Actiance & Hootsuite Webinar Recap: What Social Communications Should I Capture and Retain?

Great discussion this last week with Amy McIlwain, Financial Industry Principal at Hootsuite. Thank you to those who joined us.

The webinar highlighted the power of our partnership – encompassing how financial services firms can use social media to deepen engagement with clients across every touchpoint. Amy highlighted the compelling ROI that firms have generated though the use of social when it is in the hands of executives, registered representatives, and internal social advocates – in one case producing nearly $3M in incremental value to a financial service firm through the use of the Hootsuite platform.

Actiance followed with an overview of the unique challenges created by the use of rich, dynamic and – increasingly – multimodal social content. These challenges include the capture and preservation of this emerging content sources, the need to identify, track and control the variety of social channels that are in use by registered representatives, the need to enforce policies uniformly through these tools, and the complexities that arise in reviewing social content in tools designed for email. We followed with a review of best practices that firms are adopting to ensure that the proliferation of social – and other rich new communications tools – are not creating additional compliance risks. The bottom line is straight forward: 1) your customers are increasingly demanding that you engage on these communications channels and firms need to be prepared by applying good governance strategies to ensure that policies can be enforced through any communications touch point, and 2) engaging legal, compliance, and security  stakeholders is critical to ensure that your firm is creating a holistic view of the benefits and risks of social media and messaging tools.

One interesting question was raised that produced a good amount of follow-on discussion that I’d like to explore further here: should financial services firms only capture information from registered representatives or their broader user base?

As one might expect, the answer to this question is not always straight forward and opposing philosophies can easily collide:

  1. The ‘Preserve as little as Possible’ camp:  from a policy perspective, the business use of social media is no different than the logic underlying existing retention policies: capture and retain communications only if explicitly required by regulation in order to avoid unnecessary risks created by having too much data around. In this scenario, only social content from registered representatives falling under FINRA 3110 (or similar IIROC or FCA requirements) should be captured and retained.
  2. The “Its About Content and Context” crowd: This perspective the logic that the content and context of a conversation determine its relevance – not the specific communications technology used. So, in this scenario, social is no different than how firms have treated email and other potential business records for the past 10+ years – if the content potentially has business value or creates compliance risk it should be retained. This camp would advocate the capture and retention for a broader set of employees.

The 2 options are not mutually exclusive – some firms have opted for a modified version of #2, where retention polices are applied against registered representatives, senior executives, authorized users of company-branded social media tools (i.e. those with “keys to the car”) as well as those whose jobs may entail communications of sensitive information.

So, how can you determine the best approach?

Well, as one might expect, policies are not always fluid and dynamic – they can be rigid, sticky, and deeply embedded into the corporate fabric. However, what we’ve seen many firms do to address this situation include the following:

  1. Dust off the company communications and retention policies – like technology, policies written long ago for email many not be suitable for today’s communications. In fact, recent surveys from our friends at the IGI indicate the policy updating was one of the most common IG projects undertaken by firms in 2017
  2. Examine where communications leading to ‘business transactions’ are happening – companies can leverage the language of the recently enacted MiFID II in the EU that states that “all communications that lead to a transaction must be recorded and captured”.  When ‘business transactions’ or records/events are interpreted broadly to include signing of business agreements, communications to investors, customer support updates, etc. – you will likely find that social tools are now becoming embedded into business processes and require control for user groups that are engaged in high value or high-risk activities
  3. Monitor the ‘Not-Exactly-Best Practice’ cases – there is an increasing body of court decisions and regulatory fines/sanctions that stem from the misuse of social. The variety of mishaps is overwhelming, but common themes are emerging, namely that 1) firms need to have a mechanism to be able to capture and preserve social content as they do for any form of information (independent of whether the method is proactive or reactive capture), and 2) failing to take reasonable steps to preserve content that is relevant for discovery or to respond to a regulatory inquiry is never good. Spoliation is not a happy concept.
  4. Stay engaged with business users of social – A simple, yet critical step that can easily be taken by compliance teams is to be aware of how specific users are leveraging social to improve the ways to do their jobs. New social and multi-modal messaging and collaboration tools are emerging almost on a daily basis, so knowing how they can be harnessed by your business will give you greater insight into the importance of information being delivered through those channels, which is vital to adjust and update policies.
  5. Look beyond regulations – as with any effective governance initiative, the assessment of information value and risk needs to a product with components provided by compliance, infosec, legal, HR, IT, and business. Determine the right approach to the capture and retention of social should follow those same principles.

Originally published on Actiance.com, March 12, 2018

Share this post!

Robert Cruz

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.