Many financial services companies are now coming to the view that although there are legal and regulatory risks associated with enabling employees to blog freely and engage with social media networks, such risks are outweighed by the corresponding commercial opportunities.
Key to arriving at this view is knowledge by senior executives that the risks are now being managed within a compliance framework that is both consistent in its application and flexible enough to deal with the needs of individual teams and departments.
The Financial Services industry has been comparatively slow to embrace social media, which is hardly surprising. Constrained by the watchful eye of the Financial Services Authority, the thought of giving employees carte blanche to use Twitter and Facebook at work is enough to give many lawyers and compliance officers in the financial services sector sleepless nights.
But attitudes are changing. More and more financial services firms are now dipping their toes into the world of social media and reaping the rewards. Whether it be thought leadership on blogs, responding to customer complaints on Twitter, or creating common interest groups on LinkedIn, financial services firms are realising that brands can be enhanced and relationships built through social media.
From a compliance perspective, most large companies now provide social media policies and/or guidance to their employees, often in the form of lengthy documents. But such documents, usually drafted by various combinations of the legal, communications and social media teams, need to be considered in the context of other policy documents such as the group communications policy, the employee handbook, the data retention policy, and the data security policy. Consistency across the board is key to avoid confusion and legal disputes.
Will allowing employee access to Twitter increase the risk of hacking by fraudsters? Can employees take their Twitter and LinkedIn accounts with them on exit? Can the company use a tweet as part of a marketing campaign for a new financial product? When will a tweet about a financial product be considered to be a financial promotion? Should the company pre-moderate or post-moderate user comments on the company blog? How, and for how long, should social media communications be retained? Can the company be liable for third party comments on a LinkedIn group administered by the company?
These are just some of the many questions that the legal and compliance teams will need to grapple with when drafting the relevant policy documents.
Once the documents are drafted, communication of the policies and the training of staff are vital to ensure effective compliance. It’s unrealistic to expect employees to take time out of their busy days to read 20 pages of social media guidance. Companies need to find ways of distilling their policies to key points and ensure that those charged with monitoring and contributing to social media discussions have had the right training to make sound judgments in the heat of the moment.
Effective crisis response procedures are vital, particularly when external moderation companies are used. There simply isn’t time when a crisis breaks to spend several hours deciding how bad the problem is, whether to respond, who should respond, and who needs to authorise the response.
A crisis team needs to be ready made and given authority to act quickly with appropriate input from the executive and senior members of the communications and legal teams. Relevant experts may be needed on the crisis team, for example to advise on the remit of the FSA when issues of insider dealing and financial promotions arise. And whilst an immediate response to a false market rumour or defamatory allegation may not always be appropriate, surgical removal of the offending statements several weeks later may at least stop the statements being forever available at the end of a Google search.
Last year, the US regulator, FINRA, issued a regulatory notice providing social media guidelines to regulated financial services firms. The guidance includes recommendations to retain records of all social media activity, be careful not to recommend securities on social media platforms, obtain approval from compliance departments on blog posts, establish policies and procedures regulating social media activity, and provide evidence that such policies were enforced.
Notwithstanding FINRA’s requirements, Morgan Stanley announced earlier this year that it would allow 600 of its brokers access to Twitter in the US and Citigroup were also reported to be training 100 customer service representatives to handle customer complaints and build customer followings through Twitter. Both are bold moves and signs that financial services firms are starting to open up to this new form of communication.
So far, the FSA has adopted a light touch approach to social media and restricted its guidance to financial promotions, but it is surely only a matter of time before it follows a similar path to FINRA. Now is therefore the time the put the compliance framework in place.
Richard Bamforth heads Olswang’s litigation and arbitration Group. This article was written in association with Ashley Hurst a senior associate in the media litigation team.