Our speakers today are James Cella, who is the Head of Business Development and Partnerships at Red Oak Compliance… Susanne Denby, AVP of Supervision and Suitability at HTK… and Matthew Johnson, Director of Compliance and AML Officer at Testra Financial…

James Cella
Thanks, Jamey, and thank you everybody for joining us today… I personally want to thank Susanne and Matt for being panelists…

Susanne Denby
Sure. Thank you, James, and thank you for having me. It's great to be here…

Matthew Johnson
Yeah, well, there's a lot, but thanks for having me…

Jamey Heinze
All right, so let's get going. Thank you very much for attending the fourth webinar in the Red Oak Thought Leadership series. Today's webinar is about supervising your registered representative's online presence, and it is going to be a great session. Excited to have some incredible guest speakers here with us today to help flesh out this story. So what we will cover after welcomes and introductions will be an overview of our environment, and it's centered on inspecting expecting what you inspect. We'll then pivot over to more of a conversation with our guest speakers, who I'll introduce here in a second. We'll talk about things that have been learned over the course of careers. We'll move into a discussion about some specific use cases, things that we think you'll be able to take away and incorporate. And then we'll cover just quickly what Red Oak offers to help with supervision. Of course. We'll be looking for questions from the audience that we'll be happy to answer.

Our speakers today are James Cella, who is the head of business development and partnerships at Red Oak Compliance and has a long background in supervision; Susanne Denby, who's the AVP of supervision and suitability at HTK today, but again has a very long career in the industry and quite a bit of experience that she's going to share; and Matthew Johnson, director of compliance and AML Officer at Testra Financial, who has some great and interesting stories. I've seen them. You're going to want to stick around to make sure you hear them.

Just a little bit of housekeeping. I mentioned the questions. At the bottom of your screen when you mouse down, you will see a Q&A icon. If you click that and type your questions in there, we will receive them and we're going to save them until the end of the presentation. Depending on how many questions we get and how much time we have, we'll answer all of them. But if we don't have time to answer all of them, we will put together essentially a Frequently Asked Questions document and we'll make sure that everybody here gets a copy of that. We'll email that out after the presentation.

So without any further ado, we're going to talk about the current environment that we're all facing, and I'm going to hand it over to James Cella.

James Cella
Thanks, Jamey, and thank you everybody for joining us today. We really appreciate you being here and I personally want to thank Susanne and Matt for being panelists on our webinar today. I've been working with these two fine professionals and honestly just great people for well over a decade and excited to have them share their expertise with us. These two are innovators in our industry and I will tell you, they're innovators in other industries too because they both have given me ideas about how to make the solutions better and solve specific problems that they face every day when it comes to supervising and compliance. So really, really grateful to have the two of them here with us.

And one of the wonderful things I just love about this industry is I get to continue to work with so many wonderful folks even as they transition between different jobs and companies. It's just been an amazing experience. So I personally just want to thank Susanne and Matt. And by the way, I'll probably call Matthew “MJ” as we go through this. So I'm the only one allowed to do that just so everybody's aware.

Matthew Johnson
So.

James Cella
All right, so let's kind of jump into our next slide. We're going to start off with a couple of polling questions, and I think Julia on our team is going to cue these up in Zoom.

The first question is, which channels are you currently supervising when it comes to communications out on the web? Everything from social media and websites, to influencers or affiliates, email (and if I don't get 100% on email, we're going to have to have a conversation), and text messaging. Go ahead and just take a moment or two and mark the ones that apply for your particular firm.

James Cella
…I just learned that us hosts can't vote, so we're not going to skew these particular polls here. I'll just give that a minute or so just to kind of get an idea of what it looks like. Want to just give that another minute or another few seconds and then we'll put that up for everybody to take a look at.

All right, so we have it. About 70% have answered. Let's throw that up on the screen and see where we're at. And I apologize, I totally closed my window if it's not showing. There we go.

So it looks like social media and email are way out there at the top. Text messaging has really been taking off quite a bit. Just general Internet supervision, interestingly enough, is down about a third. And then proprietary websites. Okay. That gives us a good feel for where we're at.

By the way, influencers and affiliates are really starting to take off. We're starting to see a lot more going on with affiliate programs and influencer programs. So keep that in mind.

So let's go to our second polling question. Of all the things that you are monitoring, which of them are you doing by hand? We're probably looking at a smaller list here. And if you're doing social media or email by hand, leave your name and number in the chat window and we'll reach right out to you and do what we can to help.

