Brokerage invests in social media archiving for FINRA compliance

By Alexander B. Howard, Associate Editor 04 Dec 2009 | SearchCompliance.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

More social media resources Compliance concerns dog enterprise 2.0 collaboration platforms Twitter security risks, popularity spark regulatory concerns The Web of social media and compliance: Online privacy regulations Social media platforms demand a clear employee Internet use policy

"Our experience so far was basically LinkedIn, where we have a number of brokers," he said. "We're monitoring those manually and treating it like basic advertising. If they want to use it, they need to let us know and allow us to monitor it, along with notifying us of any changes."

Sundstedt said that once he saw that one his brokers had joined Twitter, however, he knew that he'd need a new means of archiving the social messaging generated on the social media platform to meet FINRA compliance guidelines.

"Right now, we only have one broker, Dominic Sitowski, set up with marketing to Twitter," said Sundstedt. "We realize that it's going to be one of the marketing tools of the future. There will be more of them. We're trying to be proactive in learning how to archive them."

As a result, Crown Capital is using Smarsh Inc.'s Twitter archiving service as part of its broader program to ensure compliance with the multiple data retention regulations it is subject to in the financial services industry.

Podcast: FINRA guidance on social networking Listen to the FINRA Electronic Communication: Social Networking Websites podcast.

"We're sending out a year-end attestation that's been modified to acknowledge social media," said Sundstedt. "For Twitter, since we have an archiving tool, brokers will sign an acknowledgement that their messaging will be saved."

Sundstedt has been watching the amount and tenor of client interactions occurring on the different platforms that have to be archived for FINRA compliance. "So far with LinkedIn, it's really been quite static," he said. "Pages are glorified business cards. Brokers have put them up and haven't paid much attention. It's a lot like websites -- no one has done much with them. They haven't really grasped how to market through social media. Twitter is going to be much more active."

He said the brokerage hasn't been audited yet, but he expects his FINRA compliance to be evaluated next year. He added that when the auditors come, he also expects to be asked about whether he's archived social media messages for platforms that Crown Capitol has attested to. "Archiving will let us take a step forward with this kind of marketing," he said. "Once we get some archiving ability, then our marketing department can provide more tools in using that kind of media."

We realize that it's going to be one of the marketing tools of the future. There will be more of them. We're trying to be proactive in learning how to archive them. Henrik Sundstedt senior vice president and chief compliance officer, Crown Capital Securities LP

Sundstedt is working with his marketing department to both manage risk and maximize the investment in time and resources the firm has made. They're being selective in platforms, too: To date, Crown Capitol hasn't used Facebook for business yet. "From what I've seen so far, it's more personal and not business," said Sundstedt. "It's safe to say a lot of them have personal pages but none of them are using it for business. And right now, the basic policy is that Facebook will continue to only be for personal use. Until we can archive it, we're not going to allow a lot of business there. We require all of the same disclosures that any other archiving would have, including affiliation, just like we would anywhere else."

Sundstedt has two other compliance officers working with him to work through the FINRA compliance challenges presented by new platforms. Sundstedt said Crown Capitol will need to hire a new person to learn how to use the services and keep up with them, and make sure the company's sales force stays in FINRA compliance. Lack of control over independent use of social media can be a challenge in any organization, but when disclosures are legally mandated by regulations, any lack of clarity can cause real issues. "One of our brokers got on a blog and said something derogatory in a comment," said Sundstedt. "All of a sudden, someone chimed in and identified the broker as a member of our organization. The risks are regulatory and reputational, primarily to the brokers using it."

That said, Sundstedt's assessment is that moving into this area is going to be a competitive differentiator for the firm in the years ahead. "A lot of other broker-dealers aren't going to do it," he said. "From a recruiting standpoint, it will broaden the group that we're targeting, as well as giving our own brokers a better avenue for marketing. I think it will pay off -- or least there's the opportunity for it. If we do it right, it will be worth adding the staff person for it."

The trick with social media is going to be to stay in front of it, he said. "Right now, Twitter is the hot thing. Guaranteed, there will be a new service soon. For us, keeping up with it is going to be the biggest challenge."

Tags: Data retention and compliance software,  Risk management and compliance,  Industry-specific requirements for compliance,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data retention and compliance software Improving regulatory compliance management through log analysis, SIEM Which SIEM system is right for regulatory compliance in my company? Data loss prevention technology matures but is still no cure-all Record locator service a step to health information exchange Be ready for electronic discovery with a records retention policy Discovery process puts onus on electronic records management tools Voices from RSA: CA's Dave Hansen on compliance strategy Biometric security data adds layer of privacy compliance risk Podcast: New Massachusetts data protection law mandates IT compliance How State Farm saves millions on electronic data discovery Risk management and compliance Sorting through GRC framework questions What MOF, ISO 2700x and PCI DSS can mean for your compliance strategy Real-time compliance, social networking and the cloud highlight RSA Contingent controls complement business continuity, DR Social networking security poses risks to online privacy: RSA panel What's a risk management strategy worth to your S&P credit rating? 201 CMR 17.00 compliance: Fast Guide to the Mass. data protection law Will Private Sector Preparedness plan spur business continuity action? Improving regulatory compliance management through log analysis, SIEM Defending enterprise security in the post-Google Aurora era Industry-specific requirements for compliance What MOF, ISO 2700x and PCI DSS can mean for your compliance strategy The FTC offers tips on fending off P2P security risks Social networking security poses risks to online privacy: RSA panel 201 CMR 17.00 compliance: Fast Guide to the Mass. data protection law Congress hears testimony on location-based services and online privacy Risk management and agile principles in cloud computing Schmidt: Apply risk management to the nation's cybersecurity threats 'Sexting' case should prompt review of employee privacy policy Business method patents ruling could spell relief from patent trolls How Bilski v. Kappos may define the future of business method patents

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary PCI compliance  (SearchCompliance.com) XBRL  (SearchCompliance.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary