One of the barriers of firm-wide deployment of social media is the process around crafting of a social media employee policy. Drafting policy from scratch is daunting to most people. Where to begin? Rather than start with a blank screen, consider these 14 components:
1) Overview of program
Provide an overview of the goal of the program and who is participating. Convey the purpose and value of using social media for the firm. Reinforce your firm’s mission and values. Remind users that social media is a public forum and that they are representing your firm and reinforcing the brand. This is also an opportunity for Senior Management to demonstrate that they support a social media initiative.
2) Approval process
Outline requirements for participation in social media for business. For example, describe specific approval processes with user’s Manager and Compliance department and / or Human Resources. Provide details on training / attestations that may be required. Detail exclusions such as Registered Persons who may have had compliance issues in last 12 months.
3) Network access
List the social media networks permitted now and plans for future. Define how users access social media sites. Some firms allow users to access native social media sites directly; other firms instruct users to log unto a third party vendor’s site that aggregates the networks. In some cases, users may do both. Be clear.
A new and growing area of the law is ownership pertaining to social media. Define in advance, and get in writing, who owns what (profiles, access information, content, followers) in the event of voluntary or involuntary termination.
Many firms have disclosures that appear on each user’s profile that link back to the corporate website. Define specific language for each social network and respective link.
6) Prohibited Language
Users should be reminded that social media is just another, albeit more public, form of electronic communications. Existing communications and workplace policies apply. Profane, defamatory, disrespectful, harassing, sexual statements are expressly forbidden. If using a third party vendor, create and apply a lexicon (or “trigger words”) of forbidden words. Use technology to block inappropriate language on the corporate network (just as you may do for email now) and to send an alert if prohibited language is used off the network.
7) Negative interactions
Direct users how to respond to negative comments, customer complaints, or if your users are being harassed or subjected to inappropriate language themselves.
8) Protect customer and firm proprietary information
Remind users that they are responsible for protecting their customer personal information such as social security numbers, account numbers, date of birth, addresses, etc. Personally Identifiable Information (PSI) should never be shared on social media networks. Firm information should be also protected. Be cautious not to reveal trade secrets, special projects, propriety information, or earnings. Also be mindful of copywrites, posting third party content, the appropriate use of firm’s logos and trademarks. When in doubt, ask for guidance.
9) Incoming threats
Remind users of your existing IT guidance to prevent malware from coming into the enterprise. Like email, they should be very careful about clicking on links on social media.
10) Prohibited Activities
Outline specific activities prohibited on each network and the reason they are prohibited. Below are some examples by network. For example, many firms within financial services prohibit certain activities as they may be interpreted as testimonials or create additional recordkeeping requirements.
- Writing recommendations
- Endorsing products
- Endorsing sills
- Displaying skills endorsements
- Accepting recommendations
- Asking for a business-related endorsement of recommendations
- Create list
Additionally, if firms are not working with an outside vendor to capture and archive private communications on social media, they may instruct their users to use corporate email for all private communications rather than use InMail (LinkedIn), Direct Message (Twitter) and Messages (Facebook).
11) Directions for setting up professional profiles
Most firms provide specific directions on how to set up a profile on LinkedIn, Twitter and Facebook. Typically, users are instructed to use business card information, a professional photo, include a pre-approved description of the firm, special disclosures and corporate contact information. In many cases, profiles are pre-approved by Compliance before users are permitted to use social networks for business. If that’s the case at your firm, detail the process and anticipated turn-around time required for pre-approval.
12) Guidance for professional use of social media
Provide an overview of how social media is to be used for business for the firm. Be as specific as possible and provide examples whenever possible.
- Many firms’ marketing departments create a centralized library of content that has been pre-approved by compliance that is to be posted “as is”. Content is typically is accessed through a third party platform.
- Other firms allow users to add their own personal introduction to the pre-approved content.
- A few firms allow their users to create their own content. If your firm allows user-generated content, provide specific guidance on what is appropriate and the process for approval. For example, you may advise users to post content that is “ever green” that that their followers may find interesting over time.
- Certain language is prohibited outright (profanity, overtly sexual, discriminatory, etc).
- Remind users of their suitability and / or fiduciary responsibilities regarding making investment recommendations. Specifically, Financial Advisors may only make an investing or product recommendation if it meets the needs and risk tolerance of the investor. As no one cannot possibly “Know Your Customer” on social media, firms tend to prohibit the mention of products of specific investing strategies. In short, inform, don’t pitch.
- Outline specific restrictions about posting about your firm or your competitors.
Clearly articulate that business communications on social media sites are monitored, captured and archived across corporate and personal devices. Note that communications are actively supervised and that the user has no expectation of privacy on social media accounts monitored by firm.
Describe the consequences of not adhering to social media polices. Note that users are be asked to remove inappropriate communications and are subject to disciplinary actions, including termination.
13) Guidance for personal use of social media
As a service to their employees, some firms provide guidance on the personal versus professional use of social media. To avoid legal action, firms are careful not to prohibit any specific type of communications, such as disparaging remarks about the firm or management. However, firms often remind users of the permanence of social media. Like email, although posts may be deleted, they never truly go away. Communications on social media have been used as evidence in criminal and civil trials. Social media is used by insurance companies to conduct fraud investigations and by Human resource departments to conduct background checks of prospective employees. Some firms also remind their users of the importance of privacy settings and to be careful about revealing their own Personally Identifiable Information.
14) Contact information
Include the contact information for questions on policies and use of social media networks.