Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

4 steps for establishing a bring-your-own-persona (BYOP) strategy

Mike Pagani | December 9, 2016

Social media offers organizations tremendous business advantage in terms of reaching potential new customers and staying in touch with the ones currently on their roster. In fact, the number of organizations now actively using social media as one of their standard outbound forms of communications is on the rise.

That said, some social media channels are more popular than others and staying compliant is the key driver. For example, according to data from the Smarsh annual compliance survey for 2016, the use of Twitter and LinkedIn by compliance professionals, as well as those employed at financial services firms, has grown considerably where the use of Facebook has not.

BYOP vs. BYOD. Similar to the Bring Your Own Device (BYOD) phenomena, having the proper management tools and technology in place will be the key to making Bring Your Own Persona (BYOP), the use of personal social media applications and networks for business communication, safe to use. Another key to the successful adoption of BYOP will be the need for the entire organization to work together to form the right strategies, plans, implementation, and support processes.

Success with BYOP will require open cooperation between IT, legal, and marketing stakeholders in addition to the traditional compliance professionals and teams responsible for meeting regulatory requirements. The benefits derived from BYOP and their positive impact goes beyond just your compliance stakeholders.

When it comes to staying competitive in regulated industries, organizations are challenged daily by the dilemma of balancing risk versus reward for allowing social media communications, and the use of personal networks to promote and grow the business, and keep in touch with customers. Preapproval for social media communications mitigates risk, but severely impacts the timeliness of communication, and the ability for the organization to initiate and participate in social media opportunities because they appear and play out so quickly.

Supervision of social media communications with real-time monitoring and automated policy checking is proving to be the right balance of appropriate governance and control, combined with sufficient business and communications agility.

Collaborating to work through compliance challenges. As BYOP moves from concept to reality, it’s important to understand the roles and challenges of your stakeholder groups when it comes to permitting social media use, and how they work together to safely manage use, address regulatory requirements, and reduce the likelihood of individual—and potentially conflicting—strategies for your organization’s social media presence.

Compliance has to ensure inbound and outbound content is safely and securely captured, archived, and managed through active supervision, policies for flagging keywords or phrases, and guidelines that address questionable content. The challenge to this team is magnified particularly when communications happen under the radar on personal networks or devices.

Marketing is challenged with staying ahead of the curve by introducing new social media platforms to promote your products and services, and acting as the social media epicenter—curating and generating timely, relevant content such as blogs and posts, responding to incoming messages, aligning communication with company promotions and newsworthy events—in addition to their more standard responsibilities.

Your legal team must be able to quickly respond to discovery requests or litigious events where specific messages and content are relevant, and understand current industry regulations, including consumer protection laws, and local and state statutes that may have a direct impact on how you use social media.

IT is often the hub for the back-end processes, making sure the systems and software are in place to properly execute on the automated compliance-driven processes that must go hand-in-hand with social media profiles and personas. The role of IT is also beginning to shift from implementer to agents of change. The IDG Enterprise Consumerization of IT in the Enterprise Study of 2014 shows that 56% of survey respondents indicated that either CIO or top executives in the IT department were the primary leaders in driving change through the consumerization of IT at their organizations.

Even the C-suite has a stake in creating and implementing a social media strategy and policy. According to the annual Sutherland Analysis of FINRA Sanctions—featured in the Smarsh annual compliance survey for 2015 —$134 million in fines were levied in 2014. This 125% increase was the most since 2005. “The C-suite should also take notice that for the second year in a row, the number of people who were barred or suspended increased this year by 15%.” Additionally, the Smarsh report shows the number of requested content types has increased across the board, with social media, instant messages, and text/SMS messages rounding out the Top 5.

Collaborating allows all groups to communicate their specific needs and pain points, which can inform the creation of a comprehensive and robust social media strategy and policy. It also decreases the potential for system silos and can eliminate instances of separate, narrowly focused plans that may inadvertently increase the potential for risk.

The collaboration process is an excellent opportunity to identify individuals within the larger stakeholder groups who can be looked upon as super users. Each member of the smaller group can represent their native team, and communicate notable updates such as new regulations or platforms that may impact your social media activities. This team can double as a cross-department training team to explain the benefits of social media, risk and risk management procedures, your organization’s position and strategy, internal and external use, rules of engagement, and the needs and roles of stakeholder groups as they pertain to the bigger picture.