By hand means you don't have a technology process behind it. Either you're doing manual Google searches, or you're looking through social media channels or websites one by one.

So we've got about 50% answered so far. Awesome. All right, looking at our polls, it looks like many of us have solutions in place in which we're monitoring things with technology. But there are still a lot of manual processes in place. Some of the things we’re going to talk about today will focus on bringing together solutions and processes that allow for better and more robust supervision.

So thank you for participating in our poll. That helps set the stage for what we're going to talk about next.

All right, so the next place I really wanted to go is talking about one of the very first lessons that I learned in business. And when I say business, one of the things I love about this industry is I know very few people who went to college to become compliance officers, analysts, or directors. We all have a wide variety of backgrounds.

I went to business school, business administration, which means I was a little bit good at everything but not really great at anything. One of the things I learned in my very first job at Sinclair Oil Corporation (my first job out of college) was from the owner of the company, Earl Holding. His mantra was that you have to inspect what you expect.

When we would travel around with him as part of the corporate support for the hotels, he would tell the server that he wanted one of everything on the menu. And every item on the menu would be prepared and brought out. We would all take bites of everything and give him feedback, and he would give feedback to the food and beverage operations.

The way that he found that there were issues was by making those inspections: taste testing the food, going into rooms, checking if the beds were made to standard. That concept stuck with me — we have to inspect what we expect.

So when we talk about inspecting what we expect in this industry, we’re talking about very specific things. Let’s start with “expect.”

James Cella
When we look at our expectations in compliance and supervision, really those expectations are communicated through policies, training, and communications.

• Policies: Do we have the WSPs and the P&Ps, all the documentation and guidance that form the body of knowledge for what is expected from our employees, our registered reps, or really anyone we’re supervising?
• Training: Beyond policies, you have to train individuals and branches. Most firms I work with have a robust training arm to communicate out expectations, changes, and new requirements — especially as technology evolves. I’ve rarely worked with a firm on social media compliance that didn’t have some type of training program.
• Communications: It’s not enough to have knowledge and training — you need constant communication. Policies that just sit in a black box don’t help. You need policies available, educational opportunities, and active communication as you supervise.

So that’s the expect side.

Now, on the inspect side: what do we have in terms of supervision, monitoring, and remediation?

• Supervision: Dedicated personnel, technology, tracking, risk prioritization.
• Monitoring: Solutions in place to detect exceptions, such as undisclosed business activities, social media accounts, or outside business activities (OBAs).

Remediation: Once we find an issue, how do we remediate, document, and close the loop? We need clear processes to show regulators what was found, how it was addressed, and that it’s been resolved.

It’s about balance. If you only communicate expectations without inspections, you’re out of balance — like serving hamburgers without checking if they’re cooked properly. On the other hand, if you only inspect without clear expectations, you’re just writing people up for infractions they didn’t know existed.

The right balance is clear communication + effective inspection.

So, when we talk about supervising the online presence of advisors, what are we really talking about?

• Social media accounts
• Websites
• Blogs
• Online profiles
• Outside business activities
• Business directories
• Event pages
• Review sites
• Even political contributions

That’s the scope of what “online presence” means.

And with that, I’d like to open it up to our panelists. Suzanne, you’ve done this for years. Can you share what you’ve learned tackling some of these challenges?

Susanne Denby
Sure. Thank you, James, and thank you for having me. It's great to be here.

I’ve been in this business for over 25 years. I started in surveillance — email, trade review, all the different compliance areas you have to learn — and eventually worked my way up to Chief Compliance Officer. That role wasn’t for me long-term, so I shifted into supervision, which I enjoy more because it allows me to work directly with reps, explaining compliance in a way that supports their business. Most people want to comply, they want to sell the right way, and communication makes that possible.

So, let’s talk about the expectations from regulators like FINRA and the SEC: they expect us to supervise everything. That’s daunting, because regulators have hindsight. When they come in, they look back two years and ask, “How did you comply?” and you need proof.

That’s where I started using what I call the “circle of life” for supervision. There has to be a beginning and an end — a complete process.

Think about the basics:

1. Account opening – You collect new account forms, suitability, and all the necessary client information. Supervisors (like Series 24 principals) sign off.
2. Quality control – After supervisors approve, a QC process should test samples to ensure accuracy.
3. Audits and reviews – Internal audit or third-party audits validate supervision. Compliance also does annual testing and prepares the president’s report documenting deficiencies and fixes.
4. Regulatory exams – FINRA and the SEC will always visit, at some point. Programs need to withstand that scrutiny.
5. Remediation – Once deficiencies are identified, the clock is ticking. You need to fix them, document fixes, and close the loop.

