Archive for category Compliance
Bringin’ the sizzle at the FINRA annual
Posted by nleong in Compliance, Conference, FINRA on May 23, 2013
The 2013 FINRA Annual Conference just wrapped up yesterday and judging by the packed house at the two social media-related sessions, the topic is still a hot one. Much like the last few years, the industry is grappling with what to do with social. “To allow or not to allow?” was clearly on the minds of everyone in the room.
Somewhat surprisingly, there’s still a lot of folks who don’t allow any access to social media (I’d ballpark it at around 1/3 of the people). Then, you’ve got another third that only allow limited or selective access (e.g., only business card-type info on LinkedIn). But for even these guys, they admitted they’d have to “release the hounds” eventually, with “eventually” being sooner rather than later.
FINRA itself is becoming more educated on social networking trends and capabilities and responding accordingly. Just a few months ago, Rule 2210 (Communications with the Public) went into effect. Realizing that the power and allure of social relies on the dynamic, interactive nature of the medium, Rule 2210 specifically exempts from pre-approve things like Facebook posts and tweets that don’t make any financial or investment recommendation or otherwise promote a product or service of the firm.
Some may say the financial industry is moving too slowly, but hey, baby steps are better than no steps at all. After watching the industry get annihilated five years ago, a little bit of caution and conservatism perhaps is not a bad thing. The main point is that the industry realizes social media is not a flash in the pan and that it’s here to stay. The industry is embracing it, just at its own pace.
Which means it’s a wonderful opportunity for vendors like Actiance to help these firms meet their regulatory obligations. Actiance’s sweet spot is financial services and has been for over 12 years. We relish the role of advising the “newbies” on how to leverage social and to do so compliantly. We’ve been to a bunch of these FINRA events so we know what keeps compliance officers up at night and what it takes to allay those fears.
Sometimes you need that lil bit of hand-holding to cross the finish line. No shame in that. In this day and age of global interdependencies, going it alone is more difficult than ever before. Maybe that’s why we friend, connect, and follow. Social makes looking for new business opportunities (or that specialty bacon) much easier.
Ahhhh….
What’s the Buzz? Tell Me What’s Happening
Posted by Kailash_Ambwani in Actiance, Collaboration, Compliance, Electronically Stored Information (ESI), Employee Behavior, Enterprise 2.0, Financial Services, personal v professional, Trends on April 18, 2013
The buzz in the enterprise is Big Data. Pick up any publication covering technology or business these days and you will see articles about the proliferation of Big Data; how it happens and how it will impact our lives. Certainly, there is a ton of data flooding in, offering tremendous opportunity to predict new trends that can drive our business in exciting ways. But there are two important steps in the harnessing of Big Data to achieve its potential. First you have capture and store the data; second you need to analyze the data. Once you have visibility you can ‘listen’ to trends generated by your customers and marketplace.
But, while most companies are listening to what customers are saying, they’re often not listening to what their employees are saying.
The old adage “the CEO is the last to know” no longer has to hold true. Big Data can help you learn about your employees’ experiences as much as the customer experience. If we can leverage Big Data to create an experience for the customer that exceeds their expectations and results in higher satisfaction, can we not use Big Data to achieve the same with our employees?
With Big Data we can change how we engage our employees. We can understand the trending themes, the sentiment, who the key “connectors” and subject matter experts are, and even the high risk areas. We can safely project that this will result in:
- Higher job satisfaction
- A more engaged, enthusiastic workforce
- Longer employee retention
- Better productivity
Not unlike the customer experience we can create with insights from Big Data, we can create a better employee experience that results in a positive, transparent and more productive work environment. All of which gives us a competitive edge.
Isn’t that really the potential of Big Data for the enterprise?
Belbey Blogs: Recent Guidance from the SEC on Filing Social Media
Posted by belbey in Actiance, Compliance, eDiscovery, Electronically Stored Information (ESI), Enterprise 2.0, Financial Services, FINRA, Securities and Exchange Commission, Uncategorized on April 2, 2013
Today’s blog is from Joanna Belbey, Social Media and Compliance Specialist at Actiance.
