Under the heading of “Social Media and Electronic Communications Retention and Supervision” in the 2017 FINRA Priorities Letter, the organization states: “FINRA will review firms’ compliance with their supervisory and record-retention obligations with respect to social media and other electronic communications in light of the increasingly important role they play in the securities business.”
One thing jumps off the page immediately: FINRA is calling out social media separately, indicating the level of focus they are going to be applying to this form of electronic communications moving forward. This is a clear confirmation that the days of only having to supervise and maintain compliance systems and procedures for email are now gone for good.
Bottom line: if your firm is using social media for business communications, you need to be capturing that communication and retaining it in a way that makes it easy to proactively supervise for potential compliance policy violations as it gets published. You also need to be able to search for and produce specific messages in a timely fashion, should FINRA ask to see them as part of an examination.
In fact, this applies equally to any form of electronic communications if the subject matter is business-related. Text messaging is a good example to look at. As we’ve seen in recently publicized cases, even if the device being used and the mobile plan is employee-owned, the content of the messages being sent and received is discoverable in legal matters and subject to regulatory compliance requirements.
The good news is that comprehensive archiving technology has now evolved to the point where capturing new, dynamic, non-email electronic communications types like social media and mobile/text messaging can be fully automated, managed and stored in a “search-ready” state in the same way as email, and in certain cases within the same platform. The most advanced solutions capture the messages directly from the source (mobile carrier for SMS/MMS text messages Twitter for tweets, etc.), so there is no software to add to mobile devices and employee computers.
The ability to enable archiving for not only an employee’s business social media personas, but also their personal ones is also a reality today. Employees can simply opt in to the same archiving service so their personal social media networks can be leveraged for business purposes with all messages being supervised and retained in the same archiving system alongside the other forms of electronic communications they use. A win for employees, the compliance team and most likely the marketing department, too, knowing the pent-up demand to expand the use of social media within most firms these days.
So if your electronic communications supervision and retention scope is limited to email, you should consider diversifying your approach to include social media and any other new dynamic messaging mediums being used by your firm as soon as possible. The regulator has made this move and archiving technology providers have responded accordingly and in advance with solutions that will not only help you keep pace to stay compliant, but also enable the broader use of these powerful new business communications tools by your firm.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Mike Pagani is the Senior Director of Product Marketing and Chief Evangelist for Smarsh. Mike is a seasoned IT professional and recognized subject matter expert in the areas of mobility, identity and access management, network security and virtualization. Prior to joining Smarsh in November 2014, Mike held executive-level corporate and technology leadership/spokesperson roles for Stay-Linked, Quest Software, NComputing, Dell Software and others.