Social Media and the Financial Risk

This is not meant to be a scare tactic. It’s just pointing out that web publishing tools have made it very easy to be a publisher. That’s great from an information perspective because it’s so much easier to find relevant information.

The problem is that the ease of publishing and finding information has nothing to do with it’s quality, veracity, or appropriateness. What your business publishes, what your employees publish, and what your business’s critics publish all affect your business and can affect its bottom line. (Positively or negatively.)

Infographic sources:

The Death of Martindale Connected

When Lexis backed a social networking platform for lawyers, I paid attention. I didn’t think a platform for lawyers would be interesting, but if it connected to some of Lexis’s massive collection of legal content it could at least be informative. That never came to the Martindale Connected platform. The platform has remained boring and uninformative.

One part of Connected’s approach was to create an authenticated community. So that the person is who they say they are. At first, that limited membership to practicing lawyers. That meant law firm marketers were excluded. Eventually, Martindale changed its mind and opened the doors to a broader membership. The additional membership did very little to energize the platform.

Now the spammers have arrived. I found this sitting in my inbox from Martindale Connected:

Dear new friend,
How are you hope fine my dear my name is Benita you can call me isatu I really like your profile in this site I would to get to know you, i want us to be friends well i will be waiting for your reply to my email ([email protected]) not in the site i will tell you more about my self and will attached my picture in my next mail thanks wait your reply
Benita  or you can call me Isatu.
[email protected] )

I checked my Martindale inbox and found a half dozen of spam messages like this that must have had their notifications trapped in my corporate spam filter.

I’m skeptical that Benita is a student (Judge) in Florida.

Or that Mrs Lisa Lechuga wants to give me $2,400,000 “for the good work of humanity, and also to help the motherless and less privilege and also for the assistance of the widows”.

Or that Lillian Mokan was “moved and become interested in you, I will like you to send me an email to my address ([email protected]) so that i can give you my pictures for you to know whom i am.”

I guess Martindale’s standards for validating users has either failed or they have dramatically lowered their standards. It’s one thing to be boring, it’s another to be annoying.

I was replicating my posts in Connected, but now I have decided to stop.  No reason to pile more dirt in the graveyard.

Related:

Charges Brought in Social Media Scam

The Securities and Exchange Commission charged an Illinois-based investment adviser with offering to sell fictitious securities on LinkedIn. The SEC also issued two alerts to highlight the risks investors and advisory firms face when using social media.

The SEC’s Division of Enforcement alleges that Anthony Fields of Lyons, Illinois offered more than $500 billion in fictitious securities through various social media websites. In the complaint, they cite a LinkedIn posting to promote fictitious “bank guarantees” and “medium-term notes”:

“Bank Guarantees, Cash Backed, Deutsche Bank, Credit Suisse, HSBC, JP Morgan Chase, BNP Paribas, UBS, RBS or Barclays, One (1) year and one (a) day, Fresh Cut USD 500 Billion (USD 500,000,000,000) with Rolls and
Extensions 40% or better plus 1% commission fee to be paid, to buy side and sell side consultants 50/50. First Tranche: 500M USD . . . . If you are interested you can email for particulars . . . .”

The SEC pulled out a laundry list of violations. Fields was not registered as a broker-dealer nor listed as an associated person a registered broker-dealer at the time of the postings. He later set up an unfunded investment adviser and unfunded broker-dealer. Fields provided false and misleading information concerning assets under management, clients, and operational history to the public through its website and in SEC filings. Fields also failed to maintain required books and records, did not implement adequate compliance policies and procedures, and held himself out to be a broker-dealer while he was not registered with the SEC.

The question I have is did someone turn in Fields? Or is the SEC searching social media sites looking for suspicious securities postings?

In the new investor alert, the SEC offers tips to help avoid fraud online. (.pdf)

If you see a new post on your wall, a tweet mentioning you, a direct message, an e-mail, or any other unsolicited – meaning you didn’t ask for it and don’t know the sender – communication regarding a so-called investment opportunity, you should exercise extreme caution. An unsolicited sales pitch may be part of a fraudulent investment scheme.

The SEC points out the three big red flags:

  1. It sounds too good to be true
  2. A promise of guaranteed returns
  3. Pressure to buy right now

In addition to the investor-facing alert, the SEC also issued a risk alert aimed at a registered investment adviser’s use of social media. It once again points out that while the social media platforms may be new, the securities laws are not. You can only use the shiny new tools in compliance with the existing regulatory regime.

“While many RIAs are eager to leverage social media to market and communicate with existing clients, and to promote general visibility, RIAs should ensure that they are in compliance with all of the regulatory requirements and be aware of the risks associated with using various forms of social media. The staff hopes that sharing observations from its recent review of RIAs’ use of social media as well as its suggestions regarding factors that firms may wish to consider is helpful to firms in strengthening their compliance and risk management programs.”

Sources:

FTC, Bloggers, and Disclosure

The Federal Trade Commission is continuing to pursue bloggers who fail to disclose that they received incentives to discuss a company’s products. Back in December, the Federal Trade Commission released new guidelines that specifically required bloggers to disclose any material connections to a product or company they are writing about. The FTC is focusing its efforts on the company.

