1 Comment

4 Elements of Social Media Guidelines

If you’re not using social media to promote your firm and content, consider this: 22 percent of the world’s population uses Facebook (not to mention 79 percent of Americans) and nearly 1 in 3 internet users with a college degree are on Twitter.

When financial advisers use social media well, it can boost their overall marketing strategy considerably. When they don’t, it can be an expensive, potentially career-ending disaster.

But don’t let that scare you. Just establish firm rules of engagement in these areas before posting anything.

1. Compliance

Watch out for these potential red flags:

Promissory language: Don’t promise success and don’t say you can get any better results than anyone else.

Testimonials: This one’s also kind of obvious, but it has some finer points. In the SEC’s guidelines, they lay it all out, but it basically boils down to this: keep the testimonials off your Facebook, Twitter, Linkedin or other self-run social media sites, even if the clients post it themselves. But reviews from other people on sites like Yelp, Google Reviews or Angie’s List are OK.

Out-of-context numbers: I made a good number of mistakes in this area when I first entered the financial world because I assumed anything that was acceptable in a blog post was acceptable on social media.

After a few panicked phone calls from clients, I learned this lesson: don’t post any market statistics. They can easily be taken out of context and viewed by someone as promissory.

2. Approval Process

Giving anyone (including yourself) total freedom to post anything on your social media accounts whenever they want is not a great idea. You’ll want to implement an approval process.

At Mineral, we developed a social post template that makes it easy to share social post ideas with your team and track the approval process. (I set up a “View Only” version of our sheet that you can check out for yourself. If you want your own, in the File menu, just click “Make a Copy.” We also have an Excel version.)

But a social post template alone won’t solve all your approval problems. You’ll need an approval workflow that takes your posts from creation to publication.

Here’s ours:

Creating posts should fall to your creative team (if you don’t have one, a more creative or social media-savvy team member will do). But final approval should be reserved for the people who will ultimately be held responsible if a bad post goes up.

Jud and Kim (our CEO and president, respectively) reserve the right to final approval. It’s their necks (and business) on the line.

Don’t have the time or interest to approve every piece of content that goes out the door? That’s okay, just understand that you’re basically handing over the reins of your firm’s public image, so you need a professional you can trust.

3. Personal Profiles

During a speech by Trump in early March, Dan Grilo, a principal at Liberty Advisor Group, posted something stupid about the wife of a fallen soldier and landed himself in some very hot water.

He posted from his own personal account, but people still began associating Liberty with Grilo’s tweet. In the end, he was fired and Liberty issued an apology, InvestmentNews reported.

Set up some suggested guidelines for what employees should avoid talking about, even on private social media channels (the big three are inflammatory political statements, market predictions and offensive language). You could require guidelines or you could just use Mr. Grilo as an example.

People can and do get fired for stuff they post on their personal accounts. It happens all the time. See this Oxygen article on things people have been fired for posting on their social media accounts.

4. Interactions

Social media is a two-way street. And that’s a good thing! If you don’t respond to people tweeting at you or posting on your wall, you could miss out on prospects and end up looking rude.

Make sure engagement notifications are sent to a phone, computer or Slack (using social integrations) so you don’t miss anyone reaching out.

When someone tweets at you or posts on your wall, you have two options: one of the final approval people could handle interactions so engagements move smoothly, or you slow down the engagement process and use the approval workflow.

This could be done easily and quickly in Slack (an app directory site where we have a #social channel to kick ideas around for posts and responses).

Bonus Rule: Keep Records of Everything

As FINRA wisely cautions, you should keep records of everything you do on social media. To do that, you’ll want to use a social posting and archiving service like Social Assurance or Hey Orca that keeps an audit trail.

Social media is fertile ground for adviser prospects. Who knows? Your next $1M-plus client could find you because of a simple retweet. Just make sure you think about these four areas before you post.

zach-mcdonald

 

Zach McDonald
Editorial Director
Mineral Interactive
Omaha, Neb.


Leave a comment

Step Up Cybersecurity

As planners incorporate more technology into their offerings to clients, it’s imperative they stay on top of their cybersecurity measures.

“Cybersecurity is a major issue for financial planners in today’s highly technical, digital world,” writes Ben Lewis, FPA’s public relations team leader on an FPA Connect post calling for participants for a cybersecurity assessment that has since ended.

Anthony Stitch explains in the forthcoming August issue of the Journal of Financial Planning that planners who don’t provide the technology clients want these days may lose those clients to firms they like less but that offer the technology they prefer. This, he writes, is called digital attrition. Members, you’ll get to read the full article when it comes out. And if you’re not yet a member, maybe now is the time. Learn more here.

“As you incorporate more technology into the running of your firm, it’s important that you stay educated on best practices for cybersecurity,” Blane Warren, an industry leader in financial services marketing, compliance, and technology, writes on XY Planning Network’s website.

But planners this move toward providing more technology options means planners need to step up their cybersecurity game in order to keep their clients and themselves safe. Something they’re not currently doing very well, according to a report from External IT titled “Financial Services Firms Face Further Scrutiny of Their Cybersecurity Practices: Is Your Frim Ready?”