This month, the Division of Investment Management of the Securities and Exchange Commission issued the first in a series of “IM Guidance Updates” to clarify its positions on emerging legal issues. The first topic was social media.
Financial services firms are cautious by nature, and its both our experience and no surprise, that firms are taking a very conservative approach and are filing a huge amount of social media content with FINRA. The SEC is calling out that this may be unnecessary in a number of cases.
First some background. To ensure that communications from financial institutions are suitable, fair and balanced, the FINRA Advertising Regulation Department reviews the content of more than 100,000 communications every year. Some communications are submitted as required by FINRA rules, others are submitted voluntarily. Some are filed in advance, others within 10 days of publication. However in FINRA Rule 2210(c)(7)(M), effective February 2013, retail communications posted on an “online interactive electronic forum that is contained on a social media website” are specifically excluded from these filing requirements.
However, as firms have other filing requirements aside from FINRA, such as Section 24(b) of the Investment Company Act of 1940 (“1940 Act”) or Rule 497 under the Securities Act of 1933 (“1933 Act”), SEC has seen fit to provide guidance on what should and should not be filed.
As the SEC states “Whether a communication need be filed depends on the content, context, and presentation of the particular communication”. So nothing changes there. This is simply reiteration. But now the SEC goes a little further. The more specific, the more likely it needs to be filed. And as an aside, whether the communications are filed or not, they still need to captured, supervised, archived, made e-discoverable like any other written communication for “business as such”.
The SEC provided some examples for clarity:
Do Not File
- Simple mention of a specific investment company or family of funds without discussion of merits
- Mention of word “performance” in connection with a specific investment company or family of funds without mention of returns
- Factual introductory statement / hyperlink to fund prospectus (ie, report available here)
- An introductory statement not related to investment merits of a fund that includes hyperlink to general information
- Response to an inquiry via social media that provides factual information and does not include merits of the fund
File (to meet requirements of Section 24(b) or Rule 482):
- Discussion of fund performance that provides specific mention of fund’s returns
- Issuer communications that discuss merits of an investment fund
The regulators continue to reinforce what we know to be best practices of social media. Pitching financial products, and discussing specific performance and returns is unwelcome on social media and may require pre-approval by a registered principal of the firm as well as filing requirements.
A better approach?
Provide compelling content, not sales pitches. Offer information that is informative, entertaining, and worth sharing. In a compliance-constrained industry like financial services, delivering compelling content can be challenging, but it’s by no means impossible.
The first step is to inventory your existing content to see what can be leveraged for social media. Start with pre-approved content that has been reviewed by the company’s compliance team for both corporate governance and regulatory compliance. Use this content to develop a library of interesting insights on investment strategies, wealth management, saving for college or retirement, and similar topics. These articles can provide a foundation for social media newcomers who are looking to start building their online networks.
This Spring is a great time to get started!
Other information you may find helpful:
Belbey Blogs: New FINRA Communications Rule 2210
http://blog.actiance.com/2013/02/13/belbey-blogs-new-finra-communications-rule-2210/
Division of Investment Management of the Securities and Exchange Commission Issues Guidance Update on Social Media Filings by Investment Companies
http://www.sec.gov/news/press/2013/2013-40.htm
IM Guidance Update March 2013
FINRA Rule 2210
http://finra.complinet.com/en/display/display_main.html?rbid=2403&element_id=10648
Regulatory Notice 12-29 Communications with the Public
http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p127014.pdf
Regulatory Notice 10-06, Social Media Web Sites: Guidance on Blogs and Social Networking Web Sites (January 2010)
http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf
Guide to the Web for Registered Representatives
http://www.finra.org/Industry/Issues/Advertising/p006118
FINRA: RCA – March 1999 – Ask the Analust – Electronic Communications
https://www.finra.org/Industry/Regulation/Guidance/RCA/p015326
“Your call may be recorded. . .”