The latest company snared in the failure to disclose is Hyundai. The FTC took a close look at a promotion in which bloggers were given gift certificates as an incentive to include links to Hyundai videos in their posts or to comment on Hyundai’s Super Bowl ads. One focus was whether the bloggers were told to disclose or were told not to disclose that they had received compensation.

It seems Hyundai’s first defense was that it wasn’t their fault, but he fault of their advertising agency. The FTC won’t take that defense and pointed out that advertisers are legally responsible for the actions working directly or indirectly for them.

What saved Hyundai is that their established social media policy calls for bloggers to disclose the receipt of compensation. What saved Hyundai’s advertising agency was that their established social media policy calls for bloggers to disclose the receipt of compensation.

By having the policies in place, Hyundai and the advertising agency were able to establish that the bad actions were those of rogue employee operating outside the established policies of the firms. That’s compliance in action.

Sources:

More from FINRA on Social Media and Mobile Devices

In January 2010, FINRA issued Regulatory Notice 10-06 in an attempt to provide guidance on the application of FINRA rules governing communications with the public to social media sites. The guidance did not provide much that was new. Largely, FINRA pointed out that the existing communication and record-keeping rules applied. Too bad that the site did not allow you to take the steps needed to comply with the existing rules.

Apparently, the guidance raised enough questions that FINRA decided to provide some additional guidance. It is not intended to alter the principles or the guidance provided in Regulatory Notice 10-06. Anyone expecting something new or innovative will be disappointed.

Q1: Does determining whether a communication is subject to the recordkeeping requirements of SEA Rule 17a-4(b)(4) depend on whether an associated person uses a personal device or technology to make the communication?

A1: SEA Rule 17a-4(b)(4) requires a firm to retain records of communications that relate to its “business as such.” Whether a particular communication is related to the business of the firm depends upon the facts and circumstances. This analysis does not depend upon the type of device or technology used to transmit the communication, nor does it depend upon whether it is a firm-issued or personal device of the individual; rather, the content of the communication is determinative. For instance, the requirement would apply if the electronic communication was received or sent by an associated person through a third-party’s platform or system. A firm’s policies and procedures must include training and education of its associated persons regarding the differences between business and nonbusiness communications and the measures required to ensure that any business communication made by associated persons is retained, retrievable and supervised.

The FINRA rules came first and they are in place for a good reason. It’s up to the firm to find a may to meet the compliance standards if they want to use third-party websites to publish information, communicate with the public, or communicate with clients.  If cloud providers want to take over company-hosted communications they need to but more effort into the record-keeping and compliance requirements of the business world.

Sources:

Report on Investment Adviser’s Use of Social Media in Massachusetts

Social Media used by Investment Advisers

There is a growing trend in the financial services industry to use social media sites for outreach to existing as well as potential customers. Noticing this trend, the Securities Division of The Office of the Secretary of the Commonwealth surveyed investment advisers registered and doing business within the Commonwealth of Massachusetts. The purpose of the survey is to determine the scope of investment advisers’ use of social media, and what, if any, record retention and supervisory procedures have been implemented or utilized by those advisers. Empirical evidence is good to have.

The Division forwarded the social media survey to 576 investment advisers registered with the Division and located in the Commonwealth and 79% of advisers have responded.

  • 44% of investment advisers used some form of social media
  • Of those not using, 10% expect to use it in the next year
  • A majority of investment advisers using social media fall within the 42-62 age bracket

The Survey also suggests that some advisers do not have policies relating to the retention or supervision of social media content, are not retaining social media content, and do not supervise the use of social media content.

  • 69% of advisers using social media claimed to not have written record retention policies related to the retention of social media content
  • 57% also did not retain all content posted on social media websites maintained (directly or indirectly), by the firm.

It should not come as  surprise that the Division concluded that additional regulatory guidance concerning the use of social media would be appropriate. We have already seen enforcement at the national level for the abuse of social media. I expect the states will be on board soon and including a review of social media as part of their examination and review process.

Sources:

Twitter Fail and Compliance


FINRA has long regulated and limited the ability of broker/dealers to communicate with the public. One of their missions is to protect the investing public from unscrupulous securities brokers. Twitter is a communications tools and any messages posted to Twitter will need to be in compliance.

It was inevitable that we would see a FINRA regulated party make a mistake using Twitter. The time has come.

FINRA also found that during eight months in 2009, the registered representative maintained a Twitter account and had more than 1,400 followers. Without notifying a principal of her employer firm, the registered representative posted 32 “tweets” related to a particular security. The tweets were unbalanced, overly positive and often predicted an imminent price increase. In the tweets, the representative failed to disclose that she and her family held a significant number of shares of the security. FINRA concluded that this conduct violated NASD Rules 2210 (communications with the public) and IM-2210-1 (guidelines to ensure that communications with the public are not misleading), and FINRA Rule 2010 (ethical standards).

To me, this sounds exactly like the behavior FINRA is trying to prevent by imposing Rule 2210 on financial representatives.