Key drivers of BYOP. Traditionally, marketing would request use of social media to take advantage of its many opportunities to engage potential and existing customers, only to have it initially outlawed because of concerns about regulatory violations (compliance), lacking existing systems to execute compliance-driven policies (IT), and inherent risks of the platform (legal department). Closing this compliance gap—or the area between the allowance of new and accepted communications types, and having the policies and systems in place to retain and supervise them—is required to enable BYOP.

Other key drivers for BYOP include tapping into the targeted, built-in audience of an employee’s personal network, creating more personal customer experiences, and optimizing marketing efforts. Employees don’t want to risk losing their base followers by creating or managing multiple profiles.

By sticking with a platform (i.e., LinkedIn) they already know that allows them to communicate on a one-to-many basis, and using their existing profile, they can continue to position themselves as a trusted resource with their network while further solidifying your organization’s position as an industry leader. Maintaining these relationships and engaging with potential new customers through social media is crucial.

Responding when, where, and how they prefer creates a more “personal” experience, even though the response is made in a public setting. Personal social media networks can also be leveraged to promote upcoming events, webinars, workshops, and communicate about new rates and financial opportunities for no added cost, supplementing your more traditional marketing campaigns.

Four steps for establishing a strategy for BYOP. After understanding the drivers, risks, and benefits of allowing the use of personal social media accounts and networks, you can establish a company-wide social media strategy and plan that keeps you competitive and compliant.

First, determine which stakeholders in your organization have an existing business need for it. As mentioned above, chances are that your marketing department has wanted to leverage the reach provided by personal social media networks for quite some time, if it could be done safely and in a compliant manner. Another example we see a lot is individual advisors/reps wanting to leverage their own personal social media networks and accounts to keep in touch with their existing customers, and promote themselves and the financial offers they represent to their constantly growing network to attract new customers.

Second, determine which social media channels to start with, based on the discovered needs in the first step. The Big 3 social media platforms most organizations in the financial services sector start with are LinkedIn, Twitter, and Facebook. LinkedIn is by far the most popular starting point, due to its professionally oriented “networking” attributes and functionality. Twitter is a close second, and is a highly effective means of disseminating headline-style sound bites and actionable links to a defined group of “followers.” Facebook is typically the third channel to use with a corporate page, but is not a great candidate for BYOP because of its highly personal nature, and lack of controls on the content others can create on an individual’s page.

Once the initial set of social media channels to be used has been determined, the third step is to create policies for their allowed use. These can be determined using a coordinated approach between the key stakeholders who will use the social media channels and the compliance team to establish rules for the type of content that can be disseminated using social media, and who has access to use it. Establishing the right set of policies for BYOP is probably the single biggest consideration and factor in making it successful. This is also the time to establish who the lead individuals are in your organization that will manage the BYOP process once it is adopted and implemented.

Finally, determine how best to enforce the established policies, and the process to take action when potential violations occur and need to be reviewed. This is where the use of today’s advanced archiving technology can play a major role in automating the management of BYOP, and ensuring the completeness of the supervision to mitigate risk while maintaining compliance according the organization’s policies.

Putting the right technology in place. In today’s fast-paced and immediate action-oriented world, the ability to respond and participate in market-impacting, customer-relevant developments and topics in a timely manner is critical for marketing and sales organizations in all industries.

Social media tools and communication channels are necessary to get the reach and agility needed, but they bring with them risks and challenges to manage them effectively and in a compliant manner for organizations in regulated industries.

Pre-approval versus active monitoring of social media communications is a major topic of debate. In a perfect world, every response, action, comment or proactive statement delivered by the company via social media would be checked and approved before being allowed to be communicated. However, as most firms that do pre-approval will tell you, it is very hard to stay agile and responsive if pre-approval is applied to every piece of communication and not implemented selectively.

Automating the process of checking all social media communications, especially when personal social media accounts and networks are in play, against established policies for approved use, is critical to achieving the right balance of speed, agility, and reach, while mitigating the risk associated with violating compliance regulations.