No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Social Selling Creates SEC Compliance, Security Demands for Financial Advisers

Social media remains popular way to reach customers, but risks are greater in finserv

by Chris Lehman
May 10, 2023
in Cybersecurity, Financial Services
social risk business

Social selling gives financial advisers an effective way to connect with potential clients and build a rapport with them as a way of generating new customers, but it also comes with compliance requirements that, if not managed properly, can become burdensome and potentially costly to a firm. SafeGuard Cyber’s Chris Lehman digs into the SEC’s rules and shares advice for how advisers can grow their influence while remaining compliant.

Social media, where people spend a lot of their time, provides a natural avenue for building relationships with prospective customers because it offers channels for direct communication. And using social media this way gets results. According to research by LinkedIn, social selling leaders generate 45% more leads than peers with a lower social selling index, and 78% of social sellers outsell those who don’t use social media.

However, the opportunities created by social selling come with risks and responsibilities, most notably the reporting requirements included in the SEC’s update of the Investment Advisors Act governing investment adviser advertisements and payments to solicitors. It expanded its definition of an advertisement to include social media marketing and set strict rules for recordkeeping. The law also has teeth in the form of fines and other actions, as several banks and other institutions have discovered since the changes began taking effect in 2021. As of November 2022, the SEC’s reforms are fully enacted.

In addition to compliance requirements, social selling also amplifies security risks. It further expands an organization’s attack surface, offering threat actors new opportunities for spear phishing, accounting takeovers and other attacks that threaten investment advisers’ data, reputations and business.

Investment advisers should take heed. Social selling offers a wealth of potential benefits, but advisers need to ensure they are following safe security practices to protect themselves, their data and their clients. 

cybersecurity abstract fingerprints
Cybersecurity

SEC Proposes Slate of New Cybersecurity Regulations. Is Your Firm Ready?

by Baker Donelson
May 3, 2023

The SEC is continuing its focus on cybersecurity regulations by announcing three new proposed rules and re-opening the comment period on an additional proposed rule from last year.

Read moreDetails

The benefits of social selling

Social media is increasingly where people spend their time online. Recent research by GWI found that social media use now accounts for 38% of users’ time spent online worldwide. In fact, while people overall are spending less time on the internet, social media use has increased by 2% (more than 3 minutes) so far in 2023. The average user spends about 2.5 hours on social media, which is 30% more time than they spend watching traditional TV.

The environment is ripe for a strategy of social selling, which is more than just flooding people with tweets or DMs or merely adding names to a contact list — in fact, broadside approaches have been found to drive people away. Social selling is an attempt to connect on a personal level, to build a relationship with prospective customers that can lead to doing business together. Research shows that 70% of Americans are more likely to trust people they know, rather than brands or the general pollution — and in financial services, 48% of retail investors trust their financial advisers because of the technology they use.

SEC sets fine-grained requirements

The amendments to the Investment Advisors Act were an attempt by the SEC to keep pace with the realities of modern communications, and a key element of the reforms is a redefinition of what constitutes an advertisement. Under the reform, communication via social media is considered an ad if it includes a hypothetical performance marketing of services. Most important in terms of social selling, it counts as an ad even if it’s made to one person.

The only exception would be if a message is sent in response to an unsolicited request, or if it’s made to a prospective or current investor in a private fund. For the most part, however, communications made individually to potential customers via LinkedIn, WhatsApp, Facebook, Telegram, Twitter or any other social media platform are considered advertising.

What gives that rule weight are changes the SEC made to recordkeeping under the act — specifically, that investment advisers need to make and keep records of all of their advertisements, including those covered in the new rules.

Failure to comply with rules on social media use and recordkeeping can incur serious consequences, regardless of whether they deal directly with social selling. A Mutual Life Insurance subsidiary in Massachusetts was fined $4 million as a settlement after an investigation into their employees’ social media and trading activity. The SEC also has carried out a $200M enforcement action against one of the largest banks relating to records preservation requirements. And in September 2022, the SEC announced charges against 15 broker-dealers and an affiliated investment adviser for failure to maintain and preserve electronic communications. In total, the firms agreed to pay more than $1.1 billion in penalties.

It’s also important to keep in mind that other rules regarding advertisements, such as disclaimers, can apply to direct communications. Pharmaceutical company Duchesnay received a warning letter from the FDA after Kim Kardashian posted an item about the company’s morning sickness drug while neglecting to mention its side effects.