InvestmentNews reports that that report found three key areas were lacking in terms of financial cybersecurity: security policy, firms failing to audit their IT security; accountability when moving data, moving data to personal and home devices without tracking measures; and disaster recovery, not having emergency business continuity plans.

This isn’t to say that planners don’t want to address cybersecurity issues, rather they don’t know where to go to get their information, Brian Edelman, chief executive of Financial Computer Services told InvestmentNews.

Edelman recommends using a cybersecurity firm that understands financial services.

In a recent article, ThinkAdvisor recommended planners check out the following resources: National Institute of Standards and Technology (nist.gov) and the Financial Services Information Sharing and Analysis Center (fsisac.com).

AnaHeadshot

 

Ana Trujillo
Associate Editor
Journal of Financial Planning
Denver, Colo.


Leave a comment

Fiduciary Rule for the Modern World

On April 6, the U.S. Department of Labor unveiled the fiduciary rule that has been six years in the making.

Department of Labor Secretary Thomas Perez said that the new rule ensures that financial advisers will act in the best interest of their clients. Gone is the suitability standard and replacing it is a fiduciary standard.

“A consumer’s best interest must now come before the adviser’s financial interest,” Perez said.

The Financial Planning Association will be there for its members throughout the process of compliance, said FPA President Pamela Sandy, CFP®. Firms are required to comply by Jan. 1, 2018.

Sandy said the organization is working with the Financial Planning Coalition—which includes CFP Board and NAPFA—to analyze the rule and figure out exactly what it means for FPA members.

“FPA, as your professional home, will be helping you understand the rule and assisting you in adjusting to the impact the rule will have on your clients and your business,” Sandy writes to FPA members.

Members now have access to the organization’s newest Knowledge Circle on Public Policy and Regulation, which is now available to help members navigate the new law and discuss information with peers. The Knowledge Circle will temporarily be headed by FPA Chair Edward W. Gjertsen, II, CFP®.

Perez said the change in regulation is long overdue.

“The regulatory structure that protects people’s investments has not kept up with the changing landscape,” Perez said at a press conference. The rules that were in place were sufficient for days when pensions dominated the retirement field and Leave it to Beaver was popular on television, he added.

But we live in a Modern Family world now, IRAs and 401(k)s rule the roost, and people are losing $17 billion annually in fees for bad products and advice, according to a 2015 White House report.

Perez said the streamlined rule addresses concerns that many opponents had with the first versions of it, which were proposed in 2010, withdrawn, then re-proposed in 2015. The new rule has some flexibility for firms that sell proprietary products, has extended the deadline for compliance four months, and streamlined the mechanics of the contract, among other things.

“Today’s rule ensures that putting clients first is no longer simply a marketing slogan, it’s now the law,” Perez said.

Proponents of the new rule are expecting a fight from the rule’s opponents, New Jersey Senator Cory Booker (D-N.J.) said at the press conference on April 6.

But Senator Elizabeth Warren (D-Mass.) said, “We are not going back. This rule is too important for seniors, it is too critical for workers, and it is one more step to making sure our economy can grow from the middle out, not from the top down.”

Join the discussion on FPA Connect, and see below for a list of helpful links to help you arm yourself with the most current information.

 

AnaHeadshot

Ana Trujillo
Associate Editor
Journal of Financial Planning
Denver, Colo.

 

Helpful Links for More Information


Leave a comment

“Take a Letter” Isn’t What It Used to Be

Dictation and transcription services have been a valuable business tool for many years. These services continue to be important—and they need to be flexible, accessible and fast.

There is a wide array of service providers to choose from, but how you choose is as important as whom you choose. With the advent of big data and the corresponding wave of complex legislation—HIPPA, GLBA, Sarbanes-Oxley, Dodd-Frank, etc.—sanctions for noncompliance can be onerous. Some providers are sophisticated when it comes to security, some less so. You can’t afford to use a provider that cannot clearly demonstrate its understanding and use of data security protocols.

Here are some important considerations:

  • Employee background checks. Are they thorough, including Social Security number verification and address history, as a requirement for employment? Can transcriptionists access data about the client, or is client data kept separately?
  • Remote facilities. Are the equipment and facilities under the provider’s direct control?
    Is work being processed in the U.S. or overseas where U.S. laws don’t apply? Does the company use home-based transcriptionists?
  • Downstream vendors. Is work processed under sole control of the transcription company or is the vendor outsourcing?
  • Shared environments. Are the equipment and facilities shared across multiple purposes or companies? Shared environments include a home-based transcriptionist using a personal laptop or a dictation company sharing server space with other companies.

DIY Tools
Dictation and transcription services were traditionally handled by support personnel and are still often viewed as simple, low-level functions. Financial professionals may “hire” their own personal technologies—tablets, smart phones, cloud applications—to do this work, but this is risky.

