Social Media Communications Supervision and Recordkeeping

To meet the social media communications supervision and recordkeeping requirement, you must treat business-related social media content like any other communication with the public: supervise it under written procedures, require principal pre-approval for retail communications before use, and retain records that let you recreate what was posted, by whom, when, and under what approval. (FINRA Rule 2210; FINRA Rule 3110)

Key takeaways:

• Classify social posts by FINRA communication type, then apply the right approval and review workflow. (FINRA Rule 2210)
• Implement WSPs that cover permitted channels, pre-approval, sampling/surveillance, escalations, and attestations. (FINRA Rule 3110)
• Capture and retain business-related social content (including edits and deletions) with review/approval evidence. (FINRA Rule 3110)

Social media is a communications channel, not a compliance exception. If an associated person posts business-related content on LinkedIn, X, Instagram, TikTok, Reddit, or via direct messages, your firm needs a defensible supervision model and a record that stands up in an exam. FINRA’s communications standards focus on whether content is fair and balanced, not misleading, and not missing material facts or qualifications. (FINRA Rule 2210) FINRA’s supervision rules focus on whether you have written supervisory procedures (WSPs) and whether your surveillance and escalation actually work in practice. (FINRA Rule 3110)

Operationalizing this requirement quickly means making three decisions and documenting them: (1) which social channels and account types are permitted for business, (2) which content must be pre-approved by a principal before posting, and (3) how you will monitor, evidence, and retain social communications over time. This page gives you requirement-level implementation guidance you can convert directly into WSP language, a supervision workflow, and an audit-ready evidence set for exams and internal audits.

Regulatory text

FINRA baseline standard (excerpt): “No member may make any retail communication or correspondence that contains any untrue statement of a material fact, or is otherwise false or misleading. Communications must provide a sound basis for evaluating the facts and must not omit material facts or qualifications.” (FINRA Rule 2210)

Operator interpretation:

• Your social media content that qualifies as a “retail communication” or “correspondence” must be reviewed against the same content standards you apply to emails, websites, and marketing decks. (FINRA Rule 2210)
• Your firm must implement supervision through WSPs, assign responsibility, and run a surveillance and escalation program that you can evidence. (FINRA Rule 3110)
• Where principal approval is required for retail communications before use, social media posts that are retail communications need a pre-post approval workflow, not a retroactive review. (FINRA Rule 2210)

Plain-English requirement interpretation (what FINRA expects you to prove)

You need to be able to show an examiner four things:

1. Control of the channel: You know which social platforms and account types are allowed for business and which are prohibited or restricted, and you enforce that position. (FINRA Rule 3110)
2. Control of the message: Your social content is not false or misleading, provides a sound basis for evaluating the facts, and does not omit material facts or needed qualifications. (FINRA Rule 2210)
3. Control of approvals and supervision: Retail communications receive required principal approval before use, and other social activity is supervised through documented review, sampling, and escalation procedures. (FINRA Rule 2210; FINRA Rule 3110)
4. Control of records: You can reconstruct business-related posts and messages, along with approvals, edits, and removals, in a retained system of record. (FINRA Rule 3110)

Who it applies to

Entities

• FINRA member broker-dealers and their supervisory and compliance functions. (FINRA Rule 2210; FINRA Rule 3110)

People and operational context

• Associated persons who post business-related content or interact with customers/prospects on social media, including registered reps, investment banking personnel, research distribution teams, and corporate marketing. (FINRA Rule 3110)
• Supervisory principals responsible for communications approval and supervision. (FINRA Rule 2210; FINRA Rule 3110)
• Third parties acting on the firm’s behalf (marketing agencies, social media management platforms, brand ambassadors) when they create, schedule, or publish content for the firm or its associated persons. Your WSPs should address oversight of these arrangements. (FINRA Rule 3110)

What you actually need to do (step-by-step)

Step 1: Inventory accounts and classify “business use”

Build an inventory that includes:

• Firm-owned social accounts (brand pages)
• Associated person accounts used for business (e.g., “financial advisor” LinkedIn profiles)
• Any tools used to publish or archive (social publishing platforms, mobile device apps)

Define “business-related” in your WSPs with practical examples (e.g., recommendations, performance discussions, event invites, “DM me to open an account,” product commentary). Tie the definition back to supervision expectations. (FINRA Rule 3110)

Artifact: Social account register (owner, platform, handle, purpose, approval status, supervising principal).

