X

FINRA Provides Guidance on Social Media Influencers and on Privacy

FINRA provided an update of its targeted exam (sweep) focusing on the social media practices firms use to acquire new customers and firms’ privacy notices with respect to customer nonpublic information ("NPI").

As previously covered, during the recent targeted exam period from July 1, 2022 through September 30, 2022, FINRA reviewed how firms are addressing the increased risks associated with customer acquisition programs through social media influencer platforms, including: TikTok, Facebook, Instagram, YouTube and Twitter. According to FINRA, a social media influencer is defined as "any third party with whom the firm contracts or compensates to provide Social Media Communications."

FINRA outlined the following practices that firms can use to develop better and safer social media influencer programs:

  • establish a clear differentiation between social media influencer programs and other referral programs and their respective requirements;
  • update written supervisory procedures ("WSPs") in response to changing social media programs, regulations or industry actions;
  • conduct regular reviews of participants' compensation;
  • ensure proper screening of social media influencers' backgrounds for prior compliance issues and reputational risks;
  • provide training regarding the conduct permitted and prohibited by social media influencers; and
  • maintain related records in accordance with SEC and FINRA requirements.

The second area that FINRA focused on during the targeted exam period is the protection of customers' NPI and limited disclosure with non-affiliated third parties. FINRA's guidance for compliance with Regulation S-P obligations includes:

  • maintaining a WSP that specifies the delivery of privacy notices upon establishment of a customer relationship and thereafter annually;
  • permitting customers to opt out of information sharing and properly protecting such customers' information (including the collection of "cookies" and the sharing of data with third parties);
  • maintaining written agreements with those third parties the firm shares "non-anonymized NPI" to limit information usage consistent with Regulation S-P; and
  • using privacy notices that (i) designate the categories of NPI collected and shared with third parties both affiliated and non-affiliated, and (ii) considers guidance from Regulation S-P's model notice.

FINRA recommended that firms use this information to improve their current practices due to the growing compliance risks associated with social media influencer programs and the sharing of nonpublic customer information. FINRA stated, however, that this update neither (i) creates new legal or regulatory requirements or new interpretations of existing requirements, nor (ii) relieves firms of existing obligations.

Primary Sources

  1. Guidance: FINRA Provides Update on Sweep: Social Media Influencers, Customer Acquisition and Related Information Protection

Related Articles

Premium Content

Available only to Premium subscribers.

 

Join Premium

US Regulatory Intelligence combines regulatory and enforcement news, analysis, and practical work tools on an easy-to-use digital platform.

Request a Free Trial

Tags

Regulated Activities
Marketing Privacy Recordkeeping
Sub-Activity
Privacy Rights of Customers, Social Media
Regulated Entities
Broker-Dealers
Regulated Products
Digital Assets
Body of Law
Securities Law
Jurisdiction
US - Federal
Organization
FINRA / MSRB / SEC Exchanges / SIPC / Accountants
Sub-Author
FINRA