Social media has played a key role in revolutionizing the business landscape and has, for many years, become more of an integral tool for employee communications.
With its increased usage, financial regulatory authorities around the world have also established a number of strong regulatory mechanisms to ensure that the social media communications with investors and clients are being captured, retained, and supervised by financial firms.
One such regulation is the IIROC Regulatory Notice 11-0349 from the Investment Industry Regulatory Organization of Canada (IIROC). Implemented in 2011, this notice replaced the MR0281 notice from 2004 and is intended to assist members in meeting the compliance requirements of Rule 29.7.
What Regulatory Notice 11-0349 Tells About Social Media Communications?
Compared to its predecessor, the Regulatory Notice 11-0349 not only focuses on the nature of various communications but also on the methods by which business communications are disseminated.
Subject for the review, supervision, and retention are advertisements, sales literature, and correspondence in social media websites such as Facebook, Twitter, YouTube, blogs, and chat rooms as well as content sent via email.
According to the notice, dealer members must ensure compliance with applicable regulatory requirements and securities legislation “regardless of the method by which the communication takes place, and however social media websites evolve.”
The notice also specified the compliance and supervisory issues that dealers and representatives must consider when using social media websites to communicate with clients and the public for business purposes; and, in designing company policies and procedures for the review, supervision, retention, and retrieval of these archived materials.
Social Media Content Archiving: Mobile Device Doesn’t Matter!
The notice also notes that whether a message is business-related, and therefore captured by archiving requirements, depends on the content of the communication, and not on the type of the device or channel used to communicate the message.
As such, it is imperative for Canadian financial firms to invest in archiving systems that have record retention and retrieval capabilities that will enable them to capture permitted communications, including content posted on social media websites, from all types of devices being used by their employees.
Moreover, dealers must establish policies and procedures that allow them to supervise mobile communications within the workplace and protect their clients from fraudulent or misleading communications from their employees. Otherwise, they could face hefty fines and penalties from failing to meet their supervisory obligations.
IIROC’s Three Strategies to Keep Firms Compliant
In order to help dealers and advisers in Canada to remain compliant, IIROC recommends firms to use at least one of the three strategies they developed:
- Pre-use approval
- Post-use review, or
- Post-use sampling
IIROC also provided guidance on using these strategies with regards to social media website used for business purposes.
1. Static content, such as profile background or wall information, usually considered an original “template advertisement”, must be pre-approved.
2. An interactive electronic forum, such as Facebook or Twitter, does not require prior approval. However, it must be supervised to ensure compliance with IIROC rules and securities legislation.
3. If an interactive content becomes static, this static content does have to be pre-approved.
In terms of password protection, the guidance specifies that whether a social media website is password protected, or not, does not determine whether it’s an acceptable method of communicating with clients.
“As long as websites are adequately supervised and do not violate any regulatory or legislative requirements, for example, record retention, [dealers] and their representatives are permitted to use these sites and/or technology to communicate with clients and the public for business purposes,”
Non-compliance with rules established by IIROC can lead to a variety of different penalties depending on the severity of the violation. IIROC lists possible penalties for failure to comply with securities law and regulations ranging from a fine of up to $1 million per infringement to a total ban from operating/working in the industry.
TeleMessage offers the Mobile Archiver, a platform that can help financial services leaders to effectively manage data and content including enterprise SMS, emails, and web and social media content, with respect to compliance. Our archiving solution is equipped with versioning and robust governance capabilities that ensure content across all digital channels. It is IIROC-compliant and meets global regulatory requirements.
To learn more about mobile archiving solutions, visit our website today at www.telemessage.com
