Under Regulatory Scrutiny: Top 6 Employee-Requested Social Platforms

Social Network Polices Require Archival, Policy Enforcement

Employees use social networking to network with other professionals and interact with clients, but for some firms, granting access also requires the need to archive employee activity to meet requests from regulator scrutiny. Portland, Ore.-based data archival firm Smarsh conducted a survey of more than 280 C-level management employees, compliance officers and staff members at financial services firms to identify data retention and protection trends. The firm found that most respondents had archiving systems in place for email. But, while most had policies governing the use of LinkedIn, Twitter and Facebook, far fewer companies had an archival system in place to support them. The firm's survey identified the social network most frequently requested by employees and the message types frequently scrutinized by regulators. Here's a look at the survey's key findings.

No. 1 LinkedIn

Business networking platform LinkedIn was the most popular social network among employees, according to the Smarsh study, with 63 percent of firms permitting its use, a 10 percent increase from 2012. When LinkedIn rolled out a skills feature, compliance officers needed to determine if endorsements qualified as a referral or testimonial under the SEC Investment Advisers Act, and then educate employees not to use that function, according to Stephen Marsh, CEO of Smarsh.

No. 2 Facebook

No surprise here, the No. 2 spot went to Facebook, as the Menlo Park, Calif.-social giant has grown to be the most widely used social network and one that is frequently used by businesses to reach out to customers. Only 41 percent of organizations that have policies governing Facebook use have an archival and supervision system in place to enforce them, the Smarsh study found. Social media messages were the fifth most requested data type requested by regulators, the study found. Requests for messages made on Facebook, LinkedIn and other social networks grew by 7 percent over the previous year, Smarsh said.

No. 3 Twitter

Twitter was the third most employee-requested social media site. The platform is frequently used by marketing teams to reach out to potential customers and provide support information. Even fewer firms (38 percent) have archival and supervision systems in place supporting policies, the survey found. Texting and instant messaging accounted for the majority of regulatory enforcement activity, according to Smarsh. Even with a 140-character limit, Twitter use is frequently scrutinized with other social media.

No. 4 YouTube

YouTube was the fourth most requested social media by employees, according to Smarsh. Regulators are less likely to make requests for video messages, but website pages were the second most frequent message type they requested. Smarsh said that 71 percent of respondents consider 48 hours to be a reasonable time frame within which to provide specifically requested messages.

No. 5 Google+ And No. 6 Salesforce Chatter

Google+ and Salesforce Chatter were the fifth and sixth most requested social networks, according to the survey. While email is the most heavily regulator-requested electronic communication at 81 percent, instant messages ranked as the third most frequent document type. Salesforce Chatter is widely used to access the Salesforce.com platform. The tool incorporates information from YouTube and Twitter and can be used to collaborate with other employees or simply share status updates.

Regulator Requests Result In Some Big Fines

The Financial Institution Regulatory Authority (FINRA), the largest securities regulator in the U.S., often examines supporting documentation related to electronic communications compliance. FINRA, which is charged with maintaining fairness of the capital markets, brought more than 1,500 disciplinary actions in 2012 against registered individuals and firms. FINRA levied fines totaling more than $68 million and ordered restitution of $34 million to harmed investors, according to Smarsh. When authorities request data, businesses frequently have a short time to provide the information, a constant challenge for compliance officers.