FCA Finalises Updated Guidance On Financial Promotions Via The Social Media

The FCA has finally finalised its updated guidance on financial promotions via the social media, basically confirming the draft on which it consulted in July 2023.

Perhaps the only real changes are to clarify where a foreign promotion may be capable of having an effect in the UK and so be subject to the UK restrictions.

The finalised guidance explains:

• what a financial promotion is
• the various financial promotion rules and where they apply
• the need for each communication to be 'standalone compliant'
• certain information must be given 'prominence'
• where the social media may or may not be suitable for financial promotions
• restrictions on high risk investments
• certain prescribed risk warnings
• marketing strategies in the context of the consumer duty, sharing/forwarding promotional communications and affiliate marketing
• restrictions on the use of influencers and social media platforms.

This post summarises the FCA's proposed new social media guidance for information purposes only. If you require legal advice, please get in touch.

FCA Updates Social Media Guidance To Cover Crypto, New Platforms And Influencers

Hard on the heels of the EU adding a chapter on online marketing of financial services (including 'dark patterns' and influencers) to the Consumer Rights Directive, the UK's Financial Conduct Authority is also updating its 2015 guidance on financial promotions in the social media to address influencer marketing. This post summarises the FCA's proposed new social media guidance for information purposes only. If you require legal advice, please get in touch.

In substance, the FCA's guidance remains the same but adds specific guidance on 'new' design features and channels, such as influencers; and explains the impact of the new Consumer Duty.

The core principles of the FCA's view of social media remains, of course, that financial promotions must be fair, clear and not misleading as well as "standalone compliant": each stage of a financial promotion must comply with the financial promotion rules relevant to the type of business being promoted. Certain features of the social media have always raised issues, whether it be character limits, small or scrolling banners: 

When assessing the compliance of a promotion that is viewed via a dynamic medium (such as Instagram stories), we assess the promotion as a whole and take a proportionate view based on the number of frames and where information about risk is displayed within the promotion. To meet our expectations regarding prominence, firms should aim to display the key information about risk upon a consumer’s first interaction with the promotion and the warning should be displayed for a sustained period.

Complex services, like debt counselling may not lend themselves to social media promotion at all.

Use of memes may also be inappropriate or impracticable, given the nature of the invitation or inducement in the meme and/or the need for risk warnings and other information to be prominent and 'balanced'.

The Consumer Duty raises fresh considerations:

Firms advertising using social media must consider how their marketing strategies align with acting to deliver good outcomes for retail customers. All the cross-cutting rules will be relevant to social media promotions, and firms should take into account how promotions that do not support consumer understanding may cause consumers to buy products that are unsuitable for them, leading to foreseeable harm... 

Firms’ communications should support and enable informed decision-making, equipping consumers with the right information in a timely way. Firms must also consider how they tailor communications to account, for example, for the likely audience on social media and the features of different platforms.

Firms remain responsible for any original non-compliance, even if a promotion is forwarded or shared (whether as part of a formal affiliate programme or by random recipients). This can itself trigger a breach of financial promotions rules (e.g. forwarding to the wrong type of investor). For that reason, the social media may not be an appropriate channel at all.

And just because somebody 'likes' an ad or 'follows' the firm in the social media does not mean they are no longer protected from 'cold calling':

...a financial promotion is likely to be non-real time if it is made or directed at more than one recipient in identical terms, creates a record which is available to the recipient at a later time, and is made by way of a system which in the normal course does not enable or require the recipient to respond immediately. This means channels like live-streams or gaming steams are likely to be considered a non-real time promotion and be subject to the full scope of our financial promotion rules.

A specific chapter of the guidance covers influencers, who have also been the target of the Advertising Standards Authority.

This post summarises the FCA's proposed new social media guidance for information purposes only. If you require legal advice, please get in touch.

Had Enough of GDPR? Then Try The ePrivacy Regulation!

My radio silence of late has been mainly due to reviewing a flurry of privacy policies and data sharing agreements in anticipation of the General Data Protection Regulation taking effect on 25 May 2018 ("GDPR Day"). But the noose is tightening further on the data hungry social network services with additional regulations to cover e-communications and the data on your device, regardless of whether it's personal or non-personal.

