Bar Rising on Social Media Compliance

September 26, 2012 | COMMENTS

For highly regulated sectors like securities and investment finance, social media can be a legal minefield. Communications are scrutinized by state and federal regulators to ensure investors enjoy a level playing field, reports Ryan Holmes, CEO of social media management firm HootSuite, in a blog post for the Harvard Business Review.

That’s because regulators say you must archive all activity — every last post, tweet, check-in, and poke related to business. Firms can be held liable for tweets fired off from an employee's iPhone, outside the office, and after working hours. Even something as innocuous as clicking the “like” symbol next to a Facebook post could run afoul of the Securities and Exchange Commission (SEC).

These hurdles aren't unique to investor-driven financial services—insurance, pharmaceuticals, health care, retail banking, and government all face regulation. But the combination of the right policy and the right technology can render even the most delicate of communications compliant.

"Everything starts with a firm's social media policy," says Mike Langford, social compliance strategist. "The company needs to outline how it wants to interact with the world via social media and how it will empower its employees to do so, as well."

The best policies are often a collaborative effort: Employees offer use-case input from the front lines; marketing defines the scope of messaging; information technology outlines social technologies and devices; and the legal or compliance department ensures guidelines meet the necessary regulatory criteria.

Once a policy is in place, training is critical. "Employees, particularly those in the sales and marketing functions, must know the rules of the road," Langford says.

Adopting technology that keeps pace with regulatory requirements is equally important. In the securities industry, all static content (such as Facebook and LinkedIn profiles) requires documented pre-approval before posting. Businesses must supervisor interactive content (the stream of updates to Twitter, LinkedIn, and other networks)—sampled regularly after posting for compliance violations. These rules apply to all business content, whether from a company account or an employee's personal account.

Regardless of whether the content is static or interactive, SEC rules dictate all employee business communications on social media be archived for at least three years. Many other industries follow this gold standard, particularly with e-audits on the rise.

Specialized tools, which often integrate with existing email compliance solutions, can now automatically capture social content from both desktops and mobile devices, storing it securely on cloud-based servers.