Web 2.0 Compliance

Regardless of the industry regulations an organization is subject to, most require member firms to be able to identify
employees, even if they use “buddy” names, control content that might be construed as advertising or advice and
archive all electronic communications. However, in practice not many firms are able log content posted to Facebook
or Twitter, let alone try to control the content of the actual message.
Within some industries this may even be taken a step further where creating ethical walls between business functions
is a required element of compliance. Complete, of course, with a full audit trail of who joined the “conversation”
and when, how long they stayed and when they left. Although the majority of these regulations are centered in
the banking, finance, healthcare and energy industries, most businesses are governed by a set of regulations that
demand that best practice be followed.

Just a snapshot of these regulations include: 

SEC Rules 17a-3 and 17a-4 and NASD rule 3110

Organizations must retain records of communications related to business.

Gramm-Leach-Bliley Act (GLBA)

Requires that the content of communications should be scanned for sensitive content that should not be sent in clear text – e.g., personally identifiable credit information; as well as content that should never be sent via public communications channels

FINRA Notice 07-59

Ethical walls requirement between research and investment banking departments

FRCP (Federal Rules of Civil Procedure)

Requires the storage of business records in whatever medium they may have been produced or stored. Email and IM are electronically stored information. Posts to social media sites must be preserved if reasonably determined to be discoverable.

Investment Dealers Association of Canada (IDA29.7)

Demands the retention of records with relation to business activities, regardless of its medium of creation.

MiFID and FSA Markets in Financial Instruments Directive (EU)

Specifically requires the retention of electronic communications conversations when trades are referenced.

FERC Order No. 717

The goal of this order is to create an ethical wall between the marketing and transmission functions of vertically integrated companies. Retain communications for 5 years. Plus, if communications takes place, it must be made public immediately.

CFTC & NFA Compliance Rule 2-29 Supervisory procedures for email and Web. NFA Interpretive Note 9063

If a Member or Associate hosts a blog, a chat room, or a forum where futures or forex are discussed, the Member or Associate is required to supervise the use of that community. This requires, at a minimum, that the Member or Associate regularly monitor the content of the sites it hosts, take down any misleading or otherwise fraudulent posts, and ban users for egregious or repeat violations.

Sarbanes-Oxley (SOX)

Businesses must preserve information relevant to the company reporting.

Leave a Reply

You must be logged in to post a comment.

Recent Posts

Blogroll

Partner Site