As tech tools evolve, how do you mitigate social media risk? What is the right balance to strike between compliance and privacy? How far can your compliance department go to monitor employee behavior? These are some of the pressing questions compliance officers contend with in the ever-evolving digital age, particularly when it comes to implementing compliance software.
Many companies and senior business leaders use social media to build a brand and share thought leadership content. As a result, there is significant pressure on compliance officers to monitor and archive marketing materials.
To make matters more complex, employees use social media to network, correspond, and share best practices with colleagues. This is why, in our latest ComplySci Stats survey, we learned that 46% of respondents plan to monitor social media in the future, particularly in light of the GameStop saga.
As a compliance officer, how do you know you’re doing everything you possibly could to mitigate social media risk? Let’s take a look at the current landscape.
Social media risk today
The GameStop saga exposed the compliance-related risks of employees using social media with no oversight. To some extent, the power of social media is beyond the control of any single compliance officer, perhaps even beyond the scope of software. It is not possible for compliance officers to effectively monitor everything, and there are still ongoing debates about privacy to be taken into account when evaluating compliance supervision software.
Moreover, the social media terrain is ever-evolving, and the platforms people regularly use are rapidly changing. What was once in vogue is now outmoded. By the time regulators (and compliance officers) catch on, employees will likely already be on a different platform–one that is outside the purview of supervision. This ambiguity leads to a lot of risk, and keeps many compliance officers up at night.
“As social media marketing continues to grow, nearly two-thirds of the Fortune 500 is actively engaging customers, partners, and prospects on YouTube (69%), Facebook (70%), and Twitter (77%) and the use of Social Relationship Platforms to expedite this engagement is increasing. Regulated industries – in particular, financial, healthcare, pharmaceutical, and insurance organizations – are under great pressure to leverage the power of social media to advance their business, yet fear of the ambiguity and uncertainty of emerging regulatory guidelines and requirements, as well as legal risks can be disruptive, and violations can prove costly.” ~Bizible
Companies know that the best way to engage their audience is through social media, employees understand the value of social media networking, and regulators, too, are starting see the negative outcomes of social media use. This places a burden on compliance departments to ensure that all social media interactions and marketing initiatives adhere to regulations.
FINRA, for example, released their first compliance guidelines for social media back in 2010. Since then, social media use has become more sophisticated. Content can be lost amidst the endless churning social media cycles and this exposes companies to greater risks. There is more uncertainty as compliance officers wrestle with the following questions: Which marketing materials are published and shared? Who among your employees has a LinkedIn presence? And how many Reddit message boards are they active on?
Despite the complexities and ambiguities, you can take proactive steps to ensure your firm and its employees are abiding by relevant social media guidelines.
- Tip #1: Leverage resources to stay up-to-date on regulations
Social media is a relatively new phenomenon, with new apps and companies popping up every year. To make sure you are compliant, it goes without saying that you have to stay up-to-date on the regulations. One efficient way to achieve this, according to Chief Compliance Officer Jackie Jacobs, is to take advantage of tools like RBsourcefilings. “I’ve recently leveraged a software service called RBsourcefilings, which allows me to do targeted research and learn about any changes to current rules. The information is invaluable and saves me a lot of time from a research perspective,” Jackie says.
- Tip #2: Automate the monitoring and approval of marketing materials
Compliance officers must work closely with marketing departments to understand how social media is used, and set up scalable processes for monitoring and approval. Rather than rely on email, RegTech enables you to easily build custom workflows that automate and simplify the preclearance and documentation of marketing materials.
- Tip #3: Archive all communications
The SEC’s Investment Advisers Act requires maintenance of books and records for five years, and marketing materials fit within the scope of the SEC’s definition of books and records. While compliance software can’t help you monitor everything, of the activities that you do monitor, it can provide you with access to a comprehensive audit trail of all marketing materials for easy reporting during examinations.
- Tip #4: Expand the scope of outside business activities
As mentioned, our latest ComplySci Stats survey revealed that many compliance officers see the need to look beyond traditional OBAs, such as board memberships, family affiliations, or consulting services, and update their Code of Ethics policies to address employee activities in other areas, such as social media, YouTube, podcasts, and online forums. Employee monitoring in these areas is fast becoming the new norm for compliance teams. With the right mix of compliance technology tools and software, compliance teams can simplify employee monitoring, making it easier to gather information about a wide range of outside business activities and manage this data more effectively.
Ultimately, employee monitoring solutions that allow for automation and enable a high degree of customization are the best way to monitor social media activities and set consistent boundaries between compliance and privacy. While many aspects of the social media terrain remain ambiguous, there are still steps you can take to reduce risk.
Mitigate the risk of non-compliance. Request a demo of ComplySci today.