FINRA continues scrutiny of financial industry for improper electronic communications

Digital technology is transforming how industries do business everywhere around the world and the financial industry is no exception. Financial advisors have a tougher time when it comes to digital communications, however, as they text, tweet and post according to strict industry rules and under increasingly close regulatory scrutiny.

Find out how Thomson Reuters Compliance Learning can help your organization with compliance obligations

Nonetheless, the use of electronic communications in the financial industry is growing. A 2016 study found that 85% of advisors are using social media on a daily basis to communicate with clients and business prospects. Growing in tandem with such use, however, is the U.S. Financial Industry Regulatory Authority’s (FINRA) attention to how firms and advisors are monitoring and recording electronic communications, as well as the size of the fines for inadequacies. In 2016, FINRA reported $22.5 million in finesfor books and records violations — a 423% increase in fines from $4.3 million in 2015.

These figures highlight the importance of ensuring that compliance with record-retention requirements keeps pace with changes in digital communications. FINRA’s 2017 Examination Priorities Letter acknowledges “the increasingly important role [social media and other electronic communications] play in the securities business” and makes it clear that supervisory and record-retention obligations “apply to business communications irrespective of the medium or device used to communicate.” Thus, “firm[s] must capture and maintain all business-related communications in such a way that the firm can review them for inappropriate business conduct.”

Firms and advisors can reduce their risk of compliance violations by paying attention to regulatory guidance regarding social media and digital communications. The following are some highlights regarding day-to-day business communications from FINRA’s most recent guidance in April 2017.

Find out how Thomson Reuters Compliance Learning online courses can support your organizations with appropriate internet use

Recordkeeping requirements

Most violations stem from the general requirement to retain, supervise and produce business communications. As mentioned above, this obligation applies regardless of the source of the communication. Consequently, firms should be establishing policies and procedures to capture, retain and supervise all emails, text messages, social media posts, instant messages and communications on other emerging platforms, such as text messaging apps and chat services.

Discover how to ensure employees understand the importance of social media compliance and responsible use with Thomson Reuters Compliance Learning

Personal versus business communications

Since these obligations only apply to business communications, advisors must understand the distinction between business and personal communications. Security and Exchange Commission (SEC) and FINRA rules state that the content of the communication determines what must be retained, thus only those communications concerning a firm’s products or services are subject to recordkeeping requirements. While seemingly clear cut, mixing business with pleasure risks blurring the distinction, making it vital that advisors understand the importance of avoiding business references in personal communications.

Thomson Reuters Compliance Learning has  online courses to help your employees understand their compliance obligations in regards to electronic communications 


Issues can arise under Section 203 of the Investment Advisers Act — which prohibits investment advisors from advertising — if someone posts a favorable comment on social media regarding an advisor’s skills or experience. FINRA’s guidance states such comments are fine if they are unsolicited; if an advisor “likes” or “shares” the comment, however, the firm is viewed as having “adopted” the comment and is responsible for the communication.

Bring Your Own Device (BYOD)

Advisors must keep in mind regulators’ focus on the content of communications in determining whether rules apply. Thus, the same retention and supervisory concerns apply to communications regarding a firm’s products or services whether they come from a workplace computer or a personal tablet or Smart phone.

Text messaging and recordkeeping

FINRA guidance explicitly addressed the need to retain records of text messages and the importance of educating advisors on how to handle texts from clients or associated parties in accordance with a firm’s policies, particularly if such policies do not allow for text messaging. FINRA has fined, suspended and/or banned many advisors from FINRA-regulated businesses for texting on personal devices as part of broader investigations into fraudulent or irresponsible transactions.

Thomson Reuters Compliance Learning has  online courses to help your employees understand their compliance obligations in regards to electronic communications 

Digital platforms a reality firms must address

However, texting and other digital communications are now a common business-building and marketing tool for advisors. Thus, policies and procedures for ensuring proper supervision, review and retention of such business communications is a must for reducing the risks for advisors and firms. These records not only are the best defense against claims of fraudulent or irresponsible transactions, but can provide early warning of misbehavior or other compliance issues.

Find out more about customizing online compliance training to fit with your organization’s unique needs

The above are only a few of the applicable FINRA and SEC rules related to digital communications, but many more apply. These rules, together with the pace of digital transformation in the financial services industry, make it crucial that financial advisors and firms address the potential risks involved with email, social media and other digital platforms. Thomson Reuters’ online training courses on Social Media Compliance, Electronic Communications and Information Security/Cybersecurity Awareness are easy and effective way to ensure employees understand how to use a firm’s electronic–communication systems, social media and personal devices in a professional and lawful manner.

Compliance Learning

Provide interactive and engaging training courses to your employees