Posted by actiance in Compliance, Unified Communications on March 5, 2013
We’ve all heard this countless times, but we usually yawn and consider it an afterthought. But, for those folks working in regulated industries, these words ring true. In the UK in particular, there are strict guidelines on the recording of voice calls. For instance, the Financial Services Authority’s Policy Statement 08/1 specifically requires firms to record all relevant telephone conversations and electronic communications. And even if the requirement does not explicitly single out voice recordings, it is certainly implied in the “electronic communications” language adopted by the SEC, FINRA, the FRCP, and others.
Additionally, even though there’s a marked trend of moving away from legacy PBX systems towards VoIP systems, this doesn’t make the recording requirement go away. If anything, it highlights the importance of having to record conversations in whatever format they take place in.
These days, communications could be over unified communications platforms like Microsoft Lync, social media, instant messaging, mobile phones, or even the good ol’ landline. It’s just that the rapid adoption of Microsoft Lync over the last few years has shined the spotlight on voice calls through this specific platform.
Lync adoption in general has been spurred by the increasing demand to cut costs and enhance productivity in the workplace. PBX systems are more expensive and difficult to manage, which only serves to expedite the transition to IP-based systems like Lync. Easier expansion and greater flexibility are also prompting organizations to switch to Lync.
But oftentimes, before organizations can even deploy Lync, they need to ensure they’ve got a management solution in place to provide the compliance and security capabilities that’ll give them the peace of mind they need before deploying Lync. That’s because native Lync functionality is insufficient to keep companies from fully adhering to the governance requirements they’re subject to.
Actiance Vantage removes these roadblocks by making it possible for firms to securely record Lync Voice calls in accordance with applicable compliance requirements. All key metadata is captured; data integrity is verified; and there’s integration with a wide range of archiving platforms. Throw in support for other Microsoft applications (SharePoint, Skype, OCS) and non-Microsoft applications (Jive, IBM Connections, Google Talk, Yahoo! Messenger, Bloomberg, etc.) and it’s easy to see why Vantage is considered the marquee governance solution for the broadest range of communication channels.
By taking care of the governance aspects, Actiance enables organizations to focus on their business.
Belbey Blogs: New FINRA Communications Rule 2210
Posted by belbey in Actiance, Compliance, Financial Services, FINRA, Uncategorized on February 13, 2013
On February 4, 2013, as result of the systematic harmonization of NASD, NYSE and FINRA rules, FINRA Communications with the Rule 2210, went into effect. I wanted to learn more, so I attended the SIFMA Compliance and Legal Society, New FINRA Communications Seminar last week. It was an educational panel that include Kevin Zambrowicz (SIFMA), John Lajiness (Fidelity), Tom Pappas (FINRA), Holly Smith (Sutherland Asbill & Brennam) and Edward Sullivan (UBS).
The panel discussed that FINRA Rule 2210 brings some significant changes to the communications rule and that firms were expected to update their Written Supervisory Procedures accordingly. However, the rule was announced back in June, so firms have had plenty of time to get ready.
In fact, as Edward Sullivan, Head of Field Compliance at UBS, told the audience, his firm took the new rule as an opportunity to take a fresh look at the communications policies at his firm and make enhancements where appropriate.
So, how does FINRA Rule 2210 impact social media?
First some background. Back when FINRA issued Regulatory Notices 10-06 and 11-39, there were six major categories of communications under the existing NASD Rule 2210.The former six categories (advertisements, sales literature, correspondence, institutional sales material, independently prepared reprints, and public appearances) have now been replaced by three: Correspondence, Retail Communications, and Institutional Communications.
Let’s take a look at the two that impact social media:
Correspondence includes any type of written (including electronic) communication that is distributed or made available to 25 or fewer retail investors within any 30 calendar-day period. Like email, these communications do not require pre-approval, but, firms need to capture, retain and make business communications e-discoverable as well as demonstrate that they are supervising communications to meet suitability requirements. An example from social media might include an InMail on LinkedIn, a Message on Facebook, or a Direct Message on Twitter.
