Social media is fast becoming an accepted platform for business communication – opening the doors for new marketing methods and allowing organizations to connect with customers and prospects in innovative ways.
However, new communication tools are creating compliance challenges across industries, particularly in financial services. As social media communication increases, so too do the risks of off-channel communications, marketing rule breaches, and the unchecked communications of “finfluencers.”
According to Global Relay’s most recent insights report, which analyzes the data of over 12,000 financial services organizations, 33% of firms are now capturing social media communication across channels including LinkedIn, X, YouTube and Instagram.
With compliance and regulatory upheaval at the forefront, social media is adding fuel to the compliance fire. While social media is quickly becoming a powerful tool for both growth and engagement with financial firms, unchecked use by employees poses serious regulatory risks.
Corporate communications have experienced rapid changes in recent years. Phone dominance pivoted to email communications, and the rise of apps and personal devices created even more compliance challenges around messaging platforms and instant messaging.
Global Relay’s Rob Mason: New risks in grey areas.
For financial firms beholden to recordkeeping and surveillance requirements, tracking and monitoring employee communications has become a significant endeavor, especially in light of hefty regulatory fines.
It’s easy to see where a conversation can change from professional to personal. For example, broker-dealers build relationships with clients and investors as part of their overall business goals. What can start as a professional relationship, with messages such as “What time are we teeing off?”, can quickly turn to a personal, and risky, “I’m looking to sell XZY stock if you know anyone who is interested.”
These grey areas and messages are a compliance minefield, made only more challenging when communicated on a personal device or platform.
Social media has also created a new risky group of individuals. “Finfluencers” are influencers on platforms such as YouTube or Instagram that use their social media following to influence financial decisions by sharing investment advice or personal finance strategies and recommendations, often without credible backgrounds or without adhering to regulatory obligations.
In some instances, financial institutions are actively employing finfluencers as part of their marketing strategy. In 2024, for instance, M1 Finance received an $850,000 fine where it employed finfluencers to promote products in a way that was not fair or balanced.
Regulators have recently expressed concerns about social media finfluencers. In 2021, the Financial Industry Regulatory Authority conducted a targeted examination to gain a better understanding of practices related to the acquisition of customers through social media. FINRA has noted concerns around issues such as compliance with Securities and Exchange Commission Regulation S-P, which governs the privacy of consumer financial information.
While social media is a global phenomenon, the regulation of it is not. The U.S. and U.K. have taken markedly different stances when it comes to social media compliance, creating a headache for firms that operate across regions. In the U.S., 38% of firms are capturing social media data, compared to only 9% in the U.K.
Social media poses three critical risks for the financial services sector in particular: market disruption and economic upheaval through the spread of misinformation; marketing and consumer risk through misleading promotions; and recordkeeping risks and the potential for off-channel communications.
Of those, the last two have been more widely addressed by U.S. regulators. The SEC has published and enforced rules around financial promotions through the Marketing Rule. The Financial Conduct Authority has sought to address similar issues within its Consumer Duty rules, but it has been less strictly enforced.
U.K. regulation has been less direct and has focused more on the marketing of crypto assets. Although the FCA has been critical of finfluencers, including issuing enforcement actions and in some instances criminal actions, regulators across the pond remain less aggressive compared to U.S. counterparts.
Social media is only one piece of the compliance puzzle when it comes to recordkeeping and surveillance risk. Looking ahead, with a new administration in the U.S. and indication from U.K. regulators that they are turning their focus to communication channels, it’s likely that the communication landscape will continue to evolve in 2025.
For firms that have so far failed to consider social media as a compliance risk, it might be time to reconsider.
Rob Mason is Head of Regulatory Intelligence at compliant-communications solutions company Global Relay.