Could LinkedIn cause the next financial communications compliance crisis?

Predicting risk is always a challenge, and (ironically) carries its own element of risk. In the digital communications space, anticipating what channel will emerge as the next potential risk area is vital in helping compliance teams to put strategies and tools in place to mitigate that risk.

The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

This challenge has been increased by the widescale shift towards working remotely, ushered in by the pandemic. Employees adopted a wider range of digital communication channels to contact each other, their firms, and their clients than ever before. But with so many channels to choose from, understanding where to focus efforts (and budget) to effectively mitigate compliance risk can be a minefield.

Keeping it on the record / Regulations and expectations

Across jurisdictions, financial regulators require firms to capture and record their business communications. While specific rules might differ, the outcome is consistent: firms must capture and preserve all records that pertain to business communications, across every channel. We’ve seen a myriad of regulatory actions that prove how seriously regulators take these recordkeeping requirements.

We have also seen the modernization of legislation to bring recordkeeping requirements up to date with more digital ways of working, as well as the introduction of the U.S. Securities and Exchange Commission’s (SEC) Marketing Rule, aimed at regulating advertising via social media and websites.

With this shift in regulatory focus towards digital communications channels, several have risen to prominence as particular targets of regulatory scrutiny, most notably WhatsApp. But with WhatsApp having been the channel most focused on and discussed in terms of communications compliance over the last few years, naturally, the discussion is shifting toward which channel might be next in the regulatory firing line.

LinkedIn: The next communications compliance crisis?

When it comes to communication compliance, LinkedIn presents a series of unique risks. LinkedIn has evolved from its original purpose as an online resumé and business networking platform, now functioning as a recruitment tool, a sales channel, and a means of businesses communicating with the wider world.

As such, it is subject to several parallel avenues of regulatory scrutiny. The fact it can be used to share marketing materials means it is subject to the SEC’s Marketing Rule. The direct message feature also means employees can communicate with one another and clients/customers about business matters – meaning regulators will expect this data to be captured as well.

A recent study of data from financial institutions has given interesting insights into what communications data these organizations capture. Surprisingly, LinkedIn is the channel captured the second most often, behind email, with 33 per cent of accounts capturing the channel. Interestingly, breaking this data down further reveals where there might be potential gaps in compliance posture: of those capturing LinkedIn, 62.9 per cent only capture employee account data (like direct messages), 10.9 per cent capture LinkedIn company account data (such as marketing materials), and 26.2 per cent capture both.

This relatively low rate of LinkedIn capture should be a cause for concern. With only a third of accounts capturing the channel at all, there is potential for LinkedIn to pose considerable compliance risk. Regulatory expectation around illicit communications (via direct messages) and marketing communications (posts on company accounts) mean that, in order to foster iron-clad compliance, firms need to follow the example of that 26.2 per cent when it comes to channel capture.

We have seen the rigor that regulators have used to follow up on off-channel communications and associated recordkeeping lapses. With LinkedIn presenting potential risk across multiple fronts, and comparatively few firms utilizing solutions to mitigate them, there’s a clear link between LinkedIn and what could be the next compliant communications crisis.