Social media is increasingly becoming an avenue for compliance risk within organizations, from the spread of misleading or inaccurate information to market risk to the possibility of non-compliant marketing to a new method for off-channel comms. We set out four critical steps firms should take to mitigate social media risk and ensure continued compliance.
1. Create clear policies and communicate them effectively
In order for people to follow rules, they need to understand them. On that account, clear and effective policies are an essential first step for compliance. Compliance teams should take time to create social media use policies that are jargon free, comprehensible, and clear in stating what is and is not permitted with regard to social media for business communication.
These policies should be tailored for different roles and responsibilities. For instance, the way that a trader is permitted to use social media will differ significantly from the way that a marketer is permitted to use social media.
Where possible, policies should be broken down to address the intricacies of different channels of communication. An individual’s use of LinkedIn, for example, may produce more risk than their use of Instagram. If it is your firm’s proclivity to utilize influencers for financial promotion, ensure you have a watertight knowledge of applicable rules, and have translated those rules so that they are understandable for relevant teams.
In addition to being comprehensible, policies should be communicated effectively so that employees know they exist. If your policy is to ban social media at work, for example, employees will need to be made aware of this from inception. Training could consist of routine presentations and internal communication, but compliance teams may see greater reward from injecting energy and real-life examples into educational sessions. Nothing contextualizes or reinforces a policy more than storytelling.
Training should be consistent so that employees are reminded of their obligations and aware of any rule changes. Teams could consider requesting regular attestations from employees to confirm that they understand and are adhering to social media policies.
2. Use a compliance technology solution to capture and archive communication from critical social media platforms
Where compliance teams choose to permit social media use for business purposes, it may be prudent to implement compliance technology solutions that capture and archive communications data from approved channels. The use of such technology allows compliance team to not only capture social media data, but to monitor those communications and ensure personnel are adhering to policies.
Some technology vendors offer data connectors or tailored APIs that allow compliance teams to capture communication data from the source and securely deliver it to an archive. As well as ensuring firms meet recordkeeping requirements through communications capture, more advanced compliance technology will structure communications data in a way that allows teams to search through information, such as LinkedIn messages or tweets, to construct a picture that confirms if employees’ behavior is compliant. This technology may also allow for eDiscovery and the implementation of instant legal holds in the event of investigation, audit, or regulatory query.
For firms that do opt to ban social media channels, compliance technology offers an effective solution that allows compliance teams to enable compliant communication on convenient channels instead of putting restrictions around business communication. Ultimately, employees want to communicate on the channels that their customers or prospects are using, and are more likely to comply with policies if those policies are permissive rather than prohibitive.
3. Monitor social media communications or related lexicons
Recent developments in artificial intelligence (AI) mean that some technology vendors also offer AI-enabled surveillance tools. Instead of performing manual searches, AI presents a proactive approach that generates automated alerts in the event that risks are flagged.
Lexicons should be developed for different social media use cases and regulatory obligation. For instance, communications around misleading promotions will look markedly different than sharing material non-public information. Build an effective lexicon list as guidance so that your AI solutions can assemble clean, structured data that eliminates an overload of false positives.
This technology could also benefit firms that have opted to ban social media channels for business purposes, as they can be trained to detect phrases or sentences that suggest conversations may be happening elsewhere. For instance, “I’ve DM’d you” or “check your LinkedIn” would be flagged as risk alerts.
4. Review your compliance workflows often, so as not to fall behind innovation
The evolution of social media channels, and business communication channels more generally, is happening at pace. In order to ensure watertight compliance, your policies, technology, and solutions must all be agile enough to keep up with the emerging risk landscape. Compliance is not a “one-and-done” circumstance – simply creating a policy or implementing a compliance tech stack will not be enough to meet regulatory expectations.
Revise policies often. Scan the horizon for regulatory changes or innovation and anticipate alterations that might be needed. Again, establish a way to communicate changes with wider teams so that they are able to stay abreast of changing rules as well.
In the case of technology, engage with your third-party vendor to understand their agility and flexibility. For instance, if a new communication channel emerged tomorrow, how long would it take them to deliver a compliant solution? Most vendors should offer ongoing support and training, which firms should utilize to ensure they are maximizing the technology’s full use. If firms implement an archive or monitoring solution and fail to nurture it, they risk having outdated technologies or developing compliance gaps where communication channels evolved, but tech stacks did not.