Retail communication includes any written (including electronic) communication that is distributed or made available to more than 25 retail investors within any 30 calendar-day period. A “Retail investor” includes any person other than an institutional investor, regardless of whether the person has an account with the firm. Communications that formerly qualified as advertisements and sales literature generally now fall under the definition of “retail communication.” These communications require pre-approval from a principal of the firm, plus all the record keeping and suitability rules apply. However, the rules specifically exempted pre-review any retail communication that:
- is posted on an online interactive electronic forum
- does not make any financial or investment recommendation or otherwise promote a product or service of the firm.
FINRA recognizes that due to the real time nature of social media, pre-review would inhibit interactive communications. Examples from social media include posts such as LinkedIn Updates, Facebook Status Updates, and Tweets on Twitter.
But, what about static portions of social media like profiles and links to content? Tom Pappas, Thomas A. Pappas, Vice President & Director, Advertising Regulation, FINRA, reiterated that the new rule codified existing guidance from 10-06 and 11-39 and that static portions of social media would still require pre-review unless they are exempted as above. In other words, if static content promotes a product or service, it requires pre-approval.
So, will this significantly change processes around social media? Probably not. As I mentioned in my blog, Belbey Blogs: What Are Other Firms Doing?, we have found that firms tend to pilot social media with pre-approval of all initial posts (such as tweets) and keep tight controls in place. Registered persons typically don’t have much latitude. However, once they begin to trust technology to safeguard their firms’ reputation and stay compliant, firms often begin to allow their reps to personalize content to varying degrees.
It just takes time. And some successes to accelerate the process.
For more information, see:
Full text of Communications Rules (32 pages)
FINRA Regulatory Notice 12-29 Communications with the Public (25 pages)
Introducing Socialite for iPhone and iPod touch
Posted by actiance in Actiance, Collaboration, Compliance, Facebook, iPhone, iPod, LinkedIn, Mobile, Trends on February 12, 2013
Your smartphone is your right-hand man. It helps you do your banking, shopping, and socializing when you’re on the go.
By the end of 2013, there’ll be 1.4 billion smartphones and 286 million tablets actively in use around the world. (Source: ABI Research, via TechCrunch). With just shy of 7 billion people on the planet, that means at least 1 of every 5 of us has access to a constant stream of information from almost anywhere.
If you’re selling a product or building a brand, that’s also a constant stream of opportunity that can give you a competitive edge. But sometimes regulations, legal departments, or strict information governance policies can stand in your way. You need to post, tweet, and comment in a way that keeps you and your company out of trouble, and you need to do it from anywhere, any time.
That’s why we built the Socialite® Engage mobile app for iPhone® and iPod® touch.
Socialite® is already the best, most complete social networking compliance and engagement solution available. Now we’re making that experience even better with this free app, available today in the Apple App Store.* It’s a fast, intuitive, and convenient way to keep in touch with your Facebook, LinkedIn, and Twitter connections.
It gives you mobile access to great features like:
Easy Content Publication
- Post to multiple networks right away or schedule posts for later, all from one place.
- Share pre-approved content from your organization’s library.
- Ensure the authenticity of your voice while remaining compliant.
Powerful Engagement
- View and interact with your consolidated newsfeed.
- Manage and follow key connections and their life events.
- Receive notifications of Comments, Likes, Retweets, and more.
So if you depend on your mobile devices to get things done, check out Socialite and the Socialite Engage mobile app.
It’s the best right-hand man your right-hand man will ever have.
*Requires a Socialite account provided by your organization. Your organization must be provisioned by Actiance to use the mobile app. For assistance with your login, contact your IT administrator or support help desk.
I Can See Clearly Now, The Blur is Gone…
Posted by Kailash_Ambwani in Actiance, Compliance, personal v professional on February 6, 2013
Personal vs. private. Open vs. closed. Freedom of speech vs. limited expression. These are just a few debates that are shaping the personal and professional lives of today’s worker; increasing in intensity as social media becomes more prevalent in the workplace. As IDC asserts, the worldwide enterprise social software applications market will grow from $788.1 million to $4 billion in revenue by 2016, representing a compound annual growth rate (CAGR) of 38.5%.