I don’t want to overstate the effect of this Twitter failure on the discipline. The registered representative was doing some other things in violation of the rules. I would guess that once a registered representative is under investigation FINRA takes a look at that person’s social networking activity to see if they have been doing other bad things.

Sources:

Image is 2008wmonroe by Liza P
CC BY-NC-ND 2.0

Compliance and Google+

google-plus

Over the past few weeks, Google+ has exploded as a new social web platform. We had friends on Facebook and followers on Twitter. Now there are Circles on Google+.

What does this mean from a compliance perspective?

Not much for right now. Google+ does not seem to present any new issues that we haven’t already seen in social media. My general impression is that it’s a hybrid of Twitter and Facebook. This is both in terms of privacy and the way communications flow.

I expect there will be a few hiccups with the privacy settings as we have already seen with Facebook. The use of “circles” allows you limit who can see your communications. But since anyone in that circle can then share it with people in their circle, any message can easily become public. If you want to keep you message a bit more private, there is a button that can check to prevent sharing.

To the extent you have a social media or communications policy you should make sure it takes into account Google+. To the extent you need to archive and preserve messages, you will need to take Google+ into account. Hopefully Smarsh and the other vendors will get access to the API so they can find a way to preserve the messages.

If you block access to social networking sites, Google+ is a little trickier to deal with. It looks like it operates as a subdomain on Google.com. I don’t think too many c0mpanies want to block access to Google.com. Your blocking software will need to make sure it only limits the plus.google.com subdomain. And it’s https:, not http:.

Will Google+ live long enough to be a concern for compliance? Maybe. I have a hard time believing people will use Facebook, Twitter and Google+. I suspect that Google+ will need to take users away from Facebook and Twitter to be successful.

I don’t suspect it will cause many people to abandon Facebook. Google+ is slicker, but Facebook has the bigger user base. As Andrew McAfee once told me, the new tool can’t just be a little better, it has to be many times better for people to switch.  I don’t find Google+ to be that much better than Facebook. Most importantly for me, Facebook has the largest collection of close friends and family. (My “Family” circle on Google+ is empty, my “Friends” only has a few handfuls of people, and my “compliance” circle has a single person.)

Twitter is the most likely victim of Google+. It removes the 140 character shackle and threads conversations together. Twitter still has better integration with other platforms. On the other hand, there is the possibility that Google+ could tie together many of Google’s other platforms.

It will be hard to kill Twitter. All of the news coverage about placing the valuation of Twitter in the billions of dollars are tied to Twitter’s latest round of raising money from investors. I would guess that the company is sitting on a big pile cash that will take a long time to burn through, leaving them plenty of cash to improve the product and find ways to generate revenue.

Google+ will cause more compliance headaches. For now, it doesn’t appear to create any new headaches.

Sources:

Enterprise 2.0 – Regulatory and Compliance Concerns

I’m once again speaking at the Enterprise 2.0 Conference.

Social Media & Social Networking: Some Cautionary Tales (Location: Room 312)

Social media (Twitter, LinkedIn) and enterprise social networking solutions (profiles, activity streams, social analytics) can deliver compelling business value. However, benefits do not come without risks. This panel discussion with experts and practitioners will provide insight as to the policy, governance, and security issues warranted to mitigate risks.

Moderator – Mike Gotta, Senior Technical Solution Marketing Manager for Enterprise Social Software, Cisco
Panelist – Julie LeMoine, Enterprise Collaboration, Innovation Expert
Panelist – Doug Cornelius, Chief Compliance Officer, Beacon Capital Partners LLC
Panelist – Stew Sutton, Principal Scientist, Knowledge Management, The Aerospace Corporation
Panelist – Suzanne McGann, Social Media Program Manager, Global Interactive Strategy, Medtronic

The session is Tuesday afternoon, 2:30 to 3:30 in Room 312 at the Hynes Convention Center. Stop by if you can.

Compliance Lessons from Weinergate

In a tearful statement to the media, Rep. Anthony Weiner admitted he posted a lewd picture of his anatomy to Twitter. Not only that, he says he’s engaged in “inappropriate” online communications with at least six other women.

It was just a few days ago that I revisited the Fabulous Fab Rule:

Don’t write emails so provocative that they wind up reproduced on the front page of the Wall Street Journal.

That rule is focused on email which for many companies is archived for years. That means it could end up in litigation or an enforcement action. The rule is really applicable to any type of publishing.

The internet has turned us all into publishers, or at least given us the ability to be publishers. Traditional publishers have layers of review before information, stories, and pictures get published. On the internet, the only layer of review is your common sense. That’s all that stands between you and that send button.

Weinergate is just another example of failed common sense. He never should have hit that send button.

I have not found anything new in the scandal. I don’t think you need a new policy prohibiting people from sending pictures of themselves in their underwear. (I suppose there is an exception if you are in the adult entertainment industry.) Common sense should take care of that.

I suppose its useful to compare this to Eliot Spitzer. He had his own sex scandal, but it required a government investigation. Weiner merely shot himself by sending out a public message.

Sources:

 

Image of Meet Congressman Weiner is by David Boyle
CC BY 2.0