What does Ferretly do?

Ferretly is an AI-powered social media background screening platform that analyzes publicly available online content to surface behavioral risk signals for hiring, compliance, and brand protection.

Is Ferretly compliant with FCRA and other regulations?

Ferretly is designed with regulatory compliance at its core. Its workflows support Fair Credit Reporting Act requirements and align with EEOC and GDPR guidance when used for employment-related social media screening.

Ferretly is used by employers, staffing and background screening providers, government agencies, financial services organizations, healthcare providers and brands that want deeper insight into digital behavior than traditional background checks provide.

What data sources does Ferretly analyze?

Ferretly analyzes public content across major social media platforms and can incorporate web, news and media sources to build a clearer picture of digital behavior over time.

How long of a history can Ferretly review?

Depending on the plan and use case, Ferretly can review up to approximately ten years of publicly available social media content, with options for continuous monitoring going forward.

FINRA Rule 3110 and Social Media Supervision: A 2026 Overview

An overview of FINRA Rule 3110 supervision in the social media context—what FINRA's guidance covers, what it doesn't, and where behavioral risk visibility fits for member firms.

June 25, 2026

Short answer: FINRA Rule 3110 requires member firms to maintain a supervisory system reasonably designed to achieve compliance with securities laws and FINRA rules. FINRA has separately issued guidance on social media—Regulatory Notices 10-06, 11-39, and 17-18—which addresses how firms supervise their representatives' business communications on social media. This overview explains what that guidance covers, what it doesn't, and where behavioral risk visibility fits.

Social media touches financial services in two distinct ways that are easy to conflate. One is how firms supervise what their representatives post. The other is how firms manage conduct and reputational risk among their people. This guide keeps them separate, because the rules treat them differently.

What Rule 3110 requires

FINRA Rule 3110 is the supervision rule. In broad terms, it requires each member firm to establish and maintain a supervisory system—including written procedures—reasonably designed to achieve compliance with applicable securities laws, regulations, and FINRA rules. The standard is "reasonably designed," which means firms are expected to build supervision appropriate to their business and risks, not to guarantee perfect outcomes.

What FINRA's social media guidance actually covers

FINRA has addressed social media specifically in a series of Regulatory Notices: 10-06 (2010), 11-39 (2011), and 17-18 (2017). It's worth being precise about what they address, because the topic is widely misunderstood.

This guidance is primarily about business communications—how firms supervise, review, and retain records of the social media content their representatives use for business purposes. Key themes include:

Static vs. interactive content. Static content (like a profile or a posted page) generally calls for principal review before use; interactive, real-time communications are supervised differently.
Recordkeeping. Whether a communication must be retained depends on its content—whether it relates to the firm's business—not on the device or platform used.
Third-party posts. Posts by customers or others generally aren't the firm's communications, unless the firm became "entangled" with or "adopted" the content.
Supervision. Firms need procedures reasonably designed to ensure these communications comply with the content rules.

What this guidance is not about is conducting background or behavioral screening of representatives. It governs what representatives publish, not how firms vet them. Keeping that distinction clear avoids a common mistake.

Where conduct and reputational risk come in

Separate from the communications rules, firms have a broader interest—and, through the supervisory obligation, a broader responsibility—in the conduct of their associated persons. Registration involves disclosure of background information, and firms maintain supervisory systems that account for the conduct risks their people may present.

This is where behavioral risk visibility is relevant. Documented patterns of concerning public conduct can carry reputational and supervisory implications for a firm. Visibility into behavioral risk in publicly available content—handled compliantly—can be one input into a firm's broader supervisory and risk picture. It isn't mandated by the social media communications notices, and it shouldn't be presented as if it were. It's a complementary practice that supports a reasonably designed supervisory program.

A compliant approach to behavioral risk visibility

If a firm folds behavioral risk visibility into its program, the same disciplines that apply to any sound screening apply here:

Public content only—no credential requests or private-account access.
Protected-class redaction before any decision-maker sees the file.
Human adjudication of categorized findings.
Findings and categorization, not decisions—the firm decides what to do.
Documented, consistent handling that fits within the firm's supervisory procedures.

Used this way, behavioral risk visibility supports the supervisory obligation without overstating what any specific rule requires.

The bottom line

FINRA Rule 3110 sets a "reasonably designed" supervision standard. FINRA's social media notices—10-06, 11-39, and 17-18—address how firms supervise representatives' business communications, not how firms screen their people. Both matter, and they're different things. Behavioral risk visibility in public content is a complementary input to a firm's broader supervisory and risk program—useful when handled compliantly, and not a substitute for a firm's own judgment about what its rules require.

FAQ

What is FINRA Rule 3110?The supervision rule. It requires member firms to maintain a supervisory system—including written procedures—reasonably designed to achieve compliance with securities laws, regulations, and FINRA rules.

What do FINRA's social media notices cover?Regulatory Notices 10-06, 11-39, and 17-18 primarily address how firms supervise and retain records of representatives' business communications on social media—static vs. interactive content, recordkeeping, third-party posts, and supervision.

Do FINRA's social media notices require background screening of representatives?No. They govern business communications, not vetting. Conduct and reputational risk are addressed through the broader supervisory framework, not these communications notices.

How does behavioral risk visibility fit a FINRA-regulated firm?As a complementary input to a reasonably designed supervisory program—public content only, with protected-class redaction, human adjudication, and the decision left to the firm.

This article is for general informational purposes only and is not legal or compliance advice. FINRA rules and guidance are detailed and fact-specific. Consult qualified counsel and FINRA's official resources for guidance specific to your firm.