Step 2: Define permitted channels, prohibited behaviors, and required disclosures

Write channel standards that are easy to enforce:

• Permitted platforms for business use (by role if needed)
• Prohibited practices (e.g., testimonials or performance claims without required context, promissory language, unapproved product pitches) aligned to “not false or misleading” and “do not omit material facts.” (FINRA Rule 2210)
• Required disclosure approach (bio disclosures, post-level disclosures, link-in-bio disclosures). Keep it specific enough that reviewers can apply it consistently. (FINRA Rule 2210)

Artifact: Social media standards addendum to Communications WSPs. (FINRA Rule 3110)

Step 3: Build a communications classification and routing model

Create a decision matrix so the business knows what happens before posting:

Content type (your definitions)	Likely FINRA bucket	Pre-approval required?	Reviewer	Recordkeeping requirement
Static marketing post promoting services to retail audience	Retail communication	Yes, before use	Principal	Archive final + approval evidence
1:1 DM with an existing client about scheduling	Correspondence	Risk-based review	Supervisor/Compliance sampling	Archive message thread
Firm brand video discussing products/benefits	Retail communication	Yes, before use	Principal	Archive video + caption + approval
General market commentary without product push	Depends on audience/content	Often yes if retail comm	Principal/Compliance per WSP	Archive post + support

This table is your operational backbone. It connects Rule 2210 content standards to Rule 3110 supervision. (FINRA Rule 2210; FINRA Rule 3110)

Artifact: Communications classification matrix and routing rules.

Step 4: Implement pre-approval for retail communications (before use)

Operationalize principal review with:

• Intake form (post text, images/video, target audience, claims substantiation links, required disclosures, campaign dates)
• Approval logging (approver, date/time, version approved, conditions)
• Controlled publishing (approved content is posted through a managed tool or controlled workflow)

If you allow “real-time” formats (stories, live streams), define whether they are prohibited for business, restricted to scripted content, or permitted with guardrails and post-use review. Put the decision in WSPs. (FINRA Rule 2210; FINRA Rule 3110)

Artifacts: Approval tickets, annotated drafts, principal sign-off, version history.

Step 5: Ongoing supervision for everything else (surveillance + escalation)

For non–pre-approved content (or where your WSPs allow post-use review), implement a monitoring program:

• Supervisory reviews based on risk (role, product, history, platform)
• Lexicon/keyword alerts and manual spot checks
• Clear escalation paths for potential misleading statements or missing qualifications, including takedown and remediation steps (FINRA Rule 2210; FINRA Rule 3110)

Write escalation outcomes that create evidence: “remove post,” “add clarifying disclosure,” “client outreach,” “training,” “discipline,” “heightened supervision.” (FINRA Rule 3110)

Artifacts: Surveillance logs, alert disposition records, remediation/takedown tickets.

Step 6: Recordkeeping and retention (build an audit-ready system of record)

Your recordkeeping approach must let you reconstruct:

• The content (text, images, video, hashtags, links)
• The context (account, platform, date/time, audience where available)
• The workflow (drafts, approvals, edits, deletions, reposts)
• The supervisory actions (reviews, exceptions, escalations)

A practical approach is to route all business social activity through a controlled publishing/archive tool and restrict business posting from unmanaged personal apps. For accounts you do not control (e.g., associated persons posting from native apps), require an approved capture method and test it. Your exam risk is not the policy; it’s the gap between policy and what people actually do. (FINRA Rule 3110)

Artifacts: Archived content repository exports, retention configuration, periodic capture testing results.

Step 7: Train, attest, and enforce

Minimum operator set:

• Role-based training for associated persons and supervisors with examples of compliant vs. noncompliant posts. (FINRA Rule 3110)
• Attestations that (a) only approved accounts are used, (b) communications are business-related only within policy, (c) outside business accounts are disclosed and reviewed. (FINRA Rule 3110)
• Enforcement actions when violations occur, documented and repeatable. (FINRA Rule 3110)

Artifacts: Training records, attestation logs, disciplinary documentation where applicable.

Required evidence and artifacts to retain (exam-ready checklist)

Keep these in a single “Social Communications Supervision” evidence folder:

• Social media WSP section(s) covering classification, pre-approval, monitoring, escalation, and recordkeeping. (FINRA Rule 3110)
• Communications classification matrix and pre-approval rules. (FINRA Rule 2210)
• Principal approval evidence for retail communications (ticketing/workflow logs, version history). (FINRA Rule 2210)
• Supervisory review evidence (sampling plan, surveillance logs, exception reports, dispositions). (FINRA Rule 3110)
• Archive/recordkeeping proof (system screenshots, retention settings, capture testing, completeness checks). (FINRA Rule 3110)
• Account inventory and approvals for firm and associated-person business accounts. (FINRA Rule 3110)
• Training, attestations, and escalation outcomes. (FINRA Rule 3110)

Common exam/audit questions and hangups

Expect reviewers to press on:

• “Show me how you determine whether a post is a retail communication vs correspondence, and what workflow that triggers.” (FINRA Rule 2210)
• “Demonstrate principal approval before first use for retail communications. Show the timestamps and the exact content approved.” (FINRA Rule 2210)
• “How do you supervise DMs and comments? What do you capture, and how do you evidence review?” (FINRA Rule 3110)
• “How do you detect business-related activity on unreported accounts?” (FINRA Rule 3110)
• “Prove your archive is complete. Show testing and exceptions.” (FINRA Rule 3110)

