FINRA Issues Guidance on Social Media Web Sites

January 28, 2010

On Jan. 25, 2010, FINRA issued Regulatory Notice 10-06 addressing the use of social media sites by member firms and their personnel for business purposes. In the Notice, FINRA provides firms with guidance on applying the existing communications and recordkeeping rules to social media sites, such as blogs and social networking sites.

In Fall 2009, FINRA created the Social Networking Task Force, comprised of both industry representatives and FINRA staff, to discuss how firms might use social media for legitimate business purposes while continuing to ensure investor protection. Although FINRA has provided guidance relating to the application of its communications rules to interactive web sites in the past, the guidance provided in the Notice is a result of input from the Task Force and FINRA staff’s further consideration of certain issues relating to social media sites.

FINRA reminds firms that although the guidance in the Notice may be useful when creating policies and procedures, each firm must apply the guidance in the context of its own business, compliance and supervisory systems. Ultimately, until technology is available that fully supports firms’ policies and supervisory structures, even with the guidance provided in the Notice, firms that permit the use of social media sites will face unique challenges in supervising the use and content of social media sites by associated persons.

Interactive Electronic Forums and Communications With Public — Supervising Social Media Sites

FINRA emphasizes foremost that the content provisions of its communications rules apply to interactive electronic communications that a firm or its personnel send through social media sites. Therefore, firms that permit the use of social media sites must establish written procedures and systems that are reasonably designed to ensure compliance with FINRA’s communication rules.

1. Principal Approval — Blogs and Social Media Sites Such as Facebook, Twitter and LinkedIn

In the context of blogs and social media sites, firms must have written supervisory procedures and systems to assist them in determining whether the content of the communication requires principal approval before posting. Indeed, FINRA states in the Notice that the manner and purpose for which the blog has been constructed drives how FINRA will “treat” the blog under Rule 2210. Therefore, firms must be able to determine whether the content of the posting is considered “static” or an “interactive electronic forum.”

As provided in the Notice, FINRA views “static content” posted by a blogger as an “advertisement” under Rule 2210 requiring principal approval prior to use (assuming the firm sponsors the blog).1 However, using a blog to engage in real-time interactive communications would constitute an interactive electronic forum, not subject to prior principal approval, but still subject to firm supervision. The Notice also provides that the mere updating of a non-interactive blog does not cause it to become an interactive electronic forum, even when the updating occurs frequently.

Social networks such as Facebook often contain both static and interactive electronic content. In permitting the use of such social networks, firms are presented with challenges in supervising the postings and ensuring compliance with the communication rules. With regard to social networks, FINRA states that generally “static content” is that which remains posted until the firm or the associated person that established the account removes it. Examples of static content include profile, background or wall information all of which would be subject to principal pre-approval prior to use under Rule 2210. FINRA also makes it clear that interactive real-time communication is considered an “interactive electronic forum” not requiring prior principal approval before posting.

2. Supervision of All Interactive Electronic Communications

Even though prior approval by a principal is not necessary for interactive electronic forums, FINRA reiterates the need for firms to ensure that they supervise all interactive electronic communications under NASD Rule 3010 to prevent violations of FINRA’s communications rules.

In the Notice, FINRA directs firms toward its earlier guidance in Regulatory Notice 07-59 (FINRA Guidance Regarding Review and Supervision of Electronic Communications), which suggests that a firm employ risk-based principles in determining the extent that the firm must review its electronic communications for proper supervision of its business. Leveraging off existing procedures that firms may already have in place for electronic communications, FINRA suggests in the Notice that firms may consider using similar procedures that call for prior principal review for some or all of interactive electronic communications prior to use or adopt post-use review procedures, including sampling and lexicon-based search methodologies.

Although the Notice includes suggestions for supervising interactive electronic communications, technology solutions presently utilized by firms for e-mail and other electronic communications are unlikely to provide the necessary functionality to ensure supervision of the social media site communications. Therefore, it is important for firms that employ technology for supervision of social media sites to work closely with in-house technology and/or outside vendors so that they can ascertain whether the proposed technology used for any supervision of social media sites is reasonably designed to ensure compliance with FINRA and SEC rules. FINRA acknowledges that technology is being developed that should support monitoring, recordmaking and recordkeeping necessary when regulated persons and entities participate in social media sites. And apparently some of the sites may be developing internal technology to support those necessary functions. However, until the technology is available, challenges will continue to interfere with wholesale use.

FINRA does set forth in the Notice certain baseline criteria that it expects a firm to employ when the firm determines to allow its personnel to establish accounts with one or more social media sites. Specifically:

  • A firm must have policies and procedures that will ensure that associated persons who are permitted to use social media sites are appropriately supervised, have the necessary training and background to engage in such activities, and do not present any undue risks to investors;
  • A firm must have general policies prohibiting any associated persons from engaging in business communications in a social media site that is not subject to the firm’s supervision;
  • A firm must restrict interactive electronic communications use to only those associated persons who have received appropriate training on the firm’s policies and procedures regarding such communications;
  • A firm should consider prohibiting or restricting use of social media web sites by associated persons who have presented compliance risks, especially sales practice compliance risks;
  • A firm must monitor the extent to which associated persons comply with the firm’s policies and procedures governing the use of social media web sites;
  • A firm’s policies should address when continued use of social media web sites will be restricted if and when the firm’s supervisory systems demonstrate that the use is creating compliance risks; and
  • Firms are expected to take disciplinary action when their policies are violated.

