A woman supervises super media communications to ensure compliance.

Social surveillance: The importance of comms capture for social media compliance

In addition to capturing communications channels like email, IM, and SMS, compliance teams must realize the importance of capturing data from social media platforms. To effectively manage widely used applications, firms should consider social surveillance and strategies to curb risks.

03 June 2024 6 mins read
Profile picture of Kathryn Fallah By Kathryn Fallah

In brief:

  • Within the sphere of communications compliance, social media is an area impacting regulators’ mission to maintain market integrity and control misconduct
  • Guidelines like the SEC’s Marketing Rule and Rule 17a-4, and the FCA’s finalized guidance demonstrate the expectations that regulators have outlined for firms
  • Though valuable due to its potential for marketing, social media poses unique challenges that firms must supervise

It’s a narrative that those within the industry have fast become familiar with – communications compliance is an everchanging challenge. Strides have been made towards more comprehensive channel capture due to tightening regulatory requirements, yet enforcement action is still stirring as a result of missing data and, in the instance of social media, non-compliant marketing messaging.

As social media use becomes integral to firms’ daily operations, compliance becomes an even more elaborate requisite. Alongside educating personnel on how to use these channels compliantly, reviewing and retaining conversations occurring on social media platforms is becoming a key focus area.

Social media regulations so far

When it comes to recordkeeping fines for missing communications data, regulators like the Securities and Exchange Commission (SEC) and Commodities and Futures Trading Commission (CFTC) have come down hard. Starting in 2019 through to 2024, regulators have underscored their intolerance for improperly archived communications on platforms like WhatsApp, SMS, and email, as it affects their ability to have full oversight of regulated firms’ operations.

More specifically, we’ve seen a succession of regulations related to social media capture included in overarching recordkeeping requirements. SEC Rule 17a-4 references the maintenance of books and records containing electronic communications, such as “business related social media posts.” Fair to assume, this inclusion infers that social media capture should be a point on firms’ record retention checklist.

Moreover, we have seen parallel growth in social media regulation, as regulators voice concern about the ability to unfairly or misleadingly promote financial services. One such regulation is the SEC’s Marketing Rule. Though not specifically related to recordkeeping, the Marketing Rule was implemented to manage firms’ marketing messaging and prevent misleading advertising, or firms marketing to audiences unsuited to their products.

In April 2024, the SEC announced a round of fines against firms who failed to abide by Marketing Rule instructions, exemplifying that it is an area that regulators are ready to take enforcement action around. And it isn’t just U.S. regulators making social media moves. The Financial Conduct Authority (FCA)’s finalized guidance on financial promotions on social media, FG24/1, addresses surfacing social media-related risks, and details expectations on how firms should be using the technology to conduct financial promotions:

“Financial promotions on all advertising channels should be fair, clear and not misleading, and support consumer understanding.”

Firms must ensure that staff utilizing channels for marketing are checking that every message passes the test. Final checks should be made by compliance teams to confirm that any official statements accurately portray firm services and offerings, and do so to the relevant audience.

Studying the social stats

Our recent “Capture if you can” webinar included thoughtful discussions about regulatory action surrounding communications platforms, how firms can remain compliant, and the direction we can expect regulation to move in going forward.

In response to firms’ utilization of newer communications methods, such as social media platforms, Jaqueline Hummel, Director of Thought Leadership at SEC3, emphasized that client preference is an important consideration:

“You should be keeping up with the types of communications your clients want to use. If they’ve switched to a platform you’re not capturing… you have to keep up with that.”

Hummel also explained that, in addition to writing into the policy the channels that clients prefer, it’s beneficial to “focus on training employees, bringing tone from the top, and training managers on mood from the middle.”

In our Data Insights: Compliant Communications report, published in December 2023, which analyzes data compiled from over 10,000 firms relating to commonly captured channels and expected regulatory movement, one of the most intriguing statistics related to LinkedIn capture.

Results indicated that 33% of surveyed firms are capturing LinkedIn data, including marketing messages, posts on public feeds, and individual chats through LinkedIn’s messaging feature. Could this suggest that industry players expect increased social media enforcement from regulators?

What’s the big deal about social media?

What makes social media use particularly problematic in comparison to a “business focused” channel like email or text is the potential for the dividing lines between personal conversations and business discussions to blur.

The ease with which an employee could connect on a platform like LinkedIn or X, for example, and have a personal conversation that turns into a business-related conversation is a point of concern. Though seemingly inconsequential, this type of data still needs to be captured and retained under regulatory rules.

In addition, the rise of cyber incidents poses a question of security, particularly regarding social platforms. The SEC itself was the victim of a cyberattack in which a fabricated tweet from Chair Gary Gensler was shared announcing the approval of Bitcoin ETFs. In addition to a reputational hit for the SEC, this attack resulted into a $40 billion market swing. If regulators themselves are affected by these occurrences, what is the probability that the same could happen to firms?

The personal/business divide between social media channels is also a significant part of the device management discussion. As we’ve seen, maintaining compliance on personal devices is no simple feat. The complex climate relating to personal devices and privacy mean that firms must strike a balancing act when upholding compliance.

It’s imperative to educate personnel and outline that any communication relating to business must be recorded. If personal phones are being used for business, employees should understand that those specific conversations are subject to monitoring.

Modernized communication channels are becoming the new normal in finance. To keep up, firms need to understand the implications of utilizing social media and how to manage the challenges it presents – or risk the regulators sliding into the DM’s.

We’ll soon be releasing results from our Industry Insights: Compliant Communications 2024 survey, which compiled data from compliance professionals on how they’re handling communications compliance and surveillance trends. In particular, the report details valuable insight on how firms view social media risk broken down by region.

Social media compliance is a critical component of communications capture, especially as risks intensify and regulators clamp down on misuse. To supervise social media use and remain compliant in the changing industry, employ tools to capture modern channels and empower your business operations.