Hangup pattern: firms can often show a policy, but cannot show a reliable content capture trail for native-app posting and deletions. That becomes a supervision finding because the firm cannot demonstrate the system works. (FINRA Rule 3110)

Frequent implementation mistakes (and how to avoid them)

1. Approving “themes” instead of specific content. Pre-approval needs to tie to the specific post version that went live. Fix: version control and controlled publishing. (FINRA Rule 2210)
2. Treating LinkedIn DMs as “off-channel” and ignoring them. Business correspondence still needs supervision and retention per your WSPs. Fix: include DMs/comments in capture scope and surveillance. (FINRA Rule 3110)
3. Letting personal devices be the system of record. Screenshots and self-forwarding are brittle. Fix: require an approved capture method and test completeness. (FINRA Rule 3110)
4. No documented escalation. Review without dispositions looks like “checking a box.” Fix: require documented outcomes for exceptions. (FINRA Rule 3110)
5. Undefined disclosures. Teams argue case-by-case and miss omissions. Fix: publish required disclosure patterns for common post types. (FINRA Rule 2210)

Enforcement context and risk implications (practical)

Even without citing specific cases here, the risk profile is consistent: misleading or unsupported claims create investor harm risk under communications standards, and weak supervision/recordkeeping creates exam and disciplinary exposure because you cannot demonstrate control over the channel. Your highest-risk combinations are (a) product promotion aimed at retail audiences and (b) unarchived, fast-moving formats with edits/deletions. Map those directly to heightened review and capture controls. (FINRA Rule 2210; FINRA Rule 3110)

Practical 30/60/90-day execution plan

First 30 days (stabilize)

• Freeze and inventory: identify all known firm and associated-person business accounts; pause new account creation until intake exists. (FINRA Rule 3110)
• Publish interim rules: permitted platforms, “no posting without approval” rule for retail promotional content, and a takedown/escalation contact path. (FINRA Rule 2210; FINRA Rule 3110)
• Stand up a basic pre-approval workflow with principal sign-off and a central repository for approvals. (FINRA Rule 2210)

Days 31–60 (operationalize)

• Finalize WSPs and the communications classification matrix; train supervisors and producers. (FINRA Rule 3110)
• Implement monitoring: sampling plan, lexicon alerts where feasible, documented dispositions. (FINRA Rule 3110)
• Implement archiving: select/validate a capture approach for posts, comments, and DMs in scope; run capture completeness tests and document exceptions. (FINRA Rule 3110)

Days 61–90 (prove it works)

• Run a mock exam: pull a sample of posts and reconstruct the full chain (draft → approval → posting → archive → supervisory review). (FINRA Rule 2210; FINRA Rule 3110)
• Close gaps: expand capture coverage, tighten publishing restrictions, add heightened supervision for repeat issues. (FINRA Rule 3110)
• Add metrics that matter operationally (no statistics needed): approval cycle time, exceptions by category, capture failures, overdue reviews, repeat offenders. Use them in monthly supervision meetings and retain minutes. (FINRA Rule 3110)

Where Daydream fits (only if it matches your operating model)

If your current process lives in email threads and spreadsheets, Daydream can centralize the control narrative: WSP-aligned workflows for pre-approvals, evidence collection, and audit-ready reporting for supervision and recordkeeping. Configure it around your classification matrix so approvals, surveillance, and artifacts stay linked to the exact content version reviewed. (FINRA Rule 2210; FINRA Rule 3110)

Frequently Asked Questions

Do we have to pre-approve every social media post?

Posts that are “retail communications” require principal approval before use under your workflow. (FINRA Rule 2210) For other business-related communications, you still need documented supervision and review per WSPs. (FINRA Rule 3110)

Are comments and likes in scope for supervision and recordkeeping?

If the interaction is business-related and part of communications with the public, treat it as in-scope for supervision and retention under your WSPs. (FINRA Rule 3110) Define the boundaries clearly so teams know what must be captured.

What about direct messages (DMs) with clients on LinkedIn or other platforms?

If DMs are used for business, they are part of your communications population and should be supervised and retained according to your procedures. (FINRA Rule 3110) Many programs fail here because DMs are harder to capture than posts.

Can registered reps use personal social accounts for business?

You can allow it, but you need an account approval process, defined permitted content, supervision, and recordkeeping that works for native-app posting. (FINRA Rule 3110) If you cannot capture and evidence it, restrict business use to managed accounts.

How do we handle “real-time” content like stories or livestreams?

Decide and document whether these formats are prohibited, restricted to scripted pre-approved content, or allowed with documented post-use review and retention. Your approach must still meet the “not misleading” standard and your supervision obligations. (FINRA Rule 2210; FINRA Rule 3110)

What evidence will an examiner ask for first?

Expect requests for WSPs, proof of principal approval for retail communications, and the ability to retrieve archived social content with timestamps and reviewer/approver trails. (FINRA Rule 2210; FINRA Rule 3110)