Compliance, social media can co-exist

When a whole 45-minute session at a compliance conference is committed to the use of social media in the financial services industry, it’s a sign that saying “no” to social media is no longer an option for advisory firms.

Social media has grown at an astounding pace and the industry, long resistant to its adoption, seems finally ready to meet it halfway.

Despite its recent genesis, the life without social media is unthinkable these days, said Joseph Bajic, vice-president of compliance, Assante Wealth management, speaking at the Strategy Institute’s Registrant Regulation Compliance Strategies Summit, in Toronto.

Facebook, for instance, was only launched in February 2004. LinkedIn, in May 2003. And Twitter in March 2006.

“These technologies move very quickly and your policies and procurers are living documents [and the firms] are going to have to change and adapt accordingly,” said Bajic.

Until recently, the easiest—and favoured—way for firms to confront social media was to prohibit their employees from using it. That is no longer an option.

“Saying ‘No’ to social media is the old way of doing compliance,” said Bajic. “We are here to assist business; we have to be active participants and provide the compliance and regulatory know-how to ensure that whatever the business wants to do, they’re aware of the risks. We advise them how to manage the risks [and] allow the use of social media in a compliant fashion.”

But in doing so, compliance must deal with many challenges. “We need to monitor employee websites, very similar to what is done with regards to advertisements, sales literature and correspondence,” he said.

Those in the mutual fund business have to adhere to specific restrictions outlined in NI 81-102, Section 15. There are audit trail requirements that document how advisors communicate with their clients. There’s also the issue of retaining all this information.

Bajic said, in addition to promotional material, compliance also needs to document their approval when things are changed or revised, before they go back to the advisor.

Securities regulators, he said, look very closely at how firms’ compliance departments retain and document approvals. A firm’s policies and procedures must, therefore, be designed to meet compliance guidelines to protect the reputation of both the firm and its advisors.

“We look at everything as communication; all content must be pre-approved,” he said. “If you want to change something in your profile as it relates to your organization, it touches on the regulatory aspect and must be pre-approved.”

There are, however, exceptions to that rule which allow advisors to do things, such as changing their profile picture, without prior approval.

“We also view all publicly available sales communication,” said Bajic. “We conduct periodic reviews of content. The easiest way to do that is Google your advisor; you’d be surprised at what you’d find.”

One way many firms prevent their advisors from being offside with regulators, without curbing their social media engagement, is by keeping their communication static.

“We don’t allow two-way communication; you can’t communicate through your Facebook website,” said Bajic. “Everything has to be controlled through the business email address; all links and content must be approved by marketing and compliance.”

Bajic makes it abundantly clear that the use of social media for employees is a privilege and not a right. “We allow them to use it; failure to [comply] will result in its removal and repeat offenders get hauled to the disciplinary committee.”

There are also legal concerns for a firm’s compliance personnel to contend with. Bajic singled out confidentiality and online fraud as the two key areas where things tend to go wrong.

“Because we deal with these things on the web, client confidentiality and privacy and identity theft are very big issues,” said Bajic.

As quickly as technology moves, the individuals who prey on people by collecting their private information using social media are quicker, he added. “Mind you, it allows you to look at your own internal control process and strengthen them.”