July 20, 2016

You Are What You Share: The Dos and Don’ts of Social Media Compliance for Financial Advisers

David T. Ackerman

The Bane and the Benefit of Social Media

For a Securities and Exchange Commission (SEC) registered investment advisory firm (RIA), managing social media is an arduous and, often times, formidable task. Instantaneous, mass communication offered by LinkedIn, Twitter, and Facebook understandably creates many areas of concern for both advisers and regulators alike. Misrepresentations and fraud can be disseminated to thousands of people with the click of a button. An internal miscommunication could lead to the accidental dissemination of proprietary or material nonpublic information—potentially leading to loss of revenue or, in extreme cases, an SEC claim of insider trading. The sheer power and influence yielded by social media around the world make it obvious why this is an area of contention with almost every regulatory body. Despite all these dangers, the beneficial use of social media as a tool for investors and RIAs cannot be ignored.

Social media has increasingly facilitated investors’ abilities to research and conduct their own due diligence on current or prospective RIAs. According to a study published in the World Health Report, more than 40 percent of high-net-worth individuals under 40 cite social media as important for accessing information on financial products or services. For RIAs, social media interaction helps build strong client relationships, find new prospects, improve client relations, and increase assets under management. This article seeks to assist RIAs in developing or refining social media compliance policies and procedures reasonably designed to ensure compliance with the Investment Advisers Act of 1940. There are numerous factors to consider when developing a social media policy, and the suggestions contained in the article are by no means exhaustive or fully comprehensive.

Caught in the Advisers Act

Social media should be treated as advertising under the Advisers Act. The SEC prohibits the use of client endorsements or testimonials in any advertisement under SEC Rule 206(4)-1. As such, much of the compliance risk associated with social media use by RIAs focuses around the use of potentially “false and misleading statements” and the use of testimonials.

A testimonial is a statement relating to a client’s experience with or endorsement of an RIA. In some instances this is easier to recognize, such as with LinkedIn. An investment adviser representative (IAR) is potentially at risk if a client, or in some cases someone completely unaffiliated with the IAR, posts a favorable recommendation on the RIA’s LinkedIn profile. If a recommendation is isolated to that one individual or is unconfirmed by the site prior to posting and gives a rose-colored view of the IARs overall business, chances increase that the posting will be considered a testimonial by the SEC. The feature allowing third party posting can be turned off, and many firms require their employees to do so.

Similarly, and in a more abstract context, the SEC indicated in its 2012 Risk Alert that a “like” on Facebook could be considered a testimonial in certain circumstances. Unlike the recommendations feature of LinkedIn, the “like” feature of Facebook cannot be turned off. Depending on the facts, an abundant number of likes could be misconstrued as an implied endorsement. Firms must pay close attention to the type of information that is being disseminated on Facebook and the number of likes received. A “like” solicited by an advisor as an indication of a client’s experience may be construed as a testimonial, but a “like” on a photo of an adviser’s fishing trip will likely not. So much depends on context that it is essential to monitor activity vigilantly and, when necessary, add disclosures within a posting to mitigate testimonial risk.

One consistent theme in multiple SEC guidance publications is if an RIA or IAR solicits comments from clients, the posted commentary will be scrupulously examined for compliance with advertising rules.

Competence Compliance

Basic requirements to address the aforementioned concerns should be implemented from the onset of an RIA’s use of social media platforms. All RIAs are required to create and implement a written social media policy reasonably designed to prevent the intentional or accidental violation of applicable rules. The social media policy should be clear and concise, distinguish between an individual’s personal use and business-related activities, and provide examples of appropriate and prohibited material.

Some policies can be implemented universally. The pre-approval of any static content can be administered uniformly across platforms. Changes in material such as a profile, work experience, or firm background can be submitted for approval prior to posting.

Ongoing monitoring procedures should ideally be platform specific to ensure clarity and increase the chances of observance. For example, to address the concern regarding LinkedIn endorsements, a simple remedy would be to prohibit the practice altogether. Since LinkedIn allows the user to block testimonials, endorsements, and recommendations, this is an effective way to avoid any accidental infractions caused by clients seeking to show their gratitude.

Finally, and perhaps most importantly, the social media policy should be treated as a living document and reviewed on an ongoing basis with an emphasis on preventing false or misleading communications. The consequences of noncompliance should be clearly spelled out, and compliance enforcement should be assigned to a specific individual or department. Regulators often frown upon boilerplate policies and procedures. Thus, the more tailored to a firm’s activities the social medial policies are, the greater the reduction of risk.

If Men Were Angels We Wouldn’t Need Training or Records

Once procedures are in place, ongoing training for compliance personnel, supervised persons, and access persons is essential. If feasible, create video training programs that will explain the policies and procedures as well as educate personnel on the risks posed by social media use. Develop a content library that includes redacted examples of approved and rejected content with explanations as to why the determination was made. Once trained, require employees and advisers to periodically sign an attestation confirming they have read and understand the policy, have not violated the policy, and are not aware of violations by others.

Moreover, in a 2013 survey, record retention was identified as the number one problem noted in audits and examinations by state securities regulators. The SEC has maintained that advisors must retain social media communiqués, including original content, third-party content, and responses. SEC registered IARs are subject to a five-year retention requirement for advertisements, calculated from the last day of the fiscal year during which the required record was last published or disseminated. The use of third party firms to maintain digital copies of social media pages are growing increasingly popular. However, low cost and no cost options are available. For firms that cannot afford the additional costs of monitoring, a periodic screenshot of relevant data or use of Facebook’s “Archive Feature” are compliant ways to maintain accurate records.


The importance of social media use in the future of the finance industry is considerable. Over 80 percent of financial advisors use it for business. Investment advisors readily connect with clients and prospects. Investors are able to conduct due diligence over and above the information available on the IAPD system, public filings, and other industry databases. The establishment of a social media policy is a threshold action, even for firms that do not utilize social media. For all SEC registered RIAs and IARs using social media, social media policies should be considered mandatory. Training on these policies to ensure compliance is critical as enforcement of advertising rules pertaining to social media use increases. Supervision of social media activities by a firm’s compliance team is critical, as is diligent record keeping, to achieve and demonstrate compliance if a firm’s or individual adviser’s practice is challenged. Carefully managed, social media will be an increasingly effective tool to promote connectivity and transparency in the financial services industry for years to come.

David T. Ackerman

David T. Ackerman is the chief compliance officer of Sound Income Strategies, LLC, a SEC registered investment advisory firm. All opinions contained in this article are those of the author and do not represent those of Sound Income Strategies, LLC or its affiliates.