The following is a guest blog post by Joanna Belbey, Social Media and Compliance, Actiance.
Your firm and your customers are faced with a complex communications landscape that is rapidly changing.
If you turn back the clock 20 years ago, there was only email. Nowadays, email is just a one piece of a much bigger pie. Companies are deploying new forms of communication left and right, and the pace is only accelerating. It’s likely that you’re using several real-time communications tools to do business at this very moment. I know I am. Just this morning, I emailed, sent instant messages, texted and Skyped with my colleagues, sent direct messages on Twitter, communicated with clients via Inmail on LinkedIn, and even used WhatsApp to collaborate with a consultant in the UK.
Constantly changing new channels that your clients and employees use to communicate.
Your firm and your clients could be using Unified Communications platforms like Microsoft Lync and IBM Sametime, or collaboration tools like Chatter, IBM Connections, or Jive, or it could even be IM networks such as corporate Lync IM or maybe a public-facing one like Yahoo! Messenger. You may even be using community networks geared towards specific industries. For instance, Reuters and Bloomberg are widely used in the financial services sector. And, of course, we can’t forget the social networks - Facebook, LinkedIn, Twitter, YouTube, Pinterest and others.
And also we can’t forget about other forms of communications your employees may be using in the organization, whether blessed by IT or not. These could be applications like blogs, wikis or Dropbox.
However, at the end of the day, you still have to comply with all applicable regulations, corporate policies, and legal requirements pertaining to electronic communications.
Specifically, you want to be sure your company stays out of the regulatory and legal crosshairs. There are more than 10,000 rules and regulations that govern electronic communications in the US alone. Your firm’s compliance team is responsible for interpreting existing rules and regulations as they apply to these new forms of communications and provide proof of compliance when regulators conduct audits. Regulatory sanctions have already begun in regulated industries. And, if your company is sued, compliance teams can be mired in electronic discovery which can take days and weeks to piece together conversations.
In my role as a social media and compliance specialist, I am tasked with keeping up with an alphabet soup of the various regulators around the world. Where it’s the FTC, FINRA, SEC, SEBI, IIROC, FFIEC, NAIC, FDA or even FDA, they are all charged with protecting the public, the investor, or the patient. Regulators view these new communications channels, such as social media, as just another form of communications and ought to be treated as such. So at a high level, there are 4 essential areas of compliance that firms should consider before launching an external or internal social media campaign:
- Record keeping. All business records on any type of electronic communications, whether email, instant messages, collaboration or social media need to be captured, archived and made e-discoverable.
- Data Protection: Firms must protect client and corporate data from being leaked inadvertently or maliciously. Firms also need to create internal ethical walls to prevent groups with conflicts of interest from communicating with each other. Also, protect users from themselves, as they will naively click on links on social media that will introduce malware into your organization.
- Advertising. Firms should follow existing advertising rules whether they have received guidance about social media from regulators or not. Communications need to be truthful, include proper disclosures, and be appropriate. And in certain industries like financial services, there are special prohibitions against client testimonials and guarantees of performance.
- Supervision. Most importantly, firms need to “evidence” (or prove) that they are supervising communications of associated persons.
Ready to get started? Here are three ways to stay in compliance, regardless of industry:
- Interpret and follow existing rules. Social media is viewed no differently than any other type of electronic communications. The content, not the channel, is determinative. All the existing recordkeeping, advertising and supervision rules apply.
- Be sure to have a social media policy in place. Regulators want to see that organizations have robust social media policies and procedures that include how disclosures are used and how firms maintain the appropriateness of their communications.
- “Evidence” or prove that you are supervising your employees’ activities. Regulators are interested in how these policies and procedures are actually being implemented in your firm. Consider training your teams on both what’s not allowed as well as best practices so they can be more effective right from the beginning. Some firms ask their employees to “attest”, or sign off, that they have read and understand your internal social media policies. And finally, run reports that demonstrate your firm has supervised or reviewed a pre-set percentage of these activities and document your actions when you identify prohibited activities.
Want to learn more about compliance? Connect with me on LinkedIn or follow me on Twitter @belbey.