A recent article in the New York Times discusses the blurring of lines between personal and business use of social. Judging by the 125+ comments to date it struck a chord with many readers. And Forrester Research recently published a survey which reveals that 43% felt that social was something they used in their personal life and wanted to use at work.
This new social business paradigm affects every organization, regardless of industry, as written by Steven Greenhouse: “Schools and universities are wrestling with online bullying and student disclosures about drug use. Governments worry about what police officers and teachers say and do online on their own time. Even corporate chieftains are finding that their online comments can run afoul of securities regulators.”
The last category is something that I’m personally familiar with, as I work with customers in regulated industries on a daily basis that are subject to fines and requirements from FINRA, IIROC, the SEC and others. As social channels have become a natural communication method in both our personal and professional lives, the blurring lines between acceptable personal and corporate use can be challenging to navigate. Compounding this further is the blurring of boundaries between corporate content, distribution of that content and compliance requirements. The result: professionals, from C-level staff down to compliance managers, are having a tough time defining and enforcing policies.
However, a solution was also mentioned in the New York Times article: the social media policies that companies can develop. Here’s the bottom line- If you’re not forming policies to provide governance for your employees, your use of social will come back to bite you. These policies need to be specific to the company and industry, and should outline what employees can, as well as what they can’t, communicate or say online. The policy should contain:
- The company’s social media objectives
- Appropriate social networks that would align with personal and professional use
- Best practice guidelines, along with examples on how to build social networks
- Ways to integrate social activities within corporate systems for each department. For example, how marketing can leverage
This clear level of guidance, combined with education, will go a long way in helping employees’ better tap into the benefits of social for personal and business purpose while keeping regulators at bay.
This approach is a good start in allowing your company to successfully unleash social business. In my next post, we’ll dive into the importance of compliance in social business. In the meantime, you can download our six principles of social success whitepaper here, and get started on developing a winning strategy to reduce the blur between personal and professional use of social at your company.
When the social party grows up, what if no one attends?
Posted by belbey in Actiance, Collaboration, Compliance, eDiscovery, Employee Behavior, Enterprise 2.0, Financial Services, FINRA, New Internet, Social Networking, Trends on February 6, 2013
Today’s post is a collaboration between Richie Etwaru, Director, UBS and Joanna Belbey, Social Media and Compliance Specialist, Actiance
Our last blog, “Before You Go Social, Check with Uncle Sam” covered the regulatory compliance, corporate governance, and legal requirements organizations must address before deploying social collaboration, or “internal social media.” In short, we suggested firms needed to develop policies and deploy or procure intelligent software to automate the capture, archive, retain, and supervise business communications across the enterprise.
We received material feedback. Readers reminded us that we’ve all been having the “compliance and technology conversation” around social media for some time. We aim to please so asked what’s next; we were told adoption is the biggest barrier to success. How do you make the changes to the corporate DNA to allow collaboration to flourish? In other words, how do you get adoption?
Apparently there is a party happening on grown up social networks but no one is attending.
Solving for Adoption
At the core of the thought leadership, we must look at training, sponsorship and design as three individual agendas solving for adoption. The diagram below shows three audiences for each agenda in a 3X3 matrix. The 3X3 matrix can serve as a maturity model as an organization progresses from top right of the matrix to bottom left.
Training, no one flyer fits all
There is no “one size fits all” training for employees to learn how to be “social” within the enterprise. At the one end of the audience spectrum, are employees who are adept at using social media in their personal lives. These are usually (but not always) entry-level employees. They may freely share personal experiences and thoughts with hundreds (thousands?) of their friends on Facebook or followers on Twitter. This set of employees may need to learn how to be “professionally social” within a corporate environment. There is unlearning, think first, and when in doubt resist, training needed.
In the middle of the audience spectrum training is need to inform the value of social beyond connecting people to people and content, sharing more, and the power of inviting others. For more on value beyond connecting people to people and content see “Solving for building backlash of Enterprise Social Networks” posted by Richie.
