FINRA: 5 Guidelines and Hacks For Compliant Social Media

Posted by Mikki Ware on May 6, 2014

In 2011, FINRA (Financial Industry Regulatory Authority) issued two notices and a new rule geared specifically to electronic communications with social media. Generally speaking, financial services organizations can assume that social media falls under the rules of any other business-related electronic communications in terms of recordkeeping, suitability, supervision, and content. However, certain aspects of social media, such as third-party posts and data feeds, require further oversight.

Speaking of oversight - In June 2013, FINRA released the “June Sweep letter,” alerting financial organizations that they intend to conduct random spot checks of firms’ communications on social networking websites. This indicated a move toward more accountability for both continuing and new FINRA members. Regulated industries, take note: now that enforcement is on the rise, it is time to review the rules and gain full understanding of what they mean. Let’s examine the 6 basics of the FINRA guidance, and hacks your organization can use when putting together a social media strategy. We will also examine what member dealers need to have on hand during an infamous spot-check.

1 ) Recordkeeping

Regulatory Notice 10-06 reaffirms applicable SEC and FINRA rules on recordkeeping, but adds the stipulation that the nature of the electronic communication, whether it is “static” or “interactive”, would determine the member’s compliance obligations. In their article on, Ethan L. Silver and Jayun Koo defined a static communication as “a planned communication to a target audience that cannot be altered or does not provide for interaction with the author once published. This includes posts that will remain posted until removed, such as a website, banner or advertisement, sales literature, profile, video, and background information.” These communications would be subject to approval by a “registered principal” before posting. Interactive content “such as tweets or status updates on Twitter, LinkedIn, Facebook, or blogs that are used to engage in real-time interactive communications with a target audience, do not need prior approval by a registered principal, unless such interactive content becomes static.”

It is important to note that while FINRA makes delineation between static and interactive content, Rule 204-2 under the SEC Advisers Act requires that firms retain records of content considered and advertisement or recommendation. Because there is such a fine line between definitions, we highly recommend approval and archiving for all social media content, regardless of its nature.


Use the Gremln workflow tool to set up approval processes for your teams. Posts do not get sent until your approval process is fully executed. Search and export all social media posts using Gremln’s archiving functionality.

2) Suitability

If a firm or its representative makes a recommendation on social media, the same guidelines outlined in NASD Rule 2310 apply. Rule 2310 requires that a recommendation be suitable for every investor to whom it is made. With this in mind, if a firm has 300 followers who are investors on Facebook, any recommendation made on the firms Facebook business page would have to be suitable to all 300 followers.


Avoid recommendations of specific products and services, unless they have been given the green light through your approval process. Add filters for product names or words that are commonly found in recommendations. Have these violating messages redirected to appropriate personnel for review.

3) Supervision

NASD Rule 3010 “requires each firm to establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable federal securities laws and FINRA rules.” The guidelines of this responsibility are:

1) A registered principal must review an associated persons first posting prior to using any social media site (Source:

2) The registered principal may approve use of the site for a business purpose only if the registered principal has determined that the associated person can, and will, comply with all applicable FINRA rules, federal securities laws, including recordkeeping requirements, and any additional requirements established by the firm. (Source:

3) The registered principal must review an associated person’s proposed social media site in the form in which it will be “launched.” (Source:


The same person who reviews and approves posts should review the social media sites the firm is planning to use. Our advice? Review early, review often. Social media is fluid and changes rapidly. Create a process in which reviewing your social networks happens at least once a month.

4) Third-Party Posts

Regulatory Notice 11-39 states that “firms may not establish a link to any third-party site that the firm knows, or has reason to know, contains false or misleading content. A firm should not include a link on its website if there are any red flags that indicate the linked site contains false or misleading content.” The guidance further states that “a firm is responsible under NASD Rule 2210 for content on a linked third party site if the firm has adopted or has become entangled with its content.” For example, a firm may be deemed “entangled” with the third-party content if they helped in its creation.


Be judicious in your use of third-party links, and include verbiage in your social media policy prohibiting third party posts by anyone but the registered principal.

5) Data Feeds

According to Regulatory Notice 11-39, “firms must adopt procedures to manage data feeds into their own websites.” Similar to third-party links, a firm accepts the burden of responsibility for ensuring any third-party data presented on their website is accurate. For example, posting the home page of a Twitter feed would not be advisable due to the uncontrolled nature of the posts. However, posting a firm's own tweets (provided they have been through the appropriate approval processes) would be acceptable.


The same process by which a firm reviews its social networks should include a review of all data feeds.

6) Social Media on Personal Communication Devices

While FINRA allows for associated persons to access social media from personal devices such as cell phones and tablets, firms must be able to retain, retrieve, and supervise any business communications conducted on the devices, whether they are personal or business owned.


Keep business and personal information separate by posting and creating social media accounts with business emails. Mobile apps for Facebook, LinkedIn, Twitter, and other social media networks should be connected to business accounts that fall under the firm’s approval, archival, and supervisory processes.

The take away is that regulated industries can do social media, but the devil is in the details. Understanding the guidelines, creating a social media policy, training your staff, and gathering the right social media management tools are essential elements of your strategy. Ready to get started? Check out the first article in our blog series on how to create engagement, Facebook for Financial Services.

Enforcement - Spot Checks

Though enforcement of social media violations has been minimal, firms can expect to start being more accountable. As mentioned above, starting in June 2013, FINRA posted the “June Sweep” Letter alerting firms to periodic spot checks. Firms should be ready to present the following:

1) An explanation of how the firm is currently using social media such as Facebook, Twitter, LinkedIn, and blogs.

2) The URL for each of the social media sites used by the firm at the corporate level, the date the firm began using social media, and the identity of those who are responsible for updating content.

3) An explanation of how the firms registered representatives and associated persons use social media for business.

4) The firm's written supervisory processes with regards to the production, approval, and distribution of social media communications during a given time period.

5) A list of the firms top producing registered representatives who used social media to communicate with investors, and on which platforms.





Topics: compliance, Compliance, FINRA, social media, Social Media, social media compliance, Social Media Education, social media for banking, Social Media for Banking

Subscribe to the Gremlin Social Blog

Recent Posts