State by state, lawmakers are chipping away at securities firms' ability to monitor employee communications on social-media sites, a development that could cause compliance headaches for both firms and regulators.
California could become the latest state to ban employer access to private social-media sites used by employees. A law passed by the state Legislature last month still must get the approval of Gov. Jerry Brown, who has until the end of the month to sign it.
Similar laws are scheduled to take effect in Maryland next month and Illinois next year. Other states considering social-media privacy bills include New York, New Jersey, Delaware, Massachusetts, Minnesota, Michigan, Missouri and South Carolina.
The California bill, which faced no opposition in the Legislature, would prohibit an employer from requiring that an employee or job applicant disclose passwords for personal social-media sites.
The Securities Industry and Financial Markets Association has called on Brown to veto the legislation.
"The bill, while well-intended, conflicts with the duty of securities firms to supervise, record and maintain business-related communications" under Financial Industry Regulatory Authority Inc. rules, SIFMA said in a letter to the governor.
The industry doesn't want to snoop on employees, SIFMA wrote.
"The problem ... is that many people use the same account for both personal and business activity," the trade group wrote.
Finra made a similar argument in June to California lawmakers. Along with SIFMA, Finra asked that people in the securities industry be exempt from the proposed law.
California's Senate rejected that idea but amended the bill to let employers request personal social-media information only when they have reason to think that it is relevant to an investigation of wrongdoing.
Maryland's law offers a similar exemption.
But industry observers contend that these carve-outs won't allow for routine supervision or inquiries into violations of firm policies.
"A representative could argue that it doesn't apply to red flags or general supervisory use," said Brian Rubin, a partner at Sutherland Asbill & Brennan LLP.
"B-Ds need to watch over reps to make sure the reps are being responsible in making comments relating to specific stocks or recommendations," said Yaron "Ron" Reuven, chief executive of Reuven Enterprises Securities Division LLC. "Otherwise, they risk having a stock-promoting pump-and-dumper on their hands."
Registered investment advisory firms and their employees also will be affected by the state laws. Under Securities and Exchange Commission regulations and state securities rules, advisory firms must supervise employee-client communications and retain relevant records, including social-media information.
"We are aware of this legislation and are monitoring it," SEC spokesman John Nester said in a statement.
The California law, if approved, will help bring the issue to the forefront, according to Kim Chamberlain, SIFMA's associate general counsel.
"It will be big," she said during a meeting of state securities regulators this month.
Meanwhile, Finra "will continue to monitor similar bills for potential impacts," Finra spokesman George Smaragdis wrote in an e-mail.
So far, California is the only state in which Finra has lobbied to oppose social-media privacy laws.
The American Council of Life Insurers also opposed the California law.
Individual state regulations on social-media privacy could be just the tip of the iceberg.
A proposed federal law, the Password Protection Act of 2012, would make it illegal for an employer to compel or coerce access to any private online information, according to its sponsors.
Federal laws "could contradict what the SEC and Finra are coming out with," said Nancy Lininger, a Camarillo, California-based compliance consultant.
The industry faces a clear challenge as the use of social media by financial advisers grows.
A survey of independent broker-dealers by InvestmentNews, a sister publication of Workforce Management, found that 80% of firms permit their reps and advisers to use social media for professional purposes. Last year, a survey by Massachusetts regulators found that 44% of state-registered investment advisers use at least one form of social media.
Some brokerage firms limit advisers to LinkedIn or Twitter, where content is less private than on Facebook. Many firms also require advisers to certify that they don't use social media for business purposes.
Michael Kitces, a partner at Pinnacle Advisory Group Inc. and a prolific user of social media, supports the privacy laws.
Employers can have compliance policies that prohibit client communications outside approved and reviewable channels, he said.
"I really don't see why an employer ... should have access to my private social-media accounts, any more than they should have access to my private non-work e-mail [or] my private non-work phone calls," Kitces said.
But without access to personal sites, firms won't know for sure what their advisers are doing, critics of the laws said.
Certification helps, "but it's hard to prove a negative," said Paul Glenn, special counsel with the Investment Adviser Association.
"The question comes down to: What if a representative is not honest about their business use of social media?" Chamberlain said at the meeting of state regulators.
The IAA is following the issue but has yet to weigh in with a lobbying effort, Glenn said.
SIFMA members are trying to figure out how to deal with the state bans, Chamberlain said in an interview.
"Assuming we can come up with a way to satisfy Finra obligations, while allowing the use of social media, we'd like to do that," she said.