Siri and Android’s speech-to-text functions are considered safe, native applications, with data being processed only on the phone. In addition to risk of loss of the device itself, the trouble is the trustworthiness of the application coupled with complex data use agreements that are often dismissed with a touch of the “I accept” button. Rather than holding the content on the device, many speech-to-text applications retain and process the data. Out of your hands and untraceable, the data may be transferred, copied and even sold, creating serious reputational and compliance risks.

Voice-to-text software is not always efficient. It’s highly interpretive and cannot be relied upon for accuracy. It often requires a good bit of editing. Furthermore, licenses for voice-to-text software often require consent to expansive privacy policies, which may not be compliant.

Financial services companies must identify better alternatives that must satisfy these criteria:

  • Available 24/7
  • Accessible from anywhere
  • Easy to use—as easy or better than one’s personal technology
  • Able to understand and interpret industry jargon

If a service fails to meet the bar for ease of use, busy workers juggling multiple projects, deadlines and travel schedules will simply revert to their own equipment (I’ll just store it in my iPhone for now). This leaves the information without backup, encryption or other safety measures, creating risks of compliance issues, hefty fines, reputational damage and other problems.

Finding the Right Provider
A few key questions can help you identify the best vendor are:

  • Does the provider have a solid understanding of the risk and regulatory environment in you operate?
  • Is there a culture of security within the organization?
  • Are employees screened carefully?
  • Are standard protocols for safeguarding data being followed?

Remember, risk can never be entirely eliminated, but the right provider can make a world of difference.

Maree Miscoti

Maree Moscati
CEO, Copytalk


Leave a comment

The New SAS 70

Editor’s Note: The following information was taken from the AICPA website and applies only to Certified Public Accountants.

The American Institute of Certified Public Accountants (AICPA) have long set the standard for Statement on Auditing Standards No. 70, known simply as SAS 70 to many. The auditing standard became the global framework for reporting on controls at service organizations. Now as per their website (www.aicpa.org) SAS 70 is nearing the end of its lifespan after approximately 19 years of service.

Statement on Standards for Attestation Engagements (SSAE) No. 16, known as SSAE 16, has been put forth as the new standard by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). Here are some of the key differences:

  •  The SSAE 16, unlike SAS 70, is an “attest” standard, falling under the attestation framework, and not that of the “auditing” framework.
  • The SSAE 16 requires a description of the “system”. The SSAE 16 standard (published in 2010) provides details and illustrations of subject matter that should be included as part of the description of the “system”.
  • SSAE 16 standard requires a written “assertion” by management.

These changes may improve the standards in a couple of ways. First, it may make certification cheaper as it is an assertion model. Second, by management attest to the system, the management will be more liable for any misinformation.

When speaking to your vendors, find out if and when they will be updating to the SSAE 16.

Ash Bhatnagar, CFP®
President
RIA Independence Co.
Princeton, N.J.


2 Comments

How Are You Assessing Client Risk Tolerance?

In January, the Financial Services Authority, the regulatory authority for the financial services industry in the United Kingdom, released guidance on assessing suitability or risk tolerance for a client. The document is fairly lengthy and good reading—and, it begs the question: Will the United States follow?

I do not know, but I am sure the U.S. is looking at the U.K. model. Irrespective, I feel every adviser should have some internal consistent methodology to access risk. Creating a questionnaire and scoring model I feel is the best way to do that. Additionally, a summary of your findings should be displayed in the Investment Policy Statement.

For those who do not want to build their own questionnaires and scoring models, there are many third-party solutions. One such solution is FinaMetrica. They perform a fairly detailed process to determine a client’s risk tolerance. They do not recommend any type of allocation; that is the responsibility of the adviser.

Others tools I have seen that perform similar functions include ones from Morningstar and Envestnet. Of course, you can build one yourself in Excel.

In all cases, you should have a standard process and review the risk tolerance at least annually. (For a copy of the FSA document, please e-mail me.)

Ash Bhatnagar, CFP®
President
RIA Independence Co.
Princeton, N.J.

 

 

Editor’s Note: What risk assessment tool or process do you use? Share your experience with your colleagues through the comments function of this blog.


2 Comments

A Policy Manual for Data Security

I recently got a mortgage and it was surprising how much information a total stranger was asking for—and I had to give them this information. I, of course, checked out the firm with various associations to ensure it was legitimate. But through this experience I realized how clients must feel about advisers having so much personal information on their family. Additionally, expectations that an adviser will keep that information secure is assumed to be perfect. With this level of expectation, documenting will go a long way to managing security. Much like other policies and procedures manuals and checklists, security should follow the same pattern.  Unfortunately there is no one single format that works for all firms, but here are some items to consider when creating such a document.

  • Risk analysis
  • Staff member roles
  • Physical security
  • Electronic communication (email/Smart phones)
  • Blogs and personal websites
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Outsourced services
  • Employee termination procedures (IDs, passwords, expense accounts, remote access, etc.)
  • Incident reporting procedures
  • Access control guidelines
  • Security compliance checklists

It seems like a lot, but addressing each one of these items will help in building a manual that will grow over time. Additionally, sharing this level of information with clients about how you are keeping their information safe can differentiate your practice.

Ash Bhatnagar, CFP®
President
RIA Independence Co.
Princeton, N.J.