At the other end of the audience spectrum are employees who may use social media only occasionally or not at all. These are sometimes (not always) senior management. They may require a bit of handholding, and learning about specific benefits of why they should invest the time to learn something new. They also may be concerned about privacy. There is training needed to trust the platforms, learning the value of connecting to people, and benefiting by searching for and finding content in an entirely new way. This audience will not simply come to the party because they received a flyer, there is personal touch needed.
Sponsorship, they must come from everywhere
Successful deployment of social media (either internally or externally) requires commitment from senior management. However senior managers are unlikely demonstrators of sponsorship for social. Demonstrating sponsorship for social means using it, and many (not all) senior managers lack the time, commitment, and authenticity (don’t take it to heart, being authentic on social is an art, even if you are an inherently authentic person) to truly be social.
Sponsors of social medial must come from all tranches of the organization. The trusted employees, and employees that are opinion leaders can demonstrate sponsorship driving adoption. The trusted must create content, celebrate others, and invite opinion leaders (many times openly). Opinion leaders must share content of others, invite the unlikely senior managers (yes, sometimes openly as well), and advocate for the value of media other than text (such as videos) by using said new media. Finally, senior managers who are seen as unlikely adopters by the masses must be authentic. The unlikely audience should upload photos (authentic photos, not the boring corporate headshots), celebrate the opinion leaders, and share information created by the trusted.
This type of sponsorship and authentic adoption up and down the corporate ladder enables organizations to influence with sponsorship. After all, well attended parties are sponsored.
Design, customize the user experience
Inarguably, social can be separated into the believers, the voyeurs and the nay-sayers. The believers get it, and the current design of social works for them. Empower your believes, celebrate them, and hope that you can challenge them.
The voyeurs are the folks that come to the social platform, look around and leave (people that peek into restaurants or lounges and then keep going). Why do they do this? Many times it is because they “see no value when first logging into a social platform”. For us believes we ask, “really no value?” The fact is voyeurs do not see value when logging in initially, this is because they are not a part of any group, haven’t liked anything, haven’t created any content or commented or shared. Of course they see not value, the initial social experience is empty! Organizations must design social platforms to demonstrate value to voyeurs. We know who said voyeurs are, who they work for and who works for them, their peers constitute their implied social graph. We know what groups their “social graph” are in, what documents and topics their social graphs are interested in, and what questions their social graph have asked and answered. The design of the social platform should suggest a curated environment for the voyeurs on first login based on the activity and preferences of the implied social graph. When a voyeur logs in, if he/she accepts all curated suggestions, he/she will “LEAP” onto the social platform and see immediate value. This is an example of what we mean by enabling adoption with design.
Closing
This conversation can be detailed into a longer discussion, but at the heart of it, adoption is not unsolvable. There is a party happening on the grown up social networks and if no one is coming to the party we have to think like nightclub owners; guide with training, influence with sponsorship and enable a good experience with design.
What to do when social goes bad: The Lesson of HMV
Posted by SarahActiance in Actiance, Compliance, Employee Behavior, Social Networking on January 31, 2013
It’s been a momentous day in the Twitterverse for HMV. (For those of my US colleagues, who don’t know the brand, here’s a snapshot – from Wikipedia.. if you want more, click on the links).
HMV Group PLC is a British multinational entertainment retailing company with operations in the United Kingdom, Hong Kong and Singapore. It was listed on the London Stock Exchange and was a constituent of the FTSE Fledgling Index. The first HMV branded store was opened by the Gramophone Company on Oxford Street in 1921, and the HMV name was also used for television and radio sets manufactured from the 1930s onwards.
HMVSite Down
Now I had to go to Wikipedia to tell you more about HMV, because the company was put into administration on January 15th, as you can see from this is all I get at www.HMV.com
As if that isn’t bad enough, what took place on Twitter earlier today should give any senior management team cause for social cold sweats. Normally it’s great for the brand when you’re live tweeting an event (like we did recently at #IBMConnect)
But I’m not sure anyone has tweeted their own sacking before. That’s right. Just before 130pm local time, HMV’s official and verified Twitter account sent out the following: “We’re tweeting live from HR where we’re all being fired! Exciting!! #hmvXFactorFiring“.