Firms Must Retain Records of Communications Related to Their Business Made Through Social Media Web Sites

In addition, FINRA discusses in the Notice recordkeeping requirements when a firm and/or its associated persons use social media sites. Specifically, FINRA is clear that firms that communicate or permit their registered representatives to use social media web sites for business must retain records consistent with SEC and FINRA recordkeeping rules insofar as the use of the web sites constitutes electronic communications that relate to the firm’s “business as such.”

Although FINRA is clear that firms must establish procedures and systems that will enable them to meet the retention requirements of communications that are made through the social media web sites, firms likely will confront technology challenges in striving to satisfy regulatory requirements. FINRA acknowledges that many technology providers are still working to create systems that will enable firms to meet their requirements, but states that some providers are developing systems that interface directly with the firm’s network to capture the social media participation, while other providers are developing systems in order to assist firms capture their associated persons’ use of social media when “off-site.”

The Notice should serve as an important reminder to firms that before using or permitting their associated persons to use social media sites, they must ensure that they have the appropriate procedures and systems to ensure compliance with all applicable record retention requirements.

Posts to Social Media Sites by Customers or Third-Parties Are Generally Not Attributed to a Firm or Associated Person

In the Notice, FINRA clarifies that it generally does not consider posts by customers or other third parties to a social networking site as a firm communication subject to Rule 2210. However, in certain circumstances, a firm may take action that would cause FINRA or another regulator to attribute a posting to the firm or its associated person and subjecting the contents to Rule 2210. Generally, those circumstances are limited to situations where the firm has involved itself in the preparation of the content (referred by the SEC as “the entanglement theory”) or where the firm has explicitly or implicitly endorsed or approved the content (referred by the SEC as the “adoption theory”). Both theories have been adopted by the SEC in the context of a firm’s responsibility for third-party information that is hyperlinked to the firm’s web site and the Notice suggests a similar analysis would be applicable to third-party posts on a social media site created by the firm or its associated persons.

FINRA suggests that it may consider a firm’s use of a prominent disclaimer setting forth that third-party posts do not reflect the views of the firm in evaluating responsibility for third-party posts.

If third-party posting is not attributable to a firm, then the firm has no requirement to monitor third-party communications. However, FINRA points out that many firms have procedures and systems to monitor third-party posts on firm web sites.2 These procedures and systems work as part of firms’ efforts to mitigate any risk that a firm will be presumed to have adopted third-party post(s), to address copyright issues, and to assist compliance with the Good Samaritan safe harbor for blocking and screening offensive material under the Communications Decency Act.

FINRA also noted that certain Task Force members have adopted best practices relating to third-party postings, including:

  • establishing appropriate usage guidelines for customers and other third parties that are permitted to post on firm-sponsored web sites;
  • establishing processes for screening third-party content based on the expected usage and frequency of third-party posts; and
  • disclosing firm policies regarding its responsibility for third-party posts.

Suitability - Specific Investment Products Recommended On Social Media Sites

Consistent with prior guidance from FINRA regarding what constitutes a recommendation invoking the suitability requirements of NASD Rule 2310, FINRA reminds firms of their requirement to determine that a recommendation is suitable for every investor to whom it is made. This is particularly challenging in the context of social media sites as certain sites include functions that make postings widely available or limit the content of postings to a few individuals. As a result, firms should ensure that they have reasonably designed policies and procedures so that any recommendations of specific investment products comport with the relevant suitability requirements.

FINRA has used the Notice to suggest “best practices” firms may wish to consider in adopting policies and procedures to address communications on social media web sites that recommend specific investment products.

  • Firms should consider adopting procedures that prohibit all interactive electronic communications that recommend a specific investment product and any link to such a recommendation unless the content is pre-approved by a principal; 
  • Firms should consider prohibiting communications that recommend a specific investment product unless it conforms to a pre-approved template and is pre-approved by a principal; and 
  • Even in cases where a communication does not constitute a recommendation, firms should consider adopting policies and procedures governing communications that promote specific investment products.


Given the increased use of social media sites and the pressure facing firms to permit the use of such sites by their associated persons, FINRA appears sincere in its effort to provide firms with basic guidance in assessing the adequacy of the firms’ supervisory procedures and systems to ensure compliance with applicable rules and regulations. However, continued growth in the use of social media sites and ever increasing sophistication in the technology and applications available through these sites will require firms and their advisers to remain vigilant and aware of the potential challenges that will continue to emerge for regulated entities to satisfy their regulatory requirements and to run their businesses according to high standards and best practices.

For additional information concerning this alert, please contact the following lawyers:

David Boch, Partner, Broker-Dealer Group, 617.951.8485

Amy N. Kroll, Partner, Broker-Dealer, 202.373.6118

Roger P. Joseph, Practice Group Leader, Investment Management; Co-chair, Financial Services Area, 617.951.8247

Edwin E. Smith, Partner, Financial Restructuring; Co-chair, Financial Services Area, 617.951.8615

Tim Burke, Practice Group Leader, Broker-Dealer Group; Co-chair, Financial Services Area, 617.951.8620

1 In addition to principal approval, certain types of advertisements such as those relating to registered investment companies (including mutual funds, variable contracts, continuously offered closed-end funds and unit investment trusts) may also trigger filing requirements under Rule 2210 and accompanying interpretative memoranda.
2 Firms must continue, however, to have procedures and systems to identify and report customer complaints, which may be contained in a third-party posting to the firm’s web site.

This article was originally published by Bingham McCutchen LLP.