Image by Nanagyei via flickr

How to Stay Compliant on Social Media for Financial Services

For financial services, social media has become a powerful business tool. However, with all the advantages come significant compliance challenges. Ensuring compliance has become more difficult with increased employee use of social media, and fines for non-compliance are also on the rise. In this blog we will discuss the main social media challenges faced by the financial services industry, particularly for insurance companies, and how to overcome these challenges, ensure compliance, and generate business.

There is no longer any doubt that social media has a place in financial services. Thirty-three per cent of insurance companies have found new customers on Facebook, while 38% have found new clients on LinkedIn. The U.S. Securities and Exchange Commission announced that American companies can post important business information onto social networks like Facebook and Twitter, as long as investors are made aware of which sites they’re going to be posting to. But with these capabilities comes the need to enforce them.

A more stringent look at social media compliance

FINRA, the Financial Industry Regulatory Authority, determined determined in 2010 that there would be no distinction between social media communication and regular in-person or traditional written communication. This set the stage for a more stringent look at the social media activities of FSI organizations.

In 2013, FINRA issued $15.1 million in fines related to electronic communication, including social media, a 132% increase from 2012 and a 277.5% increase from the start of the decade. The agency has levied massive fines against both organizations and individuals for compliance violations, including $9 million for not complying by archiving rules, $5,000 for a Facebook post that was “not fair and balanced”, and $10,000 for misleading Tweets.

Even still, the SEC (Security and Exchange Commission) has told FINRA that its fines have been too few and need to be stronger across the board. Insurance companies must be aware of the compliance regulations that affect social media and be proactive in taking steps to avoid violations.

In addition to treating social media communications like they would traditional communications, there are several other regulations that FSI organizations must comply to. These include:

Keeping a large workforce compliant

Social media allows your workforce to engage with customers from wherever they are, but unmonitored this communication can expose companies to compliance risks.

Work forces are becoming larger and more diverse. Insurance companies are operating 24/7 with agents and advisors around the world. No longer is content being distributed just from the company network or approved device. Content is being shared on personal social media pages, it is permanent, not always approved, potentially off-message, and at risk of regulatory violations.

For example one of OpenQ’s clients, a Global 500 company with over 150,000 advisors operating worldwide, did a spot check of their employees in the Asia-Pacific and India region.  Potential violations were uncovered in records management and compliance. They had a solution to work inside the company firewalls, but the diverse workforce presented a difficult challenge.

Posts were being made that offered guarantees on returns, used profanity, and were factually inaccurate. Business records in social media have to be maintained for years and without a monitoring tool in place, agents had to undertake the onerous and tedious process of taking screenshots of every post, as well as comments, and store them in a readily accessible format. Without a compliance management system or a 24/7 well-staffed dedicated department in the company that manually monitored every agent, violations were common.

4 ways to ensure compliance and avoid fines

Fortunately there are things companies can do to avoid regulatory risks, fines, and ensure compliance with a large workforce.


Ensure that the monitoring of employees is done through a service that connects on an API level to your social media platforms (Facebook, LinkedIn, Twitter). Social media can be accessed anywhere, but by using a compliance tool that connects to the API level, employees will be continuously monitored, and posts will be screened against violations no matter the location of the post. If a post by an employee violates regulatory rules, even if the post is from outside their corporate network or from a non-approved device, the firm is still responsible.


Business records must be maintained for all social media, regardless of whether the post is public or private. This is not just for American companies, but for global organizations as well. An automated archiving tool prevents unnecessary exposure to regulatory violations


Ensure that all content being disseminated is screened against a policy library. This library should have regulatory rules from all countries or regions in which the company operates.  The policy library should also monitor for company specific information such as account numbers, other personally identifiable information, and profane language.

Encourage sharing of pre-approved content

Have a pre-approved library of content (files, messages, and specific notes) that can be used by your employees where appropriate. This pre-screened and approved content will allow them to quickly engage on social networks without any concern of violating financial service regulations.

For more on this subject, check out The Financial Services Guide to Implementing a Social Media Strategy

Download this Guide