles and search results announced last week.

“Currently, a lot of people are focused on LinkedIn, Facebook, and Twitter,” Kolbert-Hyle says, but there also will be “an explosion of new and emerging message types,” such as Salesforce Chatter. Thus, firms “need to be aware that they'll have to address not just today's issues but new issues as they progress and as new forms of communication are created.”

The Risk Alert puts particular emphasis on third-party content, stressing that investment advisory firms that allow for third-party posting on their social media sites should consider having policies and procedures to address potential problems. This should include the posting of testimonials about the firm, as well as reasonable safeguards to avoid any violation of the federal securities laws. For example, if a third party makes false claims about an investment option on an investment adviser's Facebook page, the firm might be making a tacit approval of the statement by not taking it down or disavowing itself of such claims before the fact.

SEC CHARGES ANTHONY FIELDS

The following excerpt is from the SEC's announcement regarding its charges against Illinois-based Anthony Fields in social media scam:

The Securities and Exchange Commission today charged an Illinois-based investment adviser with offering to sell fictitious securities on LinkedIn and issued two alerts in an agency-wide effort to highlight the risks investors and advisory firms face when using social media.

The SEC's Division of Enforcement alleges that Anthony Fields of Lyons, Ill. offered more than $500 billion in fictitious securities through various social media Websites. For example, he used LinkedIn discussions to promote fictitious “bank guarantees” and “medium-term notes.” The postings resulted in interest from multiple purported potential buyers.

“Fraudsters are quick to adapt to new technologies to exploit them for unlawful purposes,” said Robert Kaplan, co-chief of the SEC Enforcement Division's Asset Management Unit. “Social media is no exception, and today's enforcement action reflects our determination to pursue fraudulent activity on new and evolving platforms.”

According to the SEC's order instituting administrative proceedings against Fields, he made multiple fraudulent offers through his two sole proprietorships—Anthony Fields & Associates (AFA) and Platinum Securities Brokers. Fields provided false and misleading information concerning AFA's assets under management, clients, and operational history to the public through its Website and in SEC filings. Fields also failed to maintain required books and records, did not implement adequate compliance policies and procedures, and held himself out to be a broker-dealer while he was not registered with the SEC.

One of the alerts issued today—a National Examination Risk Alert titled ”Invesmtent Adviser Use of Social Media—provides staff observations based on a review of investment advisers of varying sizes and strategies that use social media. In growing numbers, registered investment adviser firms are using social media to communicate with existing and potential clients, promote services, educate investors, and recruit new employees.

“As investment advisers increasingly utilize social media to communicate with clients and potential clients, firms need to be mindful of the applicable standards governing those communications,” said Carlo di Florio, director of the Office of Compliance Inspections and Examinations (OCIE).

The alert reviews concerns that may arise from use of social media by firms and their associated persons, and offers suggestions for complying with the antifraud, compliance, and recordkeeping provisions of the federal securities laws. The alert notes that firms should consider how to implement new compliance programs or revisit their existing programs in the face of rapidly changing technology.

The SEC also issued an investor alert titled Social Media and Investing: Avoiding Fraud prepared by the Office of Investor Education and Advocacy. The alert aims to help investors be better aware of fraudulent investment schemes that use social media, and provides tips for checking the backgrounds of advisers and brokers. A new Investor Bulletin titled Social Media and Investing: Understanding Your Accounts contains best practices including privacy settings, security tips, and password selection aimed to help social media users protect their personal information and avoid fraud.

“More and more, investors are using social media to help them with investment decisions. While social media can provide many benefits for investors, it also makes an attractive target for fraudsters. The Investor Alert provides some useful tips to help investors look out for securities fraud online,” said Lori J. Schock, Director of the Office of Investor Education and Advocacy.

Source: Securities and Exchange Commission.

Whether a third-party statement is a testimonial depends upon the facts and circumstances relating to the statement, the SEC said. For example, the SEC staff believes that the use of social plug-ins such as the now-ubiquitous “like” button could be considered a testimonial under the Investment Advisers Act.

Recordkeeping Responsibilities

The Risk Alert also clarifies the recordkeeping obligations under the Investment Advisers Act, which currently doesn't distinguish among various media types. “If firms are using social media, they must meet the recordkeeping requirements that in the past have applied to electronic communication, but not necessarily explicitly social media,” Kolbert-Hyle says.

So what criteria should investment advisers keep in mind when drafting compliance policies and procedures for the storage and maintenance of social media content? The OCIE alert gives a few ideas:

Determine whether each social media communication used is a required record, and if so, the applicable retention period, and the accessibility of the records;

Maintain social media communications in electronic or paper format;

Conduct employee training programs to educate advisory personnel about recordkeeping provisions;

Keep social media communications that are required records in electronic format to promote easy location, access, and retrieval;

Periodically check to ensure employees follow the compliance policies and procedures (for example, whether employees are improperly destroying required records); and

Use third parties to ensure constancy with recordkeeping requirements.

“There is definitely an increase from our clients reaching out to us because they need to put something in place,” Kolbert-Hyle says. “They are just now beginning to wrap their minds around being asked for LinkedIn and Facebook communications, and wrapping around these concepts and how to put the best technology into place to help them meet their specific needs.”

More to Come

Other regulatory measures on the horizon also address the specific compliance issues raised by social media. "The SEC's guidance could be particularly important given the ‘crowdfunding' legislation Congress is currently considering," says Jay Could,  a partner of Pillsbury Winthrop Shaw Pittman. Crowdfunding is a method of raising capital where people pool their money together—often through campaigns on the internet—to back specific efforts.

In November 2011, the House passed the “Entrepreneur Access to Capital Act” that establishes an exemption from SEC registration requirements for firms that raise less than $1 million each year, with individual investments limited to $10,000 or 10 percent of an investor's annual income. The Senate is also currently considering its own version of a crowdfunding bill.

The legislation would modify SEC regulations to allow entrepreneurs to use Facebook, Twitter, LinkedIn, and other social media to reach potential investors who meet the criteria to participate, with certain exemptions from registration.

“The crowdfunding legislation and its developments promise to bring more scrutiny to the interplay of the federal securities laws and the internet,” Gould says. “Investment advisers, and other financial firms, should examine and ensure related policies and procedures are up to par.”

Advisers should expect that the SEC will continue to ask about firms' use of social media, and related policies and procedures, in examinations, Kolbert-Hyle says.

Increasingly, registered investment advisers are using social media to communicate with existing and potential clients, promote services, educate investors, and recruit new employees. “Two years ago, there really were not a lot of firms using Twitter as a business purpose, and look at where we are today,” Kolbert-Hyle says. “The overall message is that social media is here to stay.”