Social media compliance is growing up, with new tools, challenges

It’s a new day in the financial services industry, with the full arrival of financial social media, which brings with it a host of new challenges and opportunities.

First, the opportunities: No longer are wealth managers and firm executives asking whether or not they should be taking advantage of social media and other digital platforms to communicate with their clients and potential customers, but rather how best to leverage the new tools that are available to them as of 2016. The large institutions have been on board with this technology for a few years—Morgan Stanley kicked things off in 2014, when it gave the green light to its 160,000 financial advisers to tweet—and now even smaller firms have taken steps to embrace the power and potential of social media.

“Banks and credit unions are realizing that, from a marketing standpoint, they need to be on social,” says John Carini, founder and CEO of Social Smart Software, the maker of cloud-based social media management and engagement tools for enterprise users. “Having social media accounts is like having a website now. You need to be there, especially if you want to address Millennials and the younger generations.”

Part of the issue, he explains, is that more traditional marketing tools are no longer effective. Advertising in the local paper doesn’t really work anymore, and financial services firms have realized that they need to be where their customers are in order to succeed.

Of course, none of this is particularly new. Social media has been officially on the scene for financial services companies since at least 2010, when the Financial Industry Regulatory Authority (FINRA) released its first set of guidelines for social media use by the industry.

The stated goal of the resulting FINRA 10-06 notice was to ensure that, “as the use of social media sites increases over time, investors are protected from false or misleading claims and representations, and firms are able to effectively and appropriately supervise their associated persons’ participation in these sites.”

This action effectively confirmed that electronic communications shared over the Internet were to be governed by the same rules as all the firms’ other public communications. Namely, communications were to be archived, there needed to be supervision of all activities, and internal controls had to be in place to prevent conflicts of interest.

But that was just the beginning. Today, electronic communication is about more than just tweets and Facebook posts and has blown up to include everything from in-app instant messages to mobile texts to blog posts and more. For financial services firms, this has some specific applications:

“The use of social media increases risk because you’re increasing the volume of conversation.”

Mike Pagani, Senior Director of Product Marketing, Smarsh

Customer service. Social media allows financial advisers to communicate with clients directly, leveraging the tools that many of us already use to communicate with friends and family. This allows advisers to be more accessible to their clients and easier to reach 24/7.

Marketing. Digital marketing is a significant driver of new business in a wide range of different industries, and social platforms allow financial services marketers to reach millions of potential buyers, targeted in ways that have never before been possible, at minimal cost.

Product development. We’re even seeing entirely new, social-based financial products appear on the market, especially in developing markets. This includes everything from those using Alibaba to pay their rent in China to buying mutual funds through WeChat to lenders using social accounts to rate applicants’ credit worthiness and gather references.

What compliance officers need to know now

The challenge for compliance officers in the financial services industry, then, is getting their arms around all of the different kinds of messages that are coming from their companies, across the now dozens of different social and digital platforms.

“The use of social media increases risk because you’re increasing the volume of conversation,” explains Mike Pagani with Smarsh, which offers a unified digital compliance and e-Discovery platform that’s designed for enterprise-level archiving.

“If your existing compliance perimeter focuses only on e-mail and you’re automating that, people these days are smart. They know that e-mail is being supervised, so they’re not going to communicate about anything that’s risky in there. So we’re seeing a lot more instant messages. A lot more mobile text messaging. I like to say: When you look at the whole spectrum of communications options that are available today, there are a lot of blind spots in a lot of organizations.”

SUPERVISION OF SOCIAL MEDIA SITES

Below is an excerpt from FINRA guidance explaining what firms should be doing to oversee social media.
The content provisions of FINRA’s communications rules apply to interactive electronic communications that the firm or its personnel send through a social media site. While prior principal approval is not required under Rule 2210 for interactive electronic forums, firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.
Firms may adopt supervisory procedures similar to those outlined for electronic correspondence in Regulatory Notice 07-59 (FINRA Guidance Regarding Review and Supervision of Electronic Communications.)  As set forth in that Notice, firms may employ risk-based principles to determine the extent to which the review of incoming, outgoing, and internal electronic communications is necessary for the proper supervision of their business.
For example, firms may adopt procedures that require principal review of some or all interactive electronic communications prior to use or may adopt various methods of post-use review, including sampling and lexicon-based search methodologies as discussed in Regulatory Notice 07-59. We are aware that technology providers are developing or may have developed systems that are intended to address both the books and records rules and supervisory procedures for social media sites that are similar or equivalent to those currently in use for e-mails and other electron communications. FINRA does not endorse any particular technology. Whatever procedures firms adopt, however, must be reasonably designed to ensure that interactive electronic communications do not violate FINRA or SEC rules.
Firms are also reminded that they must have policies and procedures as describes in Regulatory Notice 07-59, for the review by a supervisor of employees’ incoming, outgoing, and internal electronic communications that are of a specific subject matter that require review under FINRA rules and federal securities laws, including:
NASD Rule 2711(b)(3)(A) and NYSE Rule 472(b)(3), which require that a firm’s legal and compliance department be copied on communications between non-research and research departments concerning the content of a research report;
NASD Rule 3070(c) and NYSE Rule 351( d), which require the identification and reporting of customer complaints; NYSE Rule 401A requires that the receipt of each complaint be acknowledges by the firm to the customer within 15 business days; and
NASD Rule 31 0( j) and NYSE Rule 410, which require the identification and prior written approval of every order error and other account designation change.
Source: FINRA