The need for a centralized digital archive

In addition to being aware of how to conduct advertisements via social media, firms should consider adopting a centralized digital archive for their communications.

The SEC reforms require that, “investment advisers must make and keep records of all advertisements they disseminate.” And although it doesn’t identify any methods for how records should be kept, it does stipulate strict requirements for availability. Records should be kept, “in an easily accessible place for a period of not less than five years,” the rule states, adding that for the first two years, records must be kept at an appropriate office of the investment adviser.

To meet these requirements, it would be wise to centralize your digital archive that would contain all adviser’s social selling activity and be easily searchable if the need crops up for legal or enforcement reasons. A centralized archive with automated tools can manage hundreds of social media accounts, scaling with the size of the firm, and identify scores of risk factors, such as those relating to SEC regulations (or those in other countries), personally identifiable information (PII), high-pressure sales tactics or customer complaints.

Security risks of social selling

Compliance requirements can give investment advisers plenty to keep track of, but they also cannot ignore the security implications of social selling. Making greater use of social media platforms, which have varying privacy and security protections, can open firms to a number of attack vectors that abound in the cyber threat landscape. Among the most common affecting social selling are the following:

  • Account takeovers
  • Spear phishing and data loss
  • Malicious content

Take a proactive approach

Shoring up security on your social media activity and complying with the SEC’s rules on archiving requires a thorough, proactive approach.

Investment advisers should start by gaining visibility into social media assets, which remain invisible to most security teams. The amount of information gathered will vary depending on the size of an organization, but it’s important to be aware of every social media channel being used and how they are being used. Monitoring that use is important for identifying compliance risks as well as security risks, from signs of account takeovers to activity by imposter brands that could harm your reputation.

A robust security solution will scan both the surface and the deep/dark web for imposter social media accounts, as well as monitor, detect, flag and quarantine compromised social media communications. Real-time detection of risks can allow for a quick response, limiting any damage.

Automation is a key part of any solution because of the sheer scale of social media. The number of channels and users is too great for administrators, security teams or anyone else to keep up with manually. Yet the speed of social media — where damage can be done and reputations harmed in a matter of minutes — requires real-time monitoring and response.

User training also is important. Educating users on how to spot phishing and social engineering tactics can help stop some attacks before they get started. Advisers also should be clearly aware of the risks of disclosing too much information in a public setting (even a one-on-one communication).

Conclusion

Social selling has delivered such clear advantages to its avid users that the rest of the field are sure to follow. As it continues to grow as a core business tool, compliance requirements and security threats will follow. With the SEC’s new rules now applying to advertising made to individual social media accounts, investment advisers need a centralized, automated digital archive that can help manage activity and meet compliance rules. Meanwhile, a comprehensive, proactive approach to securing social media activity is necessary for firms to protect their data, reputations and business dealings.


Tags: Cyber RiskSECSocial Media Risk
Previous Post

What ‘Succession’ Gets Right (and Wrong) About Business Continuity Planning [Spoilers]

Next Post

Electric Vehicle Charging Stations: Unexpected Target for Cyber Attacks?

Chris Lehman

Chris Lehman

Chris Lehman is CEO of SafeGuard Cyber. A seasoned senior executive with more than 20 years of experience working for some of the highest growth and most successful technology companies in the world, he previously was chief revenue officer for ExtraHop.

Related Posts

sec building sign

What to Expect From Atkins-Led SEC

by Jaclyn Jaeger
May 6, 2025

Former Bush-era commissioner returns with mission to streamline regulations and enhance capital markets

news roundup green bars

In-House Counsel Salary Increases Slow

by Staff and Wire Reports
May 2, 2025

Majority of execs predict rise in fincrime in ’25

data abstract green purple

66% of CISOs Worry Cyber Threats Are More Advanced Than Companies’ Defenses

by Staff and Wire Reports
April 25, 2025

US business sector falling behind in adoption of renewable energy

robot hand pointing to sky

Agentic AI Can Be Force Multiplier — for Criminals, Too

by Steve Durbin
April 21, 2025

How polymorphic malware and synthetic identities are creating unprecedented attack vectors

Next Post
electric car charging california

Electric Vehicle Charging Stations: Unexpected Target for Cyber Attacks?

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights