This organisational problem is growing at endemic levels, and is sure to be widely discussed at Davos. Kitty Parry, Davos attendee and Young Global Leader of World Economic Forum 2014, gives her view.
Regulated companies have hundreds, if not thousands, of employees. And for each employee that breaches social media and data compliance regulations, CEOs and other senior organisational figures are facing criminal liability. You read that right. In accordance with the FCA Senior Manager’s Regime, which will come into effect in 2018, all senior managers of regulated firms will have personal criminal liability on their heads for organisational data breaches.
Examples of social media and digital data compliance breaches
These can be as banal as the time when the CFO of Twitter Anthony Noto accidentally, but publically, posted what appeared to be a private message about an acquisition. As CNN reported, the company’s share price subsequently tumbled 17%.
There are also cases such as that of Deutsche Bank, which this year was fined almost $157 million, according to Bloomberg. The company failed to ensure traders abided by the Volcker Rule. Bloomberg reports that in March 2016 the company admitted that it lacked inadequate systems to track ways in which traders may run afoul of the rule. The bank was fined further because currency desks were using online chat platforms to discuss trades with competitors, allegedly revealing positions. In addition to the fine, the Fed issued an order that required Deutsche Bank to improve senior management’s oversight of currency trading.
Who is responsible?
Compliance departments and marketing teams at many regulated organisations have struggled to determine who is responsible for training teams to steer clear of these kinds of transgressions. Should the marketing team train employees how to use public-facing social media? Should the compliance department regulate its use? Even more perplexing, where is the line between employees’ right to free speech and the proliferation of privileged information? We have all seen it: Snaps and Instagram stories that friends post at their desks, their dinner and papers and computer screen visible with hashtags such as #latenite #workhard. If there’s confidential data on the desk, the employee may get fired for sharing that information, however unwittingly. The regulatory ramifications reach far further. As of March 2016, the legal responsibility lies with not only the employee, but the employer and the employee’s manager under the FCA’s Senior Managers Regime. Although the rule as it was written in 2016 applied to the retail space, in 2018 this rule will be extended to include all regulated firms. Thus, incidents such as this one- which are extremely commonplace- threaten the viability of entire organisations that are held liable for infractions of securities law.
What to do?
Current regulations include the aforementioned FCA Senior Managers Regime as it was written in 2016, as well as the FG15/4, the FCA’s supervisory approach to social media and customer communications and FINRA regulatory notices 10-06 and 11-39. There are also internal social media policies that most organisations have, although very few employees pay attention to them, particularly when faced with the social validation that comes from posting a picture that shows how important and/or hardworking they are. The issue is that a regulator can at any time step in and investigate, and there is a high likelihood that they will be faced with a huge amount of legacy infractions, i.e. a flood of social posts employees have made in the past.
Since social media changes quickly, with the “hot” channels fluctuating and the ways channels are used shifting, the answer has to be in modifying behaviours, not organisational policy. Educating staff covers organisations so they have an audit trail to cover themselves from liability should infractions occur. It also gives employees new ways to communicate on social media.
At Social Media Compliance, we have developed the world’s first image recognition, machine learning tool that can identify and even mitigate social and digital compliance and data breaches. Further, we provide solutions to data and compliance risk that are generated from employees’ use of personal social media. Our algorithm, developed to identify image as well as written breaches, is based on global regulatory laws including the SEC Safeguards Rule, the FCA’s Senior Managers Regime and others. We currently work with some of the world’s largest banks and regulators, including the European Central Bank, Federal Reserve Bank of New York, J.P. Morgan and Bank of America. Chief Compliance Officers feel better knowing that their organisations and senior managers are protected from social media and digital data compliance risks. Further, as our tool notifies employees when they have posted images that may breach regulations, senior managers rest assured that their employees are notified of regulatory infractions as they occur, a perk when faced with potential fines for personal use. Everyone can rest assured, and employees can still use social media. It’s a win-win.