Contrary to popular belief, social media is not just a platform to post photos of memorable vacations or videos of poorly choreographed dancing – it has become a critical tool for client engagement and growth for businesses of all kinds.
As a result of its use internally and externally, regulators are intensifying scrutiny and viewing social media alongside traditional business communication. The Global Relay 2025 Data Insights: Communications Capture Trends in 2025/26 Report, found that 33% of firms now actively capture social media channels, showing that the regulatory focus is being taken seriously by the industry.
Social, and its use in business, is constantly changing, presenting challenges for compliance teams. While a more “traditional” and widely accepted business channel, LinkedIn, is among the top three most widely captured channels (23% of firms), there has been a 2,000% increase in firms looking to capture TikTok. As an emerging marketing channel for firms, it also presents significant risks. It is now up to firms to develop a compliance strategy with regards to capturing social media to avoid facing hefty regulatory fines.
POV: You’re the regulator and firms are letting social media channels go unmonitored and uncaptured
While the world may focus on the introduction and launch of new social media platforms, the focus for enforcement bodies lies in the actual content within the communications taking place on these platforms. From financial promotions and investment advice to communications between employees or customers – it all must be captured and archived. Globally, regulators are aligned and are proactively solidifying their stances towards social media – and beginning to take enforcement action to back it up.
What is the FCA’s stance on social media?
Not only can social media be a potential source of off-channel communications, it is also being used for financial promotions, introducing marketing risk.
Financial promotions are defined as “the communication of an invitation or inducement to engage in investment activity made in the course of business.” As a result, regulators such as the Financial Conduct Authority (FCA) have developed specific Finalized Guidance FG24/1 to clarify regulatory expectations. In the document the regulator states that communications must be “fair and clear, and not misleading” when considered individually, outlining a need for standalone compliance.
This can prove difficult, as social media platforms like X, TikTok, and Instagram restrict the length of text users can include in posts or stories. However, if firms must ensure that mandatory information does not get lost as ‘fine print.’ Consumers must be able to access the benefits and risks of their decisions they make off the back of these promotions. Here, the FCA’s focus on customer protection is central to its guidance.
The FCA has also been quick to back up this guidance with action, removing 10,000 misleading advertisements in 2023 – a drastic increase from just 8,500 in the previous year. In 2024 it removed 1,600 websites, altogether, for publishing financial promotions without permission, and intervened to ensure almost 20,000 non-compliant financial promotions were amended or withdrawn from authorized firms.
The SEC and the Marketing Rule
the Securities and Exchange Commission (SEC) has expanded its Marketing Rule 206(4)-1) definition of advertisement to bring social media fully under its umbrella. Under SEC Rule 17a-4, firms must also ensure they make and keep accurate and complete records of these ads.
The SEC has maintained a consistent focus on hypothetical performance, with enforcement sweeps through 2023 and 2024 targeting firms for advertising hypothetical performance on their websites and social media accounts – without having policies and procedures in place to validate that the data was relevant to the financial situation of the audience. These sweeps resulted in combined penalties of $1.24 million in fines against nine registered investment advisers in 2024.
Unsurprisingly, in the last 12 months there has been an increase of 14% in firms capturing LinkedIn company pages, where a bulk of marketing messaging and material is distributed.
MiFID II ensures capture of social media comms
In the EU, the MiFID II recordkeeping obligation requires firms to retain all telephone conversations and electronic comms that relate to transactions or that are intended to lead to a transaction. Records must be kept for a minimum of five years, extendable to seven years upon request by regulators.
This mandate also now extends to social media, applicable to instant messages and even personal communications if business is discussed. This is squarely aimed at ensuring firms work to prevent employees from using personal devices or unmonitored channels to discuss business that might be outside the scope of monitoring or capture.
Regulators are setting standards high for social media capture. Whether you are in the U.K., U.S. or the EU, your firm must implement the correct policies and solutions to ensure compliance surrounding social media use, capture, and financial promotion. Firms must decide whether allowing the use of unapproved promotions or off-channel communications is worth a large penalty. .
The Four Pillars to Mitigate Social Media Risk
A Journal of Financial Compliance piece exploring “Social media as a compliance risk for financial services” by Robert Mason, Director of Regulatory Intelligence, and Jennifer Clarke, Head of Content at Global Relay, cites that the inability to properly record communications can expose firms to severe risks. Therefore, there is a need for a holistic mitigation strategy that encompasses four key areas:
- Clear, tailored policies: Policies must be simple and free of jargon while also being tailored to different roles. Continuous, regular training is vital to address the use of rapidly evolving features and the risks of off-channel communications.
- Compliant capture technology: Firms must integrate an effective solution to allow their compliance teams to enable use of any communications channel compliantly. With a 26% increase in firms using TikTok as a marketing channel, capture efforts must include all posts, comments, and interactions via direct connections to ensure a legally compliant record.
- Proactive monitoring and use of AI-enablement: Leverage AI-enabled surveillance to proactively review and flag alerts to reduce false positives and manage large volumes of data, with a focus on critical policy breaches.
- Continual innovation of compliance workflows: Compliance policies and technology must be agile. They should be reviewed frequently to adapt to new platform features – for example ephemeral messaging – and regulatory updates, ensuring third-party vendors are also flexible and conducting their own due diligence.
These steps s are vital in preventing social media creating risks. By following this guidance, firms will be able to utilize social media channels compliantly to grow and communicate with audiences.
To reliably meet stringent regulatory mandates, firms need a specialized archiving solution that can connect directly to social platforms and collect and collate data in a way that is valuable for compliance teams.
Global Relay provides the solution through Connectors and Archive. Directly capture all business-related social media activity across any social channel. Ensure capture of communications with full context, including images, videos, and conversational threads, which can make all the difference when analysing and identifying real risks.
