How’s that Snapchat app working for you?
In a recently published whitepaper in ComplianceWeek, Blue Hill Research Principal Analyst David Houlihan, Esq. noted that the growth of social media has deepened opportunities for collaboration and market engagement. But for financial services companies (you!), “enterprise social media also creates attendant security, reputational, legal and compliance exposures.”
Houlihan particularly notes that broker-dealers, RIAs, FCMs and others in highly-regulated sectors have been slow to embrace social media due to concerns about cybercrime, and the greater likelihood of incident and exposure. Financial industry Chief Compliance Officers are right to worry.
Citing a social media compliance analysis of Fortune 100 firms conducted by Nexgate across a range of social platforms, including Facebook, Twitter, and LinkedIn, Houlihan noted that the extent to which sensitive information, regulated or otherwise, is exposed to the public is significant.
Is your firm one of the exposed?
According to the Nexgate analysis, the social media tsunami is upon us. It finds that compliance staff cannot possibly review all the content posted for compliance risk. The average Fortune 100, the analysis reported, currently has 320 social media accounts, with an average of 213,539 commenters or followers, and more than 1,159 employees writing over 500,000 posts to these accounts.
But that’s not the icky part. According to the analysis, during Nexgate’s 12-month research window, the average firm suffered from a total of 69 unmoderated compliance incidents — incidents that were virtually unnoticed by a company’s internal compliance staff. How did the analysts identify these posts as unmoderated? Because they had not been removed. And like unreported crime, this number does not take into consideration the number of posts compliance did find and did remove before the surveyors saw them.
Who were the bad actors?
Who posts “badly?” Employees, who accounted for 12 incidents per firm, and commenters, who accounted for 57 incidents. Needless to say, FINRA is not amused. Worse yet, the report indicated that “financial Services firms accounted for the largest incident volume with over 5000 incidents (over 250 per firm).
At issue is that in many cases, firm-wide social media compliance controls are inconsistently enforced. Possibly, because unlike a firm’s marketing department, individual members may not always be clear when they are in violation. This lapse may be in part to an “informal [compliance] culture” that separates social media from a firm’s other, “more static public communications channels such as press, website, or print.”
How are you going to stem the tide?
Many in the industry advocate the adoption of more dynamic and automated compliance processes to create a clear social media roadmap for defining how to better balance compliance and risk management.
What does that mean? Increasingly Chief Compliance Officers and their teams will be investing (if they haven’t already) in systems that manage and retain all their firm’s email, social media, texts, and instant message communications and monitor social engagement to ensure compliance with SEC and FINRA regulations across platforms, from Microsoft Exchange and 365 to Google Mail and Google+, Facebook, Bloomberg, Twitter, and…(the list is nearly endless!)
What are you going to do?
Like the Boy Scout motto: Be prepared! The regulators know that stuff happens. But nonetheless, you know they’ll be looking at your compliance processes and procedures. What will you show them?
No one is immune from regulation
Little tweets with big exposures notwithstanding, it’s clear that the onslaught of social media communications cannot be staved off by a handful of compliance professionals. The blogosphere is getting bigger and monitoring the internet can often times feel like an undertaking without end. If your compliance function is under pressure to do more with less, what are your options? Let’s talk (212-233-1155). Ask about Patrina’s comprehensive compliance solutions and compliance recordkeeping specifically designed for the financial services community.
Let’s talk. Because compliance matters.