Last month I dug deeper into social networking rules and was surprised to find out how crazy this rule was. Although the “communication” regulation has been around for a while ( Regulation Notice 7-59), only recently has it been applied to social networking (Regulatory Notice 10-6). Although the intent of the rule was to limit it to “business” approved communication, many compliance professionals that I speak with have been told that these rules also apply to an employee’s personal accounts, and I am not sure they are incorrect. It is not surprising how compliance professionals are taking a very conservative approach to this issue, as the two regulations are somewhat confusing.
A quote from Regulation Notice 7-59 (Dec 2007):
“The path towards an effective supervisory system starts with clear policies and procedures for the general use and supervision of electronic communications, both internal and external, which are updated to address new technologies.”
A quote from Regulatory Notice 10-6:
“The goal of this Notice is to ensure that—as the use of social media sites increases over time—investors are protected from false or misleading claims and representations, and firms are able to effectively and appropriately supervise their associated persons’ participation in these sites.”
It is easy to understand how many would be confused. One talks about monitoring external communication as well as internal, whereas the other is targeting social networking. The obvious question is, what about PERSONAL accounts? Many whom I speak with have interpreted these rules to mean that someone may recommend an adviser or a product on a personal account, so personal accounts fall under this rule. Therefore compliance professionals must get personal IDs and passwords for employees who are on a social networking site and ensure that a third party is not “advertising” their firms.
Never mind the work involved, in my opinion this is extreme overreach and I am sure there are some constitutional violations in there somewhere. Yes I agree that someone may recommend someone on a personal media outlet like Linkedin.com, but is it reasonable? Will we have regulators following employees to every social gathering to ensure no one speaks about the firm, products or employees?!
The reasonable thing to do is to use technology and policy to accomplish this goal. First start by blocking all social networking sites and external email sites at work. Then a potential policy:
Employees who choose to create or participate in an Internet social network (Facebook, MySpace, Twitter, LinkedIn, etc.), blog or other form of online publishing or discussion (referred to in this policy collectively as “Internet social networking “) must do so on non-working time. Also, Internet social networking is not allowed on company computers or other IT equipment at any time.
Employees who participate in Internet social networking need to adhere to the following guidelines relative to any communications related to the company or to any company personnel:
Know and follow the company’s employment policies. For example, employees must not engage in any communication that violates the company’s policy prohibiting sexual and other unlawful harassment, the company’s conduct rules, or the company’s policy regarding confidential information.
Employees are prohibited from using, disclosing or posting company confidential and/or propriety information, or any documents related to the company, its clients and known potential clients.
Identify yourself when relevant and, if you publish something about the company, the work you do or any subjects associated with the company, use a disclaimer that the views expressed are exclusively your own. Your disclaimer could say something like the following: “The views I express on this site are my own and do not represent those of [Company].”
Respect all copyright, fair use, and financial disclosure laws.
Remember that what you write is public and will be for a long time.
The company expects its employees to be courteous and respectful toward supervisors, co-workers, clients and any other persons associated with the company. Do not engage in any personal attacks on such individuals.
Disclose any conflicts of interest.
Issue corrections where needed.
Any questions regarding this Internet social networking policy and your compliance with it should be directed to HR. Compliance will conduct audits to monitor participation and use of guidelines. The company reserves the right to determine whether particular conduct violates any part of this policy or is otherwise inappropriate. Violation may result in discipline, up to and including an unpaid suspension and/or immediate termination.
Ash Bhatnagar, CFP®
RIA Independence Co.