This tweet went viral with over 1,300 retweets in 30 minutes.
This tweet was followed by 7 others, which told the social world what was going on.
Posts such as: “There are over 60 of us being fired at once! Mass execution, of loyal employees who love the brand. #hmvXFactorFiring” and, “Sorry we’ve been quiet for so long. Under contract, we’ve been unable to say a word, or -more importantly – tell the truth #hmvXFactorFiring.” Went out. And a little bit like car crash TV, we all watched.
Here’s the one that really consolidated for me the difference between those who “get” social and those who don’t. “Just overheard our Marketing Director (he’s staying, folks) ask “How do I shut down Twitter?” #hmvXFactorFiring.”
It gets worse. Several hours later the offending tweets disappeared from the @HMVtweets feed.
Not, though before you could pick them up on places like Topsy – the news and screenshots of the offending tweets have been trending through the Huffington Post, CBS and Business Week here in the US, and the story continues.
You can see more write ups of the story at Holtz Communications, TwoFourSeven and I found the news out through superstar @rhappe tweeting it (follow her, she’s great for breaking news like this)
So what can you do to make sure that #hmvXfactorFiring doesn’t end up at your door?
- Social has GOT to be part of any crisis management communications plan. Period.
- Make sure ownership of your Corporate Social Network Accounts is with a group that is part of the planning.
- Transparency is key. If you spin, lie or cheat, you will be found out.
- Deleting content, while it might be necessary sometimes (racist commentary, profanity and the like that you do NOT want on your Twitter feed have no place staying there in order to be transparent) should be undertaken with caution.
- If you do delete content, make sure you have a record of it. You can be sure that the rest of the world already does.
- Engage, understand the mood and the sentiment of the audience and go with it. Empower the team responding to do just that. Respond.
What else would you add to how you can deal with social in a crisis?
Belbey Blogs: Before you go social, check with Uncle Sam
Posted by belbey in Actiance, Collaboration, Compliance, eDiscovery, Electronically Stored Information (ESI), Employee Behavior, Enterprise 2.0, Enterprise IM, Facebook, Financial Services, FINRA, Guest Post, Legal, Social Networking, Unified Communications, Web 2.0 on January 30, 2013
Today’s post is a collaboration between Richie Etwaru, Director, UBS and Joanna Belbey, Social Media and Compliance Specialist, Actiance
It’s difficult to debate the value of installing enterprise social networks.
Richie Etwaru, a futurist and avid speaker, covered the current state, business value, and future thinking needed around the construct of what he phrases the #ENTSOCNET (an internal enterprise social network). Mr. Etwaru titled the piece Solving for building backlash of Enterprise Social Networks and covers the 1st, 2nd and 3rd generation of the #ENTSOCNET. Installing an internal social network, driving, adoption and extracting business value as Mr. Etwaru describes, is complicated and difficult work. Leaders must ensure that said complicated and difficult work is being done under the auspices of regulatory guidelines.
There are regulatory compliance, corporate governance, and legal requirements organizations must address before deploying social. There however, is an impedance mismatch and some amount of misinterpretation between what the regulators consider enterprise social media, and what leaders in the enterprise consider to be enterprise social media. The spirit of the regulations suggest that whether an enterprise in installing an internal social network (what Mr. Etwaru describes as the #ENTSOCNET) for its employees only, or leveraging external social networks such as Facebook, LinkedIn or Twitter; all communications, messages, inboxes, comments, endorsements, DMs, tweets retweets etc. are governed under the regulations.