As the European Commission has recently explained in a handy "factsheet", the Regulation on Privacy and Electronic Communications ("ePrivacy Regulation") is also wending its way through the EU legislative process (latest text here). 

This will extend current ePrivacy rules to cover not only cover traditional telecoms providers but also internet-based voice and messaging services, such as Skype, WhatsApp, Facebook Messenger, Gmail, iMessage and Viber. 

The new regulation covers electronic communications and the integrity of the information on your device, regardless of whether it's personal data or non-personal data. It creates a right to the privacy and confidentiality of communications, and dictates that mobile apps or internet services through which you communicate cannot intercept, record, listen into, or tap in your communications. 

Meanwhile, the GDPR covers all personal data independently of how it is transmitted and defines rights for personal data protection.  So there is overlap with the ePrivacy Regulation. 

This means when communications include personal data, the general rules of the GDPR apply, unless the ePrivacy Regulation lays down more specific rules.

 

FCA Goes Social

The Financial Conduct Authority has made a huge effort to shrug off the image of its predecessor, and its latest guidance on social media and customer communications is another case in point. The FCA goes to far greater lengths than the FSA to understand the activities that it's regulating, and it has properly recognised the benefits to firms using the social media, not just the risks. There are some big concerns in here. But overall it's a helpful steer on how to market financial services in the social media, rather than just another regulatory minefield.

Now, about those 'big concerns'...

The word "consent" does not appear in this document. Nor do the words "data protection". The word "privacy" appears once, however, in a footnote which helpfully refers to the Information Commissioner's guidance on Direct Marketing. That's really the only nod to the many other requirements that application developers need to consider when producing financial services - something we've been focusing on intently at the Society for Computers and Law, for example. That's a particular concern, when section 1.8 of the guidance recommends "the use of software that enables advertisers to target particular groups very precisely" without so much as a footnote. If this is a tip to use Big Data tools, cookies and so on to engage in behavioural targeting of advertising, then firms will need a lot more help if they are to expected to do so appropriately.

Of equal concern is the FCA's decision to 'gold-plate' its guidance to the level of compliance required by the European directives on consumer credit and mortgages - another example of the European "regulatory creep" that blights the UK's landscape and is the source of so much talk of a "Brexit":

"The same constraints do not exist in other areas, but we think it is important to adopt a common approach across all the sectors we regulate, and across all media. To do otherwise would create a more complex and less certain regime, which would impose additional costs and which firms and consumers would find more difficult to navigate."

The problem with this approach is that not only do UK officials have a tendency to over-comply in this fashion, but they also take a literal approach to the interpretation of European law, rather than the purposive approach that European law itself dictates. So the UK invariably implements European edicts far more restrictively than, say, Greece or even France (historically the country most sued for failing to implement European laws, but here's the league table). 

Another problematic area is the guidance on using an image to convey a risk warning where a character limit would make it impossible to include it as text. While appearing to recommend this approach, the FCA then points out (on page 8) that Twitter settings, for example, allow users to ensure that images appear as a link, rather than being automatically displayed. So, risk warnings or other required information cannot appear solely as an image where such user features are present. This is explained a little more in section 7 of the Annex, which also mentions that some social media services limit the amount of text in images or crop them in unpredictable ways... In other words, images are not really much of a solution, even though they feature heavily throughout the FCA's examples.

Retweets and other sharing of financial promotions by customers and employees is another area for firms to consider a bit more carefully. There is some discussion of that (under "Other regulatory issues" on page 11), but it's obviously at the core of why firms would use the social media over traditional advertising channels. Basically, you can't rely on your employees to do the dirty work for you, at least not in the course of their employment (a slippery slope); and just because they or your customers are prepared to make a claim, doesn't mean that the firm can share it with impunity.

While it's refreshing that the FCA does not consider a tweet, for example, to be a real-time promotion, it doesn't mention the use of instant messaging features, or direct messaging. Although the guidance does mention that a customer 'following' a firm's account or 'liking' its material does not amount to an express request to receive real-time promotions to get around the ban on 'cold-calling'.

Finally, record-keeping is a key concern here. As the FCA points out (on page 14), you can't rely on the social media platforms to retain a copy of your promotional material. So firms need to have their own records of tweets etc., and the related compliance sign-offs.

No doubt the FCA's guidance will evolve in the light of these concerns over time - not to mention the guidance from the Information Commissioner!