That’s the circle of life in supervision: expectations, testing, remediation, and documentation.

Now, some key supervisory elements:

• Hierarchy – Who reports to whom? This hierarchy must align across all systems (surveillance, workflows, compliance tools).
• Policies and procedures – Your WSPs need to be tailored to your business model. You can’t just copy boilerplate.
• Client data – Protect it carefully.
• Workflows – Ensure supervisory steps for paperwork are defined and followed.
• Data – It must be scalable and usable. Firms are increasingly pushing toward better data practices, often to leverage AI.
• Monitoring and reporting – Real-time where possible.
• Training – Continuous — often deficiencies are fixed by retraining reps.
• Communication – Supervisors must set clear communication channels — email, calls, check-ins, etc. — and document them.
• Audits and risk leadership – Build into the culture.

So how does social media fit into this? Everyone is on social media, whether they admit it or not. Firms need policies about which platforms are permitted, because some (like WhatsApp) can’t be supervised effectively.

Here’s a story: years ago, before electronic surveillance was widespread, I supervised a rep in Louisiana. A simple Google search revealed undisclosed outside activities. That led to an on-site exam, where we found unapproved promissory note loans tied to real estate — ultimately deemed fraudulent. He went to jail.

The lesson? Manual Google searches aren’t enough anymore. Regulators expect electronic supervision systems. If you don’t have them, you can’t meet the standard.

That’s why firms must understand where advisors are, how they hold themselves out, and what their online presence really looks like. It’s not optional.

James Cella
Can I ask you a question, Susanne? When you uncover deficiencies and need additional training, how does that actually happen? Do you work with the firm’s training and development department, or does it come directly from compliance? How does that flow back out into communication and remediation?

Susanne Denby
It depends on the firm. Larger firms often have full training departments, while smaller firms may not, so compliance has to build training themselves — even just simple PowerPoints.

What’s critical is including the supervisor in the training session with the rep. That way, the rep can ask questions in real time, and the supervisor hears the same explanation. Often, training isn’t just about teaching a procedure, it’s about correcting how reps think. They need to understand why compliance matters. For example:

“Joe, you have to collect every client objective because the rule requires it. You can’t just open the account without understanding their goals, time horizon, and risk tolerance.”

That “why” is what makes training effective.

And communication is everything. Supervisors must decide how they’re going to communicate with their population: email, calls, quarterly check-ins, whatever works. But it must be documented.

Transparent communication with registered reps is crucial, especially in today’s remote environment. Remote work means we need to over-communicate. Sitting across the table will always be more powerful, but if that isn’t possible, you have to compensate by being deliberate about outreach.

Service excellence also matters. Supervisors need to answer reps’ questions promptly. And regular audits, paired with leadership in risk management, tie it all together.

James Cella
Excellent. Thank you. Let’s pivot to social media specifically — how does it fit into this framework?

Susanne Denby
At the end of the day, supervision must include social media, because your reps are there. If they say they’re not, they’re probably not being truthful.

Policies need to explain which platforms can be used. Some platforms can’t be supervised or archived — WhatsApp is a good example. Firms must set boundaries.

And let me give a real example. Years ago, I supervised a rep in Louisiana. We found, through a basic Google search, that he was running undisclosed activities. When I did an inspection at his office, I uncovered that he was involved in unapproved promissory notes tied to real estate. It was eventually classified as fraud. He ended up in jail.

The point is: without inspections, without monitoring, you don’t catch these threads. That’s why electronic surveillance is essential today. Regulators won’t accept a “manual search” defense anymore.

We have to know: where are our advisors? What addresses are they using? How are they holding themselves out online? And what platforms are they active on? That’s non-negotiable.

James Cella
Awesome, thanks so much, Susanne. And Matt, what are some of the interesting things you’ve seen? I love your take on the “wild west” of social media compliance.

Matthew Johnson
Yeah, thanks, James — and thanks for having me here.

So let me paint a picture. Imagine a young financial advisor, brand new to the industry. They’re stepping into a practice built by their mentor, someone who worked in a completely different world: paper files, phone calls, face-to-face transactions. Now that mentor is retiring, and this new advisor is taking over.

