Curbing Outside Business Activity Risk In The Age Of The Finfluencer

MassMutual has been fined $4 million for the outside business activity, a.k.a., social media influencing, of one its employees—Keith Gill of r/wallstreetbets fame. Longtime compliance veteran and Head of Business Development for Star Steve Brown breaks it all down and offers advice for reducing this emerging kind of OBA risk

On August 20, 2021, StarCompliance published a piece on WealthManagement.com titled: The GME Short Squeeze: A Case For Adjusting Online Communications Monitoring? Following are two key passages:

• “The recent price volatility in shares of companies like GameStop and AMC Entertainment Holdings has raised new regulatory issues that compliance officers simply must be aware of moving forward. While this market activity has generally been attributed to retail traders acting collectively via forums on Reddit, YouTube, and other platforms, newer reports suggest that Keith Gill, a registered securities agent in Massachusetts, might have been leading the charge when the GME short squeeze sent prices surging.”
  
  
• “Most firms have policies that bar employees from discussing company activities online and conducting securities-related business on social media. Beyond that, companies seem reluctant to devote resources to monitoring online activity that might take place on forums, blogs, and more obscure online channels. Yet Gill was operating primarily on Reddit and YouTube: two of the most popular social platforms on the web. He was essentially conducting securities-related work to his own benefit in plain sight. Only it seems as though no one bothered to look.”

This was written over the summer, when the r/wallstreetbets subreddit controversy was in full swing but financial services firms didn’t know what to make of it yet. Or maybe they didn't fully understand what the implications would be of having one of their own employees moving the market via personal activity on a social media channel. Recent news about Gill and the GME short squeeze should make the implications perfectly clear.

ROARING KITTIES AND FINFLUENCERS
On September 16, news broke that Massachusetts securities regulators reached a $4 million settlement with MassMutual to resolve allegations that it failed to supervise its agents, among them the social media persona Keith Gill, a.k.a., "Roaring Kitty", whose online posts on the r/wallstreetbets subreddit helped spark January's trading frenzy in GameStop shares, and who was one of the early commentators in the GameStop price run-up. Massachusetts regulators continue to investigate Gill.

In July, FINRA CEO Robert Cook said that a sweep related to finfluencers was coming. The sweep, Cook said at the time, would focus on “how firms supervise activities and communications related to paid social media influencers.” On September 17, FINRA followed through on its promise and announced it would be conducting a sweep of broker-dealer practices related to the acquisition of customers through social media channels. The sweep will probe firms on how they “manage their obligations related to information collected from those customers and other individuals that may provide data to firms.”

SENSIBLE FIRST STEPS TO TAKE
Reiterating the idea of setting policies and monitoring for OBA of this novel nature, StarCompliance suggests that firms should consider:

1. Obtaining periodic certifications from employees attesting to what kind of OBA they are or aren’t involved in. Certifications remain a key component of any successful compliance program. At the very least, firms are putting people on record—and on the spot—in a very formal and ultimately legally binding manner.
   
   
2. Conducting regular training around emerging compliance issues, like finfluencing, which goes hand-in-glove with issuing certifications. Firms will be bringing awareness to the employee population about what is and isn’t acceptable, or what’s popping up as areas of concern for the firm.
   
   
3. Conduct periodic social media searches to identify potentially unreported activities.

Taking these simple actions represent appropriate first steps to aligning internal policies with the new era of tech-enabled communication that allows individuals—who may be employed by the firm—to move markets.

WHAT FINRA EXPECTS FROM FIRMS
We believe regulators will expect firms to implement more proactive processes when it comes to monitoring employee activities of all kinds, including outside business activities, private investments, and social media content. As a reminder, FINRA expects firms to consider if the OBA in question will:

• Interfere with or otherwise compromise the employee’s responsibilities to the firm and/or its clients
• Be viewed by the client or the public as part of the firm’s business
• Be characterized as an outside business activity or private investment

Firms should be mindful of these key considerations when they review proposed outside business activities because, once the activity is deemed permissible, the firm must provide ongoing monitoring. It may be helpful for firms to evaluate these activities from the perspective of the client. Could the client possibly perceive the activity as being associated with the firm in a negative manner? If the answer is yes, consider imposing restrictions or denying the request to engage in the OBA. Firms should also consider:

• Closer supervisory monitoring
• Updating their WSPs
• Training supervisors to be alert for behavior that is counter to firm policies and procedures
• Incorporating topics surrounding outside business activity in new employee training
• Reviewing employee onboarding and processing procedures
• Reassessing questions asked during periodic certification processes
• Querying their employees on outside activities more often
• Making reporting easier via good software user-interfaces
• Tying all these controls together with e-comms monitoring

OBA MEETS THE MODERN AGE
Finally, here's a highly informative and timely white paper from the Financial Services Institute called, aptly enough, Outside Business Activities. Published in 2017,  the information contained therein is still fresh and relevant to what we’ve been talking about here. Some of the highlights include:

• The many obvious and not-so-obvious things firms need to consider when reviewing OBA requests
• Exactly when OBAs need to be supervised by firms
• Considerations for firms to incorporate into their training and WSPs to surface undisclosed activities
• The difference between treating conduct as an OBA instead of a private securities transaction
• What happens when you fail to supervise for compliance with FINRA Rule 3280

Outside business activity may perhaps have been seen as a sideline effort for compliance until this point: not in the same league, in terms of risk, as personal trading, insider trading, gifts and entertainment spending, etc. The meme-stock phenomenon—as best exemplified by the MassMutual situation, in addition to the heightened focus on conflicts of interest over the past 10 years—has clearly shown that OBA has taken a radical turn, and must be taken as seriously as anything else compliance currently has on its plate.

HOW STARCOMPLIANCE CAN HELP
Star has an Outside Business Activity product—part of its employee conflicts monitoring suite—that keeps compliance in the know on outside activity. You’ll stay informed with easy declarations, accelerate decisions with pre-clearance, and prove regulatory rigor with capabilities that let you collate employee data into certifications. You’ll also get an in-app, 360-degree view of employee activity with our comprehensive reporting and analytics tools. As new threats in the financial services sector continue to emerge, Star is here to support your compliance team as they face new challenges, and ensure clients are prepared for whatever unexpected form risk takes.