Skip to content
Thomson Reuters
Compliance Risk

FINRA continues scrutiny of financial industry for improper electronic communications

Tiffany Robertson

13 Sep 2017

Image by © Kevin Kozicki/Corbis
Image by © Kevin Kozicki/Corbis

Digital technology is transforming how industries do business everywhere around the world and the financial industry is no exception. Financial advisors have a tougher time when it comes to digital communications, however, as they text, tweet and post according to strict industry rules and under increasingly close regulatory scrutiny.

Find out how Thomson Reuters Compliance Learning can help your organization with compliance obligations

Nonetheless, the use of electronic communications in the financial industry is growing. A 2016 study found that 85% of advisors are using social media on a daily basis to communicate with clients and business prospects. Growing in tandem with such use, however, is the U.S. Financial Industry Regulatory Authority’s (FINRA) attention to how firms and advisors are monitoring and recording electronic communications, as well as the size of the fines for inadequacies. In 2016, FINRA reported $22.5 million in fines for books and records violations — a 423% increase in fines from $4.3 million in 2015.

These figures highlight the importance of ensuring that compliance with record-retention requirements keeps pace with changes in digital communications. FINRA’s 2017 Examination Priorities Letter acknowledges “the increasingly important role [social media and other electronic communications] play in the securities business” and makes it clear that supervisory and record-retention obligations “apply to business communications irrespective of the medium or device used to communicate.” Thus, “firm[s] must capture and maintain all business-related communications in such a way that the firm can review them for inappropriate business conduct.”

Firms and advisors can reduce their risk of compliance violations by paying attention to regulatory guidance regarding social media and digital communications. The following are some highlights regarding day-to-day business communications from FINRA’s most recent guidance in April 2017.

Social networking guidance
A view of an online training course in Thomson Reuters Compliance Learning

Find out how Thomson Reuters Compliance Learning online courses can support your organizations with appropriate internet use

Recordkeeping requirements

Most violations stem from the general requirement to retain, supervise and produce business communications. As mentioned above, this obligation applies regardless of the source of the communication. Consequently, firms should be establishing policies and procedures to capture, retain and supervise all emails, text messages, social media posts, instant messages and communications on other emerging platforms, such as text messaging apps and chat services.

Social media in the courts
A view of an online training course in Thomson Reuters Compliance Learning

Discover how to ensure employees understand the importance of social media compliance and responsible use with Thomson Reuters Compliance Learning

Personal versus business communications

Since these obligations only apply to business communications, advisors must understand the distinction between business and personal communications. Security and Exchange Commission (SEC) and FINRA rules state that the content of the communication determines what must be retained, thus only those communications concerning a firm’s products or services are subject to recordkeeping requirements. While seemingly clear cut, mixing business with pleasure risks blurring the distinction, making it vital that advisors understand the importance of avoiding business references in personal communications.

A view of an online training course in Thomson Reuters Compliance Learning

Thomson Reuters Compliance Learning has  online courses to help your employees understand their compliance obligations in regards to electronic communications 


Issues can arise under Section 203 of the Investment Advisers Act — which prohibits investment advisors from advertising — if someone posts a favorable comment on social media regarding an advisor’s skills or experience. FINRA’s guidance states such comments are fine if they are unsolicited; if an advisor “likes” or “shares” the comment, however, the firm is viewed as having “adopted” the comment and is responsible for the communication.

Bring Your Own Device (BYOD)

Advisors must keep in mind regulators’ focus on the content of communications in determining whether rules apply. Thus, the same retention and supervisory concerns apply to communications regarding a firm’s products or services whether they come from a workplace computer or a personal tablet or Smart phone.

Text messaging and recordkeeping

FINRA guidance explicitly addressed the need to retain records of text messages and the importance of educating advisors on how to handle texts from clients or associated parties in accordance with a firm’s policies, particularly if such policies do not allow for text messaging. FINRA has fined, suspended and/or banned many advisors from FINRA-regulated businesses for texting on personal devices as part of broader investigations into fraudulent or irresponsible transactions.

Appropriate internet use 2
A view of an online training course in Thomson Reuters Compliance Learning

Thomson Reuters Compliance Learning has  online courses to help your employees understand their compliance obligations in regards to electronic communications 

Digital platforms a reality firms must address

However, texting and other digital communications are now a common business-building and marketing tool for advisors. Thus, policies and procedures for ensuring proper supervision, review and retention of such business communications is a must for reducing the risks for advisors and firms. These records not only are the best defense against claims of fraudulent or irresponsible transactions, but can provide early warning of misbehavior or other compliance issues.

Find out more about customizing online compliance training to fit with your organization’s unique needs

The above are only a few of the applicable FINRA and SEC rules related to digital communications, but many more apply. These rules, together with the pace of digital transformation in the financial services industry, make it crucial that financial advisors and firms address the potential risks involved with email, social media and other digital platforms. Thomson Reuters’ online training courses on Social Media Compliance, Electronic Communications and Information Security/Cybersecurity Awareness are easy and effective way to ensure employees understand how to use a firm’s electronic–communication systems, social media and personal devices in a professional and lawful manner.

Thomson Reuters Compliance Learning

Culture and Conduct Risk Survey: How do you compare? Meet the U.S. top 50 social influencers in risk, compliance and RegTech How sanctions screening can mitigate treasury risk Why third-party risk shouldn’t mean sleepless nights Risk technology: How to fix common frustrations with risk MiFID II progress summary report: Why there’s still work to do Risk technology: What’s driving new GRC investment? Tackling data overload with intelligent tagging How sanctions-proof is your Source of Wealth due diligence? Highlights from the Thomson Reuters London Risk and Compliance Summit