What Regulators want
More than 2 years ago, regulators of the securities industries began to issue guidance on how to use social media. The Financial Industry Regulatory Authority (FINRA), The Securities and Exchange Commission (SEC), Investment Industry Regulatory Organization of Canada (IIROC), National Association of Insurance Commissioners (NAIC) and others view social media, whether it’s external or internal, as just another form of business communications, such as email or instant messages. They remind us that it’s the content that is determinative, not the platform. Regulators also expect that firms demonstrate that they are supervising, or reviewing, a pre-defined portion of these communications. Other more general legislation may also apply such as Sarbanes-Oxley (SOX) Gramm-Leach-Bliley Act, and the data breach notification laws (PCI, DSS).
What this all means
In short, whether internal or external, firms need to ensure that all business communications (or “business as such”) are captured, archived, supervised and made easily e-discoverable. There is nothing new here as this has been an evolution. First paper, then email, instant messages, now both internal and external social media, firms continue to be challenged to capture, retain and review a portion of all business records in whatever form they appear. As a first step, firms may use their existing email and instant message retention policies as a framework to develop policies for internal and external social media. Governing said policies is a separate and pronounced challenge.
Governance is key
Firms are increasingly committed to comprehensive corporate governance to avoid scandal and to comply with regulations. The development of sound policies and procedures before deployment is key, given the vast amount of data stored in most collaboration environments and the free ranging conversations among employees, contractors and even clients that can ensue, policies must be defined.
Specifically policies should address: records management (retention, litigation readiness, privacy), information management (making sure that records are tamper proof, and easily accessible), data deposition (disposal of data) and conflict management. Where possible, firms should automate policies with technology to protect their intellectual property, prevent the creation and distribution of inappropriate content and provide an audit trail of all activity to ensure accountability.
It’s a serious legal matter
When learning of pending litigation, firms must be able to preserve all records (“legal hold” or “ligation holds”) that may relate to legal action against the company, including records of social activity. According to the Federal Rules of Civil Procedures (FRCP), firms must meet discovery requests for paper as well as electronic documents (spreadsheets, slide decks), emails, posts, and conversations across social media in a timely fashion. Therefore, firms need plans and the means to retain and produce such data upon request. Email was new and difficult, social is not yet understood, complex and mindboggling.
Social, not my grandma’s email
Social media, due to its nature, adds complexity to these requirements as interactions occur over time. For example, a blog starts with an initial post, then readers may add comments, or change their minds and revise and delete their comments and the original author may respond. These interactions could go on for months in some cases. Firms should have the ability to produce all of these threads of posts, comments and replies “in context” to give meaning to the conversations. By providing context, firms may reduce litigation costs by reducing the number of hours required by attorneys to sort through records to determine the sequence of events and the true essence of the conversations. Preserving context requires intelligent software solutions.
What now
Enterprise-wide “social business” tools were designed to facilitate collaboration, not necessarily to meet the legal and compliance requirements of regulated firms or public corporations. They offer basic functionality to capture and archive communications, but not the reporting, contextual view of information, nor granular policy setting that may be desired. Firms are therefore advised that before deploying enterprise wide collaboration tools, they look to third party vendors to ensure their compliance requirements are met.
Collaboration, no pun intended
I reached out to Mr. Etwaru (whom I met a few years ago at a conference in NYC) and shared this perspective. His response is below.
~~~~~~~~~~~~~~~~~~~~~
Hi Joanna,
Your thoughts are spot on. From the regulators (who are doing a great job) point of view social, email, chat, etc. all carry similar risk and hence are metaphorically bucketed from a guidance standpoint. In the enterprise however, the risk with social is multiples higher for a multitude of reasons. One reason is employees learned of social in their personal lives where regulations are by and large absent. Hence, when using social in the enterprise (or in a commercial manner) employees (fallible as we are) tend to assume the same “free range” comes with social. The policy, governance and education you suggested is paramount, I could not agree more.
That being said …
However daunting all of this may be, the biggest risk is not using internal social media to break down silos and to unleash the intellectual power of the enterprise while driving innovation.
BTW, love your diagram, I can help you make it pretty
Hope this helps,
-R
~~~~~~~~~~~~~~~~~~~~~
Diagram above rendered by Mr. Etwaru,
-Joanna
