The recent price volatility in shares of companies like GameStop and AMC Entertainment Holdings has raised new regulatory issues that compliance officers simply must be aware of moving forward. While this market activity has generally been attributed to retail traders acting collectively via forums on Reddit, YouTube, and other platforms, newer reports suggest that Keith Gill, a registered securities agent in Massachusetts, might have been leading the charge when the GME short squeeze sent prices surging.
The Financial Industry Regulatory Authority has shared several regulatory notices advising member firms to be aware of employee social media activity that could be in violation of its rules. In addition, the Securities and Exchange Commission recently issued a new marketing rule intended to reflect the evolution in technology, communications, and how investment advisers promote and advertise their offerings.
The GameStop stock scenario highlights the challenges that most firms face when it comes to monitoring employees' social media habits.
Most firms have policies that generally bar employees from discussing company activities online and conducting securities-related business on social media. Beyond that, however, companies seem reluctant to devote resources to monitoring online activity that might take place on forums, blogs and more obscure online channels. And yet, Gill was operating primarily on Reddit and YouTube, two of the most popular social platforms on the web. He was essentially conducting securities-related work to his own benefit in plain sight. Only it seems as though no one bothered to look.
Considering the Context
Gill was a part of the r/wallstreetbets subreddit, where the GameStop short squeeze began. His past comments on the forum provide some context for the nature of his engagement. In October 2019, well before the GME squeeze and subsequent media attention, he posted a photo of his GME positions and responded to another user’s comment with: “Yea I see short interest of roughly 75% of the float. I simply can’t understand that level of conviction in the bear thesis. It’s insane.”
It’s probably impossible to prove any motive on Gill’s part to engage in a pump-and-dump scheme, but what’s important here from a compliance perspective is that this commentary falls under FINRA's rule on communications with the public. And as we've seen from the GameStop situation, communication with the public can influence public markets. At what point, then, can communication with the public be considered outside business activity as well? That’s a question worth exploring as social media is only becoming more prevalent, especially as a forum for financial discussions.
If a broker sets up a blog, YouTube channel or Reddit account, compliance teams must examine the motives behind the communications channel. If it’s a public channel clearly set up as a forum to discuss capital markets and investment opportunities—which are plainly related to a broker’s day job—a company would be expected to monitor that activity.
In a perfect world, Gill would have approached the compliance team at his employer to notify them of his online accounts and their collective purpose. At that point, his firm would have instituted a process for monitoring his activity, which would have raised new challenges.
It’s easy to write policies that ban communication with the public about markets or securities without appropriate prior approval, and it’s easy to make supervisors responsible for ensuring appropriate usage of channels like email and company chat applications. But it’s much harder to monitor all employee activity on all online channels all the time. So what should firms be doing?
More Questions than Answers
If you’re leading a business with more than a handful of employees, simply allocating more human labor hours to employee surveillance will ultimately be insufficient. Instead, firms need automated surveillance processes and new disclosures that account for the proliferation of social media as a financial forum.
Many firms have policies in place specifically regarding LinkedIn, but few have taken the next step asking employees to disclose Reddit, YouTube or Instagram accounts, which could be outlets for conducting outside business activity. This isn’t necessarily surprising. The phenomenon of throwaway accounts, which individuals create for one-time use on sites like Reddit for the express purpose of remaining anonymous, creates a compliance nightmare. Even with the most sophisticated machine learning tools and employee workflows, how do you match an employee with an anonymous account that has no paper trail leading back to them, without monitoring their personal devices?
Regulators will always be a step behind when it comes to creating universal guidelines that account for technological evolution, so it’s up to individual firms to initiate policy changes to protect market integrity. That’s a tall order, and it’s possible that requiring disclosure around semi- or fully anonymous accounts could be the next logical step. Will that be enough? Or is that an overstep of freedom of speech and the privacy rights that frameworks like Europe’s GDPR and California’s CCPA are designed to protect?
At the end of the day, every firm has foundational elements related to its products and services, employees, and customers that should ultimately dictate the way it assesses market risks and seeks to mitigate them. It’s still unclear how companies should be fine-tuning policies to account for social media communication that might constitute outside business activity, as the phenomenon is still quite new. What is clear, as the GameStop frenzy has proven, is that social media can be a real market driver.
With that in mind, firms must begin requiring periodic certifications from employees, instituting random manual, or more sophisticated, surveillance, and conducting regular employee compliance training around emerging issues.
Taking any of these actions represents an appropriate first step to aligning internal policies with the new era of tech-enabled communication that allows individuals—who may just happen to work at your firm—to move markets. The next step is yet to be determined.
Steve Brown is the head of business development for StarCompliance..