Social media is a growing source of compliance headaches for enterprises, as workers communicating via social channels increasingly opens organisations up to greater risks. Effects extend from recordkeeping failures to market manipulation, and bad actors are increasingly able to hack social media accounts with malicious intent. For some, especially businesses in regulated industries such as financial services, compliance risks – and the impact of social media – are coming to the fore.
The collapse of Silicon Valley Bank in 2022, for example, was accelerated by panic on social media that saw backers remove their funding, hastening the bank’s failure. It’s not just social ‘hype’ that’s dangerous, the US Securities and Exchange Commission’s (the Commission) X account was hacked in a SIM swapping attack in January 2024, resulting in significant market impact. The attackers published false information that the Commission had approved spot bitcoin exchange-traded funds being published, triggering a US$40bn market swing.
Tighter Regulation Raises the Stakes
Non-compliance across social channels is now a big deal. M1 Finance, a firm offering a robo-advisory investment platform, has been fined US$850,000 by the US Financial Industry Regulatory Authority (FINRA) to settle claims that about 1,700 social media influencers paid by the firm made misleading or exaggerated claims to attract investors.
Undue volatility caused by social media interactions is unacceptable to regulators and enterprises. With that in mind, tighter regulation is being introduced, alongside improved approaches and policies for compliant social media usage.
The UK’s Financial Conduct Authority (FCA) has warned firms and influencers to keep their social media advertising lawful. The organisation has set out guidance for memes, reels and gaming streams that promote financial services, and reported that it removed more than 10,000 misleading advertisements in 2023, up from 8,500 in 2022. Meanwhile, the SEC’s new Marketing Rule in the US requires firms to capture all social media channels if they are used for commercial purposes.
Capture is the Core of Compliance
Misuse of social media channels is not only confined to external bad actors and over-zealous influencers. Employees themselves can pose social media risks, even when using approved work channels such as LinkedIn. This is especially true where employees use LinkedIn to communicate for business purposes, falling outside of compliance policies or recordkeeping requirements. LinkedIn is increasingly a source of non-compliant communications, and firms are becoming cognisant of this risk – according to recent research from Global Relay, 33% of firms are capturing LinkedIn data.
Within that 33%, 62.9% capture communications data from individual employees’ accounts – meaning they’re capturing posts, direct messages, and other forms of messaging within the platform, while 10.9% of firms are capturing corporate LinkedIn pages. Despite the gradual increase in social media capture, it remains a largely unmonitored compliance blind spot.
Omnichannel Compliance Options
The proliferation of social media channels used in a business context, including X, Facebook and LinkedIn, increases the scope of what enterprises need to capture to ensure compliance with regulatory requirements for recordkeeping, surveillance, and marketing rules. Enterprises, therefore, need to set clear policies for their users and ensure they have strategies and technology in place to capture and monitor these channels compliantly.
Compliance technology is increasingly becoming the only viable solution, with vendors such as Global Relay offering end-to-end compliant communication solutions; from a unified compliant Communications Application, to data Connectors for communications capture, to a robust, secure Archive.
Social media channels are now enmeshed within how firms operate – how they interact with (and market themselves to) clients and the public, and how staff members connect and communicate both internally and externally. Social channels are constantly evolving, and so are the risks to compliance they present and regulatory expectations around them. Being aware to these risks is a vital first step toward controlling them, but firms need to ensure they are acting to mitigate – or eliminate – them. Solutions like Global Relay’s data Connectors empower firms to capture communications across every social media channel they use, whether corporate or employee accounts, and securely archive communications data so it’s regulatory ready and meets recordkeeping requirements. Social media communications may be presenting firms with compliance gaps – ones that bad actors are all too ready to exploit – but the right tools can help firms to close them.