Part of the problem, he says, is that many compliance officers are still struggling to keep up with the ever-increasing volume of e-mail in their companies. As that snowballs, they are unable to take the steps needed to address all of these new communication platforms as well.

“The game is changing under the feet of the compliance department,” Pagani says. “It’s not so simple anymore.”

The regulators are evolving too. FINRA has hired a team of data scientists to dig into the reams of data the agency is collecting from regulated industries, including financial services. Eventually, the regulators will use this Big Data trove to become more proactive—spotting potential infractions even before companies do—and compliance officers need to stay ahead of this shift by addressing potential blind spots now. That means bringing the compliance department together with the IT department, the legal department, and the marketing department to find workable solutions.

These often aren’t solely technology solutions, either, says Yasmin Zarabi, vice president of legal and compliance with Hearsay Social, a software-as-a-service social media marketing management platform that’s focused on the financial services market. They have to involve people.

“It’s policy, training, and technology,” she says, “it’s not one-size-fits-all. It’s the policies you have in place, how effective they are, how you train your workforce, and the tools that you use to assist with enforcement. Technology can’t solve all of it. It can get close, but there are some things you have to supervise through policy.”

What will the regulatory landscape look like this time next year? It has been a quiet period in terms of regulation changes over the last couple of years, but many in the industry are watching developments in Europe for clues—particularly the European Union’s implementation of MiFID 2, which is set to reform the continent’s securities and derivatives markets starting in January 2018—expecting the latest update from U.S. regulators by the end of the year.

“Everyone’s waiting in anticipation on what it’s going to be,” Zarabi says.

Automating the process

Fortunately, as the landscape of social media compliance has evolved in recent years, a number of different service providers have sprung up offering products to address the unique needs of financial services compliance departments.

Consider the following social media compliance software tools, all of which offer products specifically tailored to the financial services market:

Hootsuite: In October, social media management firm Hootsuite launched a new compliance tool for financial advisers, designed to allow advisers to use social platforms in real-time while staying in compliance. As described by the company, compliance settings “run silently in the background,” minimizing the burden on users (with the hope that they will be more likely to actually use the tool) while minimizing human oversight requirements.

Smarsh: Designed as a unified platform that archives all of a company’s digital communications, Smarsh’s tools are used by more than 20,000 financial services customers, including broker-dealers, independent investment advisers, hedge funds, private equity firms, insurers, and more. Focused on data organization for regulatory audits and potential litigation events, Smarsh’s platform stores digital data in a “research-ready state,” combining automated policies that weed out benign messages alongside 30-35 industry standard rules.

Social Smart: Social Smart offers a cloud-based platform that combines social media engagement, research, analysis, and compliance into a single tool. In addition, it leverages an artificial intelligence engine, built on IBM’s Watson technology, that can analyze sentiment and keywords, automatically determining whether a post is positive or negative and using that information to flag for follow-up.

Hearsay: Hearsay’s digital platform combines compliance functionality that works across an organization’s social, mobile, and web communications, with a focus on clients in FINRA-, SEC-, IIROC-, MiFID-, and FCA-regulated industries. The system includes pre-approved workflows, real-time alerts, supervision and approval trails and archival tools for the entire corporate network, associated mobile devices, and even remote locations.

Actiance: Launched more than a year ago, the Alcatraz software from Actiance is built around the individual identity of each user, mapping all of their digital activities and accounts into one universal view of that individual. From there, the compliance department can enforce corporate policies no matter what platform they’re using.

As electronic communications get richer, it has become more difficult to maintain supervisory review as it is traditionally understood. As a result, companies today are moving away from basic supervision of public communications to outright surveillance in order to maintain compliance. Software tools that understand the richness of today’s conversation mediums can help compliance officers both save on oversight costs while also reducing the risk of missing something critical.