P is for persona, not phone: Social media compliance for financial services

Social media offers organisations tremendous business advantage in terms of reaching potential new customers and staying in touch with the ones currently on their roster. In fact, the number of organisations now actively using social media as one of their standard outbound forms of communications is on the rise.

However, some social media channels are more popular than others and staying compliant is the key driver. For example, according to data from the Smarsh annual compliance survey for 2016, the use of Twitter and LinkedIn by compliance professionals, as well as those employed at financial services firms, over the span of the last four years has grown considerably whereas the use of Facebook has not.

BYOD versus BYOP

Similar to the Bring Your Own Device (BYOD) phenomena over the past few years, having the proper management tools and technology in place will be the key to making Bring Your Own Persona (BYOP), the use of personal social media applications and networks for business communication, safe to use. Another key to the successful adoption of BYOP will be the need for the entire organisation to work together to form the right strategies, plans, implementation, and support processes.

Success with BYOP will require open cooperation between IT, legal, and marketing stakeholders in addition to the traditional compliance professionals and teams responsible for meeting regulatory requirements. The benefits derived from BYOP and their positive impact goes beyond just your compliance stakeholders.

When it comes to staying competitive in regulated industries, organisations are challenged daily by the dilemma of balancing risk versus reward for allowing social media communications, and the use of personal networks to promote and grow the business, and keep in touch with customers. Pre-approval for social media communications mitigates risk, but severely impacts the timeliness of communication, and the ability for the organisation to initiate and participate in social media opportunities because they appear and play out so quickly.

Supervision of social media communications with real-time monitoring and automated policy checking is proving to be the right balance of appropriate governance and control, combined with sufficient business and communications agility.

Cooperating to Work Through Compliance Challenges

As BYOP moves from concept to reality, it’s important to understand the roles and challenges of your stakeholder groups when it comes to permitting social media use, and how they work together to safely manage use, address regulatory requirements, and reduce the likelihood of individual - and potentially conflicting - strategies for your organisation’s social media presence.

Compliance has to ensure inbound and outbound content is safely and securely captured, archived, and managed through active supervision, policies for flagging keywords or phrases, and guidelines that address questionable content. The challenge to this team is magnified particularly when communications happen under the radar on personal networks or devices.

Marketing is challenged with staying ahead of the curve by introducing new social media platforms to promote your products and services, and acting as the social media epicentre - curating and generating timely, relevant content such as blogs and posts, responding to incoming messages, aligning communication with company promotions and newsworthy events - in addition to their more standard responsibilities. Your legal team must be able to quickly respond to discovery requests or litigious events where specific messages and content are relevant, and understand current industry regulations, including consumer protection laws, and local and state statutes that may have a direct impact on how you use social media.

Even the C-suite has a stake in creating and implementing a social media strategy and policy. According to the annual Sutherland Analysis of FINRA Sanctions - featured in the Smarsh annual compliance survey for 2015  - $134 million in fines were levied in 2014. This 125 per cent increase was the most since 2005. “The C-suite should also take notice that for the second year in a row, the number of people who were barred or suspended increased this year by 15 per cent.” Additionally, the Smarsh report shows the number of requested content types has increased across the board, with social media, instant messages, and text/SMS messages rounding out the top 5.

Collaborating allows all groups to communicate their specific needs and pain points, which can inform the creation of a comprehensive and robust social media strategy and policy. It also decreases the potential for system silos and can eliminate instances of separate, narrowly focused plans that may inadvertently increase the potential for risk.

The collaboration process is an excellent opportunity to identify individuals within the larger stakeholder groups who can be looked upon as super users. Each member of the smaller group can represent their native team, and communicate notable updates such as new regulations or platforms that may impact your social media activities. This team can double as a cross-department training team to explain the benefits of social media, risk and risk management procedures, your organisation’s position and strategy, internal and external use, rules of engagement, and the needs and roles of stakeholder groups as they pertain to the bigger picture.

Four Steps for Establishing a Strategy for BYOP

After understanding the drivers, risks, and benefits of allowing the use of personal social media accounts and networks, you can establish a company-wide social media strategy and plan that keeps you competitive and compliant.

First, determine which stakeholders in your organisation have an existing business need for it. As mentioned above, chances are that your marketing department has wanted to leverage the reach provided by personal social media networks for quite some time, if it could be done safely and in a compliant manner. Another example we see a lot is individual advisors/reps wanting to leverage their own personal social media networks and accounts to keep in touch with their existing customers, and promote themselves and the financial offers they represent to their constantly growing network to attract new customers.

Second, determine which social media channels to start with, based on the discovered needs in the first step. The Big 3 social media platforms most organisations in the financial services sector start with are LinkedIn, Twitter, and Facebook. LinkedIn is by far the most popular starting point, due to its professionally oriented “networking” attributes and functionality. Twitter is a close second, and is a highly effective means of disseminating headline-style sound bites and actionable links to a defined group of “followers.” Facebook is typically the third channel to use with a corporate page, but is not a great candidate for BYOP because of its highly personal nature, and lack of controls on the content others can create on an individual’s page.

Once the initial set of social media channels to be used has been determined, the third step is to create policies for their allowed use. These can be determined using a coordinated approach between the key stakeholders who will use the social media channels and the compliance team to establish rules for the type of content that can be disseminated using social media, and who has access to use it. Establishing the right set of policies for BYOP is probably the single biggest consideration and factor in making it successful. This is also the time to establish who the lead individuals are in your organisation that will manage the BYOP process once it is adopted and implemented.

Finally, determine how best to enforce the established policies, and the process to take action when potential violations occur and need to be reviewed. This is where the use of today’s advanced archiving technology can play a major role in automating the management of BYOP, and ensuring the completeness of the supervision to mitigate risk while maintaining compliance according the organisation’s policies.

Putting the Right Technology in Place

In today’s fast-paced and immediate action-oriented world, the ability to respond and participate in market-impacting, customer-relevant developments and topics in a timely manner is critical for marketing and sales organisations in all industries.

Social media tools and communication channels are necessary to get the reach and agility needed, but they bring with them risks and challenges to manage them effectively and in a compliant manner for organisations in regulated industries.

Pre-approval versus active monitoring of social media communications is a major topic of debate. In a perfect world, every response, action, comment or proactive statement delivered by the company via social media would be checked and approved before being allowed to be communicated. However, as most firms that do pre-approval will tell you, it is very hard to stay agile and responsive if pre-approval is applied to every piece of communication and not implemented selectively.

Automating the process of checking all social media communications, especially when personal social media accounts and networks are in play, against established policies for approved use, is critical to achieving the right balance of speed, agility, and reach, while mitigating the risk associated with violating compliance regulations.

Archiving technology will inspect all social communications and flag any messages or content that needs to be reviewed for potential violations as it is being retained in real time. Yes, the messages and content have gone out, but the messages will be caught and corrective action can be taken if they are indeed a problem from a compliance or risk standpoint.

Mike Pagani, Smarsh Chief Evangelist

Image source: Shutterstock/Twin Design