Here’s the difference: this younger generation has never known a world without the internet. They were practically born with smartphones in their hands. Social media isn’t a tool they have to learn — it’s their native language.

So what do they do? They take their business online. They go to LinkedIn, Instagram, X, TikTok — because that’s where their clients and prospects are. Their audience expects instant engagement, transparency, and authenticity.

And from a business perspective, it makes total sense. Social media is a powerful way to build a brand and connect with clients.

But here’s the problem: compliance.

The regulations we operate under were written in an era of paper trails and clearly defined communication channels. Today, one casual Instagram story, one LinkedIn share, or one offhand post can unintentionally violate a FINRA rule, an SEC rule, or firm-specific policy.

That’s why I call it the wild west. Advisors aren’t intentionally breaking rules. They’re just using the language and tools they grew up with. But the regulatory framework hasn’t caught up to this landscape.

So the question becomes: do we clamp down, restrict, and say “no”? Or do we adapt, recognizing that the world has fundamentally changed?

I believe the answer is adaptation. Firms need to create supervision processes that both mitigate risk and allow advisors to grow their business in the digital age.

James Cella
And Matt, I love your point about the “salacious and insane” nature of social media. I know you’ve got some eye-opening examples coming.

Matthew Johnson
We’ll get into those. Let’s just say: if compliance officers aren’t engaged, these platforms will surprise you in ways you didn’t expect.

Susanne Denby
Sure. This one goes back a bit, but it’s a good illustration.

There was a representative in California. The initial red flag came through email surveillance — we caught something that didn’t look right. That led us to review his outside business activity, and then a simple Google search revealed even more.

What did we find? He was communicating with clients about a real estate investment that was not approved, not disclosed, and ultimately deemed to be a security. Regulators later determined it was part of a Ponzi scheme.

I actually had to testify in court on this case. They asked why I couldn’t produce books and records for his outside activity. Turns out he was literally keeping them in the trunk of his Ferrari.

Now — he definitely didn’t make enough money at our firm to justify that Ferrari, which should have been another red flag. But the point is: without inspections and without electronic surveillance tools, we might never have pulled on the thread that uncovered this fraud.

In my 25-year career, I’ve dealt with about 15 serious frauds. Not a terrible average, but each one reinforces the need for systematic supervision and technology to help catch issues early.

James Cella
Wow. Thank you, Susanne. That’s a powerful example.

Matt, how about you? I know you’ve got a memorable one.

Matthew Johnson
Oh, I do. Here’s the story:

I had a firm approach me and ask, “Hey MJ, can our advisors use OnlyFans?”

Now, I’ll let that sink in for a second. Because yes, it was exactly the platform you’re thinking of.

Let’s put aside the brand-risk concerns for a moment and look at it objectively. OnlyFans has about 305 million users and 4 million content creators. That’s 310 million people spending $7 billion annually on a platform not designed for financial services. On paper, that looks like an untapped market.

But here’s the compliance reality: before you can even think about it, you need to answer two questions:

1. Can you supervise it? Does the platform allow a third party to monitor, archive, or capture the content for compliance purposes?
2. Is the cost worth it? Even if supervision is possible, does the potential advisor adoption justify the compliance and supervision cost to the firm?

For OnlyFans, the answer is basically no on both counts.

So I asked the advisor: “What’s your real goal here?” And they said, “We want to reach a new audience.”

Okay — if that’s the goal, why not use Pinterest, which has 550 million users, 70% of them women — one of the fastest-growing investor demographics. Or why not go all-in on Instagram, with 2.1 billion users, robust discovery tools, and proven use in financial services?

The bottom line: the ask wasn’t really about OnlyFans. It was about finding new ways to grow the business. My job was to redirect that energy into a platform we could supervise, archive, and actually defend in front of regulators.

And that’s why I always say: if your firm doesn’t have someone who lives in the social media world, you’re behind. You need people who understand the platforms, speak the language, and can guide advisors before they get themselves — and the firm — into trouble.

James Cella
Perfectly said. Thank you both.

James Cella
So, how does this all tie together from a solutions perspective?

At Red Oak, we’ve built technology and consulting services specifically to address these challenges. Our solutions include:

• Social media compliance tools – monitoring, archiving, and reviewing advisor communications.
• Website monitoring and archiving – ensuring public-facing sites meet regulatory standards.
• Internet supervision – previously known as Eagle Eye, now enhanced for broader coverage.
• Influencer and affiliate monitoring – a newer need as more advisors experiment with these channels.
• Consulting services – for firms that may not have the resources internally, we provide expertise to set up processes, conduct reviews, and guide best practices.

