The SEC finally issued loose social media guidelines for investment advisers Wednesday. The regulator has long been criticized for its failure to create any kind of regulatory framework for firms and advisers who want to participate on sites like Facebook and LinkedIn, as many of them feel they need to establish a presence there. Some investment advisers were happy to get a little direction from the regulator, but there are still plenty of gray areas.

One area in which the SEC offered some needed clarity is what might consist of a prohibited client testimonial (under advertising rules in the Adviser Act of 1940): If the public is invited to “like” an investment adviser’s biography on a social media site, or uses other plug-ins that represent “an explicit or implicit statement of a client’s experience with the investment adviser,” this could be considered a testimonial, the SEC wrote. On Facebook, for example, individuals can create fan pages with information about themselves and periodic posts, and other users must “like” these pages in order to follow them. LinkedIn also allows one’s connections to write “recommendations” for them, which could be another concern of the regulator. Some advisors are disappointed by the provision given that drumming up new business is all about referrals in the advisory world.

But in general, the SEC guidelines leave a lot up to the firms. For instance, the SEC says firms should consider their fiduciary duty and other regulatory issues when offering investment recommendations, information on its investment services or its investment performance via social media, but doesn’t get more specific than that as regards the kind of content that can be posted. The SEC also suggests firms should use a risk-based approach to determine whether they should monitor their social media use on a periodic or daily basis, or in real time. But what kind of risk-based approach? Meanwhile, monitoring social media postings in real time would likely become prohibitively expensive pretty quickly.

“Companies don’t have the time or resources to monitor social media in real time,” said Patrick Burns, managing attorney in the law offices of Patrick J. Burns, Jr., P.C. in Beverly Hills, Calif. “I just talked to a client. Some of social media forums he outright prohibits for business use—no Facebook, just LinkedIn.”

Confusing Overlap

More generally, the SEC wrote in its guidance that it has been reviewing IA social media policies and found a lot of confusing overlap with policies that apply to advertisements, client communications and electronic communications. Some firms do not specifically address what kinds of social networking is permitted or prohibited, the SEC noted. The regulator also pointed out that several provisions of federal securities laws already apply to social media use, including antifraud provisions, compliance provisions and record-keeping provisions.

Up until now, RIA firms have been taking their cues from FINRA, which issued guidelines in January of 2010 that require broker/dealers to keep records of social media correspondence. FINRA had been considering requiring brokers to make regulatory filings about their social-media postings, but withdrew that proposed rule last week after receiving reams of negative comment letters.

Regulating by Enforcement

Some industry observers have complained that the SEC could end up regulating by enforcement—in other words, charging firms with violations first, writing specific rules governing those violations later. In fact, the SEC filed some of the first ever charges against an investment adviser for a social media scam also on Wednesday, as well as an investor alert and an investor bulletin to help consumers avoid social media fraud.

But the charges themselves don’t offer much regulatory guidance beyond the obvious: don’t make stuff up, don’t lie to the SEC and investors. The SEC’s Division of Enforcement alleges that Anthony Fields of Lyons, Ill. offered more than $500 billion in fictitious securities on multiple social media sites through his two sole proprietorships—Anthony Fields & Associates (AFA) and Platinum Securities Brokers. For example, he used LinkedIn discussions to promote fake “bank guarantees” and “medium-term notes.” Fields also provided false and misleading information about AFA’s assets under management, clients and operational history through its website and in SEC filings and failed to maintain books and records and compliance policies. Plus, he held himself out to be a broker/dealer although he was not registered with the SEC.

“At least now people are officially on notice that they’re looking at the social media sites and have to be careful, that they have to pay attention to what employees are posting out there,” said Burns. “But this is a fraud case, so it’s not as informative as it could have been. If you see a case where a firm has 150 employees using social media and no policies in place that will be interesting. But most of the big firms already have stuff in place.”

Writing Rules

The SEC laid out a number of areas that investment adviser firms should pay attention to when writing rules for social media. These include conflicts with other compliance policies, usage guidelines, content standards, how to monitor the firm’s social media sites or use of third-party sites, how frequently social media content is monitored, whether content will be pre-approved, or approved after the fact, and what kinds of resources are appropriate to adequately monitor social media use. Firms should also be aware of how certain social media sites function and whether using them would violate any existing securities laws, like client privacy regulations.

In addition, the SEC suggests that firms set criteria for those advisers who will be allowed to use social media, establish training requirements and consider certification requirements. Finally, firms might want to consider regulating what kind of content can be posted on “personal” third party social media websites, whether giving its investment advisers access to social media sites poses and information security risk.

Firms should also ensure that they have relevant records of social media communications that are easily accessible for at least five years. It also suggests periodic test checking (using key word searches or otherwise) to determine whether employees are complying.

Diminishing Returns?

A recent survey by Aite Group suggests that investment advisers are finding social media less useful today than a few years ago.