Business communications compliance is becoming increasingly fraught with challenges, as the number of channels and devices employees use explodes, regulatory focus becomes stricter, and fines increase. Employees are working across a wider range of devices and platforms (both personal BYOD devices and fixed work-owned ones) and are engaging across a range of platforms, including social media and even Xbox.
Regulatory action in the US has prompted expectations that the UK will follow suit. Indeed, City AM reported in 2022 that the FCA was speaking to banks about their WhatsApp use after staff were found to have discussed deals on the channel, which was prohibited. Recordkeeping specialist Global Relay’s Industry Insights: Compliant Communications 2024 Report found that 39% of compliance officers said that they were anticipating regulatory action in this area and taking proactive steps, while 10% said that they were worried as UK regulators may be next to act, and they weren’t prepared. In April 2023, UK energy regulator Ofgem issued a £5.4 million fine to Morgan Stanley & Co. International for recordkeeping failures (business communications took place on WhatsApp, but were not captured). UK organizations were expecting regulators to take action against off-channel communications but were not expecting this to come from the energy regulator.
The notion that UK regulators would pinpoint focus on recordkeeping and communication remained in question as we moved into 2024. Jamie Bell, Head of Secondary Market Oversight at the FCA visited Global Relay in February 2024 to discuss his projections. He highlighted that the FCA’s view is that communications surveillance should be targeted toward particular risk areas within businesses – a different line to the SEC’s strict liability approach. He also noted that the FCA would be “unsympathetic” towards firms that had not considered their risks – intimating that it’s time for all enterprises to get their “ducks in a row” in compliance. He added, however, that the FCA would not be taking an aggressive stance in the same way that US regulators had.
Emerging Risks: The Hidden Risks of Social Media
While the risk of off-channel communication on more traditional channels, such as WhatsApp, remains a compliance conundrum, there is an emerging risk in the use of social media for business purposes. The breadth of social media channels, their speed of evolution, and their nuances present a new challenge in compliance. Firms and individuals are using it for multiple purposes, from client communications through to the promotion of services or products. It’s clear that enterprises need to establish their approach to monitoring social media – and fast.
Global Relay’s 2024 survey found that 56% of respondents consider social media as a communication risk for their business. Both global banks (56%) and North American banks (55%) were slightly more cognizant of the risks social media presents, while EMEA banks tilted the balance with a less concerned 46%. The report uncovered five main approaches to this risk:
- Those who view social media as a Marketing Rule or advertising risk – with no advertising permitted on public sites and social media use prohibited
- Those who see it as a recordkeeping or communication risk, and are proactively archiving or monitoring – this may encompass firms only allowing LinkedIn and using pre-approved postings, and capturing posts through data connectors, such as Global Relay’s
- Those who perceive it as a risk, but are uncertain of a watertight solution – they may have banned ‘risky’ channels like Snapchat and TikTok, but have no formal blocking or monitoring solution
- Those that manage social media channels through policies – a business may ban or allow all social media in business communications and its policy is regularly reviewed and updated
- Those that have banned it altogether – the enterprise bans all social media use and blocks the sites from its corporate network
A company’s stance on social media use reflects its broader culture. As Carroll Barry-Walsh, Lawyer, Speaker, and Founder at Barry-Walsh Associates, shares in the report: “Employers need to guard against behaving like a mother, monitoring and tut-tutting about every aspect of their employees’ lives. They also need to guard against imposing a ‘received opinion’ on everyone, especially about non-work topics expressed outside work.
So, firms need to be clear – if they monitor social media channels – what exactly are the compliance risks they are looking for.”
An approach that achieves compliance but gives employees a degree of autonomy or self-management is clearly the ideal. The boundaries must be clear. As Barry-Walsh adds: if companies are “making it up as they go along, they risk getting in a legal mess.”
Solutions clearly exist to help businesses manage compliance, including with social media – and they are advancing all the time to keep pace with the evolving communications market. Businesses must define their approach – whether it’s a complete lockdown on certain channels or partnering with a compliance platform like Global Relay to capture, preserve, and monitor them. As regulators take a more consistent and stronger stance, there’s no doubt that now is the time for all businesses to ensure they understand what’s required and to take a measured, firm, clear approach.
Find out more about Global Relay.
