FCA consultation on social media and financial advice tackles complex issues, say experts

Out-Law Analysis | 01 Oct 2014 | 11:05 am | 6 min. read

FOCUS: Regulator the Financial Conduct Authority (FCA) is aiming to provide welcome guidance on a complicated area that innovative investment product providers will have to get right – social media.

The FCA is seeking views, until 6 November, on the regulatory implications of financial promotions made in a social media context. In its consultation document the FCA has sought to provide practical guidance in helping firms draw the line between financial promotions – invitations to engage in financial activities, and other forms of online communication. The existence of this consultation may explain why so little attention was given to social media in the retail investment advice guidance consultation.

The FCA’s social media consultation is not only relevant to financial promotions, but also may have relevance to the discussion of what constitutes financial advice. Its views on what amounts to influence and persuasion in the context of financial promotions are worth considering when assessing whether or not digital information presented has the potential to influence a customer’s decision to enter into an online transaction. Therefore even firms that do not intend to actively engage with social media should be aware of the content and outcomes of this consultation.

In respect of this consultation the regulator has already been criticised for not providing more clarity as to the circumstances in which a communication in a social media context may be considered a financial promotion. In our view however, this criticism may be overstated. Erring on the side of taking a principled-based approach, in the consultation the FCA avoids the danger of setting out prescriptive rules that may too quickly become outdated or unsuitable as innovative technologies progress.

In terms of practical assistance, the FCA has highlighted at least 10 matters for firms to consider when communicating through social media:

  • character limitations: the impact of limiting characters per communication, such as the 140 character limitation imposed by Twitter, on compliance with both the high level ‘fair, clear and not misleading’ rules and other sub-sector specific rules need to be addressed. The FCA has said that the use of the hashtag #ad to help consumers identify that “a promotion is a promotion” may in some circumstances be an appropriate response to addressing the risk of non-compliance.
  • ‘advergames’: financial businesses need to assess whether any entertainment applications also contain promotional messages.
  • personal communications: communications made by senior persons in the business and whether their personal views are clearly sign-posted as ‘not made in the course of business’, should be monitored, even when made from personal accounts.
  • non-intended recipients: the impression a social media communication could have on a non-intended recipient, for example, after re-tweeting or re-posting of a Facebook page, blog or other social media communication, must be considered.
  • links to more information: the effectiveness of linking to more comprehensive information and the FCA’s preference that firms use ‘image advertising’ where a link would be inadequate as a risk warning need to be assessed.
  • benefits and past performance: there is a need to avoid over-emphasis of benefits and past performance particularly where character limitations apply.
  • prominence rules: the importance of the FCA’s existing prominence rules should be taken into account. Firms should be able to demonstrate that they have thought about factors such as target audience, nature of the product being advertised and “likely information needs of the average recipient”.
  • dynamic banners: standalone compliance in the context of dynamic banner advertisements that flicker between promotions and risk warnings need to be met.
  • infographics: using infographics as images in communications to address character limitation concerns may be a way to address compliance concerns.
  • re-tweeting: the consequences of sharing communications of others must be considered. The FCA highlighted that firms will bear responsibility if they re-tweet a customer’s tweets.

The FCA has identified social media compliance as one aspect of its overall approach to advancing its regulatory objectives, which in some circumstances it intends to address through the use of enforcement powers. Therefore in addition to its close relation to the advice guidance consultation, firms have good reason to revisit their approach towards social media compliance.

Further rules for both advice and other digital services and communications

Whether providing financial advice or communicating via social media, businesses operating in the financial services sector need to ensure that they comply with all applicable online, data and communications laws.

Any business engaging with a customer online for financial products or services must comply with EU laws that set out common standards for information to be given to consumers before any contract for a financial product or service is entered into. This information should include details about the firm itself, the service provided, the online contract formed and means of dispute resolution. These laws also provide consumers with withdrawal rights in some circumstances.

Data protection laws must be met. Risks arise particularly where information has been gained in one context and the firm intends to use it for another. Dealing with these risks is best achieved by being transparent as to the current and future intended uses of data. The current data protection regime does not however, require that businesses obtain consent from each customer to use their personal data in all instances. If a financial business can identify a legitimate business interest that does not ‘override’ their customers’ ‘fundamental rights and freedoms’, including data privacy, they may be able to use that person’s data without their consent. Where data is to be used in a context that could lead to an adverse inference being drawn about a customer however, in general, the expectation of most regulators is that consent must first be obtained.

The Article 29 Working Party, a representative body of data protection regulators across Europe has provided recent guidance on the issue of the circumstances in which data can be used for purposes to which the persons to whom they relate have not consented. Unfortunately, the opinion gave little in the way of practical steps that businesses can take to determine when a business interest will override a person’s right to privacy. It does however state that where there is “a risk of damaging the reputation, negotiating power, or autonomy of the data subject” it would be difficult to demonstrate that a business’ legitimate interests overrode those of a customer. Businesses looking to use data about customers generated in the contexts of either providing online advice or social media need to be aware that their ability to do so is limited if specific consent has not been obtained for the purpose for which the data are intended to be used.

Businesses operating in the financial services sector must also consider the impact of the Privacy and Electronic Communications Regulations (PECR) when engaging with existing and potential customers online. Among other things, PECR permits unsolicited email and online communications to be sent only in limited circumstances, the broadest of which is where a prior relationship between the sender and the recipient of a communication can be established. PECR provides that for a prior relationship to be established the recipient’s contact details must have been obtained “in the course of the sale or negotiations for the sale of a product or service” and that the communication must relate to “similar products and services only”. While the Information Commissioner’s Office’s guidance indicates that “[i]t is enough if ‘negotiations for a sale’ took place” and that “[t]he customer does not have to have bought anything to trigger [a] soft opt-in”, a recent lower court decision has cast doubt on the reliability of this guidance in the context of web communications.

In a decision against John Lewis one lower court recently found that browsing a website, registering an email address and not un-ticking a pre-ticked box (a soft opt-in) were not sufficient circumstances to establish that negotiations for the sale of a product or service were taking place. John Lewis has confirmed that it will not appeal the decision as the damages awarded were trivial. But the decision highlights that uncertainty remains as to the effectiveness of common website practices such as pre-populating product forms and soft opt-in mechanisms when communicating with clients online. What is clear though is that marketing on the basis of an opt-in mechanism that attempts to cross-sell products or services that are not similar to those that a client has already purchased or is considering will almost always be ineffective in meeting the PECR requirements.

These are of course, only a few examples of a vast array of laws that businesses must take into account when engaging with a customer online.

John Salmon and Luke Scanlon are technology and financial services experts at Pinsent Masons, the law firm behind Out-Law.com. This article first appeared in a white paper by Pinsent Masons addressing different aspects of the FCA's consultation.

This article first appeared in a white paper by Pinsent Masons addressing different aspects of the FCA's consultation. You can also see our analyses of retail investment advice; 'Project Innovate';  digital technologysocial media and financial advice, the barriers to simplified advicepensions product advicethe FOS as a barrier to innovation, and local authority duties to advise on social care funding.