As the year comes to a close, here are some themes for compliance for social media and other communications in regulated industries in 2016.
1 – Authentic voice on social media
Over the last 5 years, we have seen gradual adoption of social media by financial services firms. On a corporate level, at first, there were siloed campaigns to build brand awareness, then slowly those became integrated with general marketing strategy. Starting in 2010, FINRA provided the first guidance for the use of social media, which was followed by other regulators and additional guidance from FINRA in 2011. As a result, the major wire houses felt more comfortable about their financial advisors using social media. They conducted early experiments of allowing small groups of financial advisors to access social media behind the fire wall in a “read only” mode, then slowly evolved over the years to allowing some financial advisors to post pre-approved content from a centralized library. The progress pretty much followed the “Five Phases of Social Media” outlined in my first blog for Forbes back in July 2014.
In short, with the help of FINRA, firms overcame compliance concerns. Middleware vendors jumped in to support recordkeeping and other regulatory requirements. Firms developed employee use policies reinforced with technology and rolled out social media.
The next step is to apply additional resources towards adoption . Now that financial advisors have been enabled technologically, like anything new, there is some push-back. They may be close to retirement and aren’t driven to acquire new business. Or they figured out that “social selling” requires an investment in time to develop awareness, gain trust and ultimately generate revenues. Financial advisors have learned that successful social media requires an “authentic voice”, not easily delegated to the junior person in the group.
However, as the early adopters begin to have real successes using social media, firms will share those successes, attracting more adoption. In 2016, firms will become more willing to invest in developing more content to share on social media, to continue to train and support end users to facilitate their “authentic voice”, and to use analytics to uncover what’s working and why.
2 – From “no” to “how”
On an average work day, employees may use email, instant messaging, Chatter, Connections, Skype for Business, LinkedIn and perhaps Reuters or Bloomberg within financial services. Firm could be “federated” with other firms, allowing authenticated IM conversations with clients, partners and peers. For regulated firms, these business communications are probably (hopefully) being captured and archived in some format.
For personal communications, employees may text, use Facetime, or Skype or Google Hangouts (both with texting, audio and video). In addition to using LinkedIn at the office, they may also use Twitter, Facebook, Instagram, which all have both public and private channels. They may use their personal social media for business and vice versa. And let’s not forget about apps like Whatsapp, LINE and others to text, chat or video with folks mostly outside the United States.
Employees, particularly sales people, will use the channel that their clients prefer, whether or not it is supported at work. Users also tend to hop between and among channels depending on the circumstances, straining firms to keep track of these conversations in context. Then there are employees who purposely use unmonitored channels, such as texting or chat rooms, where they conduct business unobserved and unsupervised.
As business people discover the usefulness of these communications channels in their personal life, they will insist on using them at work. Just like we have seen in social media, IT and Compliance will initially say no. Firms will then develop processes to analyze each request from the business to use new communications in an effort to move compliantly from “no” to “how”. In 2016, firms will be pushed to figure out how to tap the potential of new communications channels while protecting the brand and complying with evolving recordkeeping and supervision rules and regulations governing business communications. And as as each channel is approved by the enterprise, firms will need to capture, retain and be able to produce all types of business communications “in context”.
3 – Content is determinative
Regulators around the world have made it clear that “content is determinative”. Business records need to be captured, archived and made e-discoverable, regardless of channel. For now, US financial regulators have typically focused on written communications, with a few exceptions. However, in Europe, the upcoming Markets in Financial Instruments Directive (MiFID II), will require firms to capture and record all telephone conversations, electronic communications (such as email, instant messaging, collaboration tools, social media) and face to face meetings (via minutes) relating to the reception, transmission and execution of client orders. And although not specifically mentioned, one would assume a “face to face” meeting could be conducted over video using any of the new apps mentioned earlier that are now available on your phone. Regulators tend to follow other regulators, so be forewarned. US firms should expect general recordkeeping requirements to become more stringent to include audio and even video in the near future. This may not happen in 2016 or 2017, but certainly in 2018 and beyond.
4 – That’s where the money is
However, as businesses incorporate these new communication channels, they will be faced with another challenge: cybersecurity. As mentioned in my last blog, industries such as healthcare and financial services are special targets for data breaches and cyber criminals because, as bank robber Willie Sutton said, “that’s where the money is.” All the experts agree that it’s not “if” but, “when”. Demands from customers, employees and regulators, and concerns by senior management will finally make cybersecurity, data privacy and security major priorities in 2016. Firms should start by attending 2016 FINRA Cybersecurity Conference on February 11 (either in New York or online) to learn how to mitigate the risks and to learn what the regulators are seeing. Firms will need to invest significant resources to plan ahead and to protect their proprietary and customer information or face the consequences of damage to their reputations, loss of revenues, fines and sanctions and worse. In 2016, cybersecurity will no longer be an IT issue, but a C-Suite concern.
5 – Whistleblowers redux
And finally, for years, regulators have encouraged firms to have a “culture of compliance” which starts with the “tone at the top”. Nothing new there. What’s new, is the financial industry now has an army of people embedded within firms to point out misconduct. Imagine hundreds of employee / examiners in your offices right now. According to the recent Dodd-Frank Whistleblower Program report from the Securities and Exchange Commission in fiscal year 2015, the SEC received more than 4,000 whistleblower tips, a 30% increase over the number of tips received in fiscal year 2012. The SEC has paid more than $54 million to 22 whistleblowers since 2011, with more $37 rewarded in 2015. As employees learn more about this program and become more less concerned about reprisals, we will see even more tips and greater rewards in 2016. Firms will either proactively identify bad behaviors and take action or one of their employees will.
This article was written by Joanna Belbey from Forbes and was legally licensed through the NewsCred publisher network.