As technology evolves, so will the scope of what needs to be supervised. We’re committed to expanding our solutions to stay ahead of the curve.

With that, let’s move to the Q&A portion of today’s session. Jamey, do we have some questions lined up for our panelists?

Jamey Heinze
We do, and the timing is perfect. I’ll actually go backwards and start with the most recent question that came in, which is for Matt.

Jamey Heinze
The question is for Matt, and it’s based on what you were just covering. It asks: “How do you build a culture that fosters communication to the point that advisors come to compliance first—before jumping into something like an OnlyFans-type site?”

Matthew Johnson
Let me answer that with a question: How many of your advisors have you hugged?

Now, if hugging feels like a violation of personal space, just think of it metaphorically. What I mean is that we must build relationships where our advisors know we’re genuinely invested in their success. My role isn’t to be the department of “no.”

Yes, compliance officers have to say “no” more often than “yes,” but how we do it matters. I explain why something can’t be done and then immediately pivot to explore what the advisor is really trying to achieve. Often, their end goal—whether it’s prospecting, marketing, or client engagement—can be reached another way.

That’s how you build culture. Advisors need to feel that compliance is a partner in problem-solving, not just an obstacle. And ideally, they should meet me before I ever have to show up for a branch exam or a remediation issue. If the first interaction is proactive—at a conference, a welcome call, or just a simple check-in—they’re far more likely to come to me first before experimenting with riskier platforms.

James Cella
So, MJ, would you say it’s about reframing the conversation—getting to the root of what problem they’re trying to solve, rather than focusing on the specific tool they’ve chosen, like OnlyFans?

Matthew Johnson
Exactly. In many cases, they think the only way to generate leads is through a platform they’ve seen others using. But if we drill down, what they really want is new clients or visibility. Once we understand the intent, we can explore alternatives—whether that’s LinkedIn, Instagram, or something else that’s both more effective and compliant.

Jamey Heinze
Fantastic. And we have a question that also came in for Suzanne. It goes back to your Circle of Life, Suzanne. The question is: “When you enter a new organization that needs help in these Circle of Life processes, where do you like to start? How do you get going?”

Susanne Denby
That’s a great question. Honestly, it depends on the firm, but the first step is always about people and communication.

When you walk into a new firm, you’re the new person. You don’t know all the reps yet. You don’t know the full history of why things are done the way they are. So you start by listening and building relationships—with executives, with supervisors, with colleagues across the firm.

Before making any big changes, I ask a lot of questions:

• Why do we do this process this way?
• What’s the history behind it?
• What challenges have you run into before?

It’s very easy to walk into a new environment and want to replicate what worked at your last firm. But if you don’t understand the history or the “why,” you’ll create friction with people who’ve been doing it for 10 or 15 years.

So my advice: don’t scare anyone with immediate changes. Communicate openly. Share your observations. Explain what you’re thinking and listen to their feedback—even if they push back. Often, that resistance has a story behind it.

And because many of us are now fully remote, communication has to be even more intentional. Face-to-face conversations are always stronger, but when you don’t have that, you have to double down on transparency and regular updates. That’s what makes change management successful.

James Cella
Awesome. Thank you so much. Before I turn the time back over to Jamey, I just want to personally thank Suzanne and Matthew for being panelists with us and for being such great thought leaders in our space—and wonderful friends. Thank you. I really appreciate both of you joining us today.

Matthew Johnson
Thank you, James. Appreciate you.

James Cella
Thank you.

Susanne Denby
Thank you, James.

James Cella
Thanks.

Matthew Johnson
Fantastic.

Jamey Heinze
All right, we are just about a minute and a half away from the top of the hour. This was a perfect use of time. Thank you to everybody. We’re very proud of the Thought Leadership webinars that we’ve put together so far.

I mentioned earlier in the call, this is the fourth in the series, so there are three others available on demand. You can watch them at your leisure on the Red Oak website. They’re also available through the QR code here on the slide.

Also, another QR code invites you to join us at our Red Oak User Conference at the end of next month, end of April. A lot of discussion today was about relationships and culture. We’re big believers in that, too, at Red Oak. And if you show up at the User Conference, you’ll see that in action.

So that’s the end of today’s session. Thank you again, and we look forward to seeing you next time. Have a great rest of your day.

James Cella
Thank you very much.