Investment firms and other financial institutions are subject to the strict recordkeeping and communication regulations laid out by both the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC). The goal of these regulations is to protect the industry and its customers—and both bodies are willing to impose hefty fines if they believe a firm has stepped out of line.
Unsurprisingly, these regulations include the information published on websites and social media accounts, both of which are client-facing platforms and a means for financial institutions to engage with clients and market their services. And make no mistake—FINRA and the SEC can request information to ensure regulatory compliance at any time, and if there’s a need for litigation, all relevant records will need to be produced in a defensible format. Unfortunately, the rules are complex, but failing to adhere to them can result in large fines, reputational damage, and potential loss of business.
SEC and FINRA’s Regulations on Archiving Websites
Rules 17a-3 and 17a-4 of the Securities Exchange Act (SEA) require brokers and dealers to keep records of all relevant documents for a set period of time. Given the nature of websites—and how they are used for marketing purposes—all content on websites is subject to the same regulations, including any updates, amendments, deletions or edits made to the site, which must also be preserved and recorded.
FINRA’s purpose is to protect the public from bad practices and fraud. FINRA Rule 2210 specifically deals with how firms need to communicate with the public and states that all communications, including content on a website, must be:
- Based on principles of fair dealing in the financial industry
- Balanced and fair
- A sound basis for appraising the facts about industries, products, and services
These are not obsolete regulations that the SEC or FINRA ignore. In fact, both bodies regularly audit the websites of financial institutions to ensure no claims promising specific investment outcomes are made—and when documents are requested, firms must be able to produce them.
According to SEC rules, documents must meet specific criteria, including:
- Records that are easily accessible
- They must be time-stamped
- They must be retained for at least six years unless otherwise specified in the regulations
- Duplicates should be kept in different locations
- Records must be stored in a way that cannot be erased or rewritten
SEC and FINRA’s Regulations on Archiving Social Media
First, it’s important to understand that even the simplest tweet can be considered advertising in the eyes of FINRA and the SEC. This is equally true of a Facebook post or a comment on LinkedIn. For this reason, all the book and recordkeeping regulations that apply to websites apply to social media too. In fact, both regulatory bodies have outlined very specific requirements for the archiving and storage of a firm’s social media data.
- Archiving any official posts that a firm shares online
- Archiving all comments and direct messages made through an official account
- Ensuring the information is easily accessible and archived on WORM storage. (For a deep dive into the SEC and FINRA’s WORM recordkeeping requirements, have a look at this blog post.)
Understanding What Needs to be Archived
FINRA’s Regulatory Notices 10-06, 11-39, and 17-18 build on Rule 2210, clarifying what kinds of communications firms need to archive from both their websites and social media channels. These include any communication with the public related to the business, any content relating to a firm's products, services, and more, and any conversations with clients via chat. In the context of websites, this means that any conversation via a chatbot running on a website would need to be archived. For social media, direct messages and responses to comments will also qualify.
Any ‘adopted’ or ‘entangled’ content that is user-generated but which a firm has either clearly endorsed, paid for, or linked to is also subject to the same archiving rules. For example, if a website links to third-party content, FINRA considers it ‘adopted’ and that content must be archived too. If an influencer or client posts a positive review on social media and your firm or an employee likes the post, reshares it or comments on it, it is also subject to the regulation, as is a broker’s electronic messages to a client.
Given how interconnected digital communications and platforms have become, and how many social media and electronic channels the average firm utilizes, this can quickly become extremely complex.
It’s important for financial firms and brokers to also understand that when it comes to archiving, where content is presented (such as a website) is less important than the content itself. However, all the content contained on a website falls under FINRA and SEC regulations – as well as any content that the website links to or the firm endorses. In fact, FINRA rules go so far as to say that you cannot link to content that you know contains misleading or false information. But what happens if changes are made after the fact? How can you prove that specific content was okay at the time you linked to it if you don’t have a time-stamped archive copy of it?
Always err on the side of caution. If a message relates to your firm’s products or services, make sure you archive it. If you link to it, archive it. And if any content is created through communications with clients, archive it.
The Importance of Archiving Website and Social Media Content
Not all methods of preserving content are created equal. For example, backups can be easily rewritten or erased, which is why they do not meet the SEC or FINRA’s criteria. Similarly, content management system (CMS) backups don’t embed the digital signatures required to prove data’s authenticity.
Screenshots are also problematic. First, they don’t capture anything beyond the screenshotted page, including linked content and edits. It’s also extremely easy to tamper with a screen capture and they don’t include metadata.
But why would you need to archive content? As we’ve unpacked, from a regulatory perspective, you need to be able to produce any content that is subject to FINRA and the SEC’s regulations should they request it.
The SEC also regularly brings legal proceedings against organizations for non-compliance and the only way for a firm to defend itself is to produce defensible documents proving compliance.
A firm might also find itself at the wrong end of litigation, defending against a client who feels wronged or claims of false advertising. In each case, access to defensible documents archived in the correct format will be crucial.
Another major consideration is monitoring for data loss prevention (DLP). While no organization plans to share sensitive information over direct messages on platforms such as Twitter or Facebook – particularly given personal data protection laws such as the Data Protection Regulation (GDPR), it does happen. Monitoring for DLP at all times can rectify any accidental disclosures.
Working with an Archiving Technology Partner
The SEC and FINRA’s regulations are complex. This is complicated further by the ever-changing nature of digital platforms like websites and social media platforms. It’s almost impossible to remain completely compliant without partnering with an archiving vendor experienced in these regulations. This will keep your firm up-to-date on FINRA and SEC compliance, and ensure total peace of mind thanks to an automated solution.
Automated website archiving is a better solution to meet recordkeeping needs under FINRA and SEC rules, because this technology offers more complete archiving of your communications.
Website archiving overcomes the limitations of manual recording and screenshots by allowing your records to expand beyond the page. That means all captured information is placed within the full context of your website at that particular point in time.
Effective preservation tools also exist for capturing content on third-party websites and social media pages.
Automated web archiving helps you create better, smarter records. You’ll benefit from:
- Automated archiving that allows you to ‘set it and forget it’
- A sophisticated dashboard to search and export what you need
- A public portal that gives auditors easy access to what they need
- More complete records of your communications
- Defensible records that prove compliance
The right technologies can also help you keep your records in the right format. Sticking to a schedule and even removing records that have expired is much easier when you have the right technology on your side.
Want to learn more about SEC/FINRA recordkeeping related to websites, social media, team collaboration tools, and mobile text messages? Download our comprehensive guide now!