When you need information, where do you go? For the majority of people today, the answer involves a smartphone and social media. From Facebook and LinkedIn to Instagram, Twitter, and even YouTube, social media is everywhere—and full of answers, data, opportunities, and potential risks.
For organizations, and the risk, legal, and compliance professionals within them, that means consumers are using your business’s social media profiles and website to make critical decisions. If you’re not keeping full records of what you’re communicating online and on social media, you could be falling short of the regulatory compliance requirements imposed by the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC), exposing your organization to easily avoidable risks and fines.
If your organization has an active social media presence, there's a strong chance you need to be archiving all of those communications, and possibly the communications your employees make on behalf of your organization too. For financial services businesses that provide information on social media, each post, comment, and share can be a business communication that is subject to the same regulatory compliance demands under FINRA—namely, recordkeeping and supervision—as any other form of communication.
But archiving social media is harder than you might think, especially if you need archives that will stand up to a regulatory inquiry or hold up as evidence in an investigation, and it's possible that if you're currently using a PDF-based format to archive this digital content, you are at risk of non-compliance.
Archiving Social Media Is MORE COMPLEX Than You MAY REALIZE
Think about what a typical social media feed looks like. It’s ever-changing, complex, and interactive. It is decidedly not “what you see is what you get” and it’s been designed that way on purpose. To keep social media users interested, engaged, and actively clicking, social media feeds are set up to be interactive and expandable: there’s always more information just a click away.
To capture that experience, the context surrounding it, and the data within it in a static PDF document is somewhat impossible. You might be able to see that a post has 18 likes and 4 comments, but without clicking on those links, you can’t see who liked the post, who commented, and what those comments said, let alone who liked or responded to the comments. But why does that matter? Why do you need that level of granular, specific information, and why this urgency to preserve it?
From the perspective of a regulator, your compliance program is only as strong as your ability to prove compliance. When it comes to regulatory compliance, merely liking a comment, which may seem completely innocent and harmless, can equate to the adoption of its contents and endorsement of its message, potentially triggering additional recordkeeping and supervisory requirements.
Since Hanzo was founded in 2009, we've archived billions of pages in an interactive, dynamic format designed to solve many of the regulatory and legal challenges that PDFs present. With the rise of social media in the enterprise, we've become experts at capturing and preserving Facebook, Twitter, LinkedIn, Instagram, and other common platforms.
Here's a video demonstrating some of our social media-specific capabilities, taken directly from the content we've archived over the past year. It is a prime example of why PDFs aren’t an adequate way to archive social media (or, really, any complex and dynamic online content).
HOW TO ArchivE Social Media for Regulatory Compliance
At its core, the web, including social media, is built around links, videos, and interactive, interconnected experiences. The interconnectedness between sites is a key distinguishing feature of online communication, and while that’s great for consumer engagement, it’s replete with traps for the unwary when it comes to archiving and preserving digital experiences.
Whether you want to establish an archive of your social media presence and behavior to meet regulatory requirements, mitigate risks, or proactively capture and preserve essential data, here are a few key questions and facts to be aware of and keep in mind while auditing your existing archives or exploring potential technology providers.
1. Is my web archiving solution designed to capture the full context around the communications my organization is sharing online?
We've said it in the past and we'll say it again in the future. Context is essential to understand any piece of data or information, and context matters in litigation and compliance too. You need to capture the full dynamic context of all communications for your archives to be complete, and FINRA even has specific regulatory notices covering the importance of context.
In the Instagram example below, taken from our existing archives, you'll notice a few specific things in relation to capturing the context around data:
On Instagram, similar to modern web design and other social platforms, images can appear in a "carousel." That means one post can contain layers of pictures and video, all related to each other. You'll also notice that the comments and activity on a particular post, when it reaches a certain point of "engagement" (often beyond 10 likes or a few comments) become hidden, only visible when expanded upon.
From the perspective of a cat video, much of this seems harmless, but in relation to your organization, the information and data living in those "hidden" comments and likes, or layered within the video of your post itself, is extremely valuable and important for your own due diligence and investigations, as well as regulatory compliance expectations.
This one URL, archived in its native format with all of the functionality and data preserved as you see in the video, would take hundreds (if not more) of PDF pages to capture the full post, and navigating those pages would strip away the context of what the person using Instagram actually experienced.
Consider this situation:
You work for a financial services company, and on your brand's LinkedIn account, the social media manager on your marketing team publishes a new, approved article with information on stocks and other financial investment opportunities that are "trending up" and trending down." While the article itself poses no compliance or regulatory risk and contains the necessary disclaimers to suggest the information itself is not advice, people who follow your organization on LinkedIn begin to share their own thoughts on the market in the comments section.
The 11th comment on that post expresses a specific interest in a specific stock, and someone within your company who reads that post and agrees with that comment, without thinking twice about it, likes their comment. Your employee just unintentionally endorsed that trading suggestion and provided advice, but not just to that one person. LinkedIn's algorithm now shows their followers they liked that specific comment, unintentionally signaling to their community a certain sentiment about the financial outlook of that particular stock.
In your PDF web archive of LinkedIn, which contains a static screenshot of that post and only shows the first 3 comments, this behavior is virtually invisible, keeping your legal and compliance team in the dark to an actual compliance violation.
As you can see, dynamic capture is hard enough, but financial service providers need even more from their archives, increasing the technical challenge of social media archiving.
2. Are my web and social media archives quality tested by experts and preserved in a robustly future-proof format?
Your legal or compliance team might be retaining archived digital experiences and the data they contain for just three to five years, or you might find that you need them for 10 years or more. With the ever-accelerating rate of change in technology, the last thing you need is to turn to your archives a year from now, or 10 years from now, only to learn that you can’t access them!
Under SEC Rule 17a-4, your archives must be maintained in a non-rewriteable format, commonly known as “write-once-read-many,” or WORM. This requirement ensures that archives cannot be changed or altered after capture—and it’s a common stumbling block for regulatory compliance, as evidenced by recurring violations and fines. Photo and document editing technology has gotten so advanced and easy to use that manipulating the text or images in a PDF-document is as simple as downloading a free iPhone app.
But even if you're comfortable with the risk of non-compliance around WORM, or aren't worried about your archives being manipulated and tampered with to delete or compromise precious evidence and data, there's a level of risk around the quality of the information actually being captured if it isn't being tested, and vetted, by your internal team or the vendor you work with to solve these problems.
For example, you have a PDF or screenshot-based archiving system in place to capture your homepage on a daily basis, but one month after establishing that system, you redesign the homepage or change the order information appears, in order to promote a new product or service offered by your company. Suddenly, the screenshots captured and saved as a PDF are missing essential information or don't look as good as they did previously, and nobody realized until it was too late, and for months, you've been archiving and preserving an incomplete picture of your digital presence.
3. Are my web archives navigable and searchable by specific criteria and keywords?
To adequately supervise your communications, you need archives that are navigable and searchable. Collecting all of this data in the proper format and with the right context is essential, but you also need to be able to actually use that information when you need it without spending hours manually trying to find the right data. When you only capture a PDF or screenshot, you lose out on data, metadata, and keywords that exist on, and beneath, the surface of every digital experience.
With Hanzo’s dynamic website and social media capture, you can navigate and search an archived site the same way you would interact with a live site. You can scroll down a feed, clicking on links, expanding comments, playing videos, and even interacting with fillable forms and calculators. You can also look for specific keywords or pieces of data across thousands of archived pages to find exactly what you're looking for.
With Hanzo Dynamic Capture, you can show who liked a post or a comment, establishing that your business communications have been proper. You can also explore the full context of any statement so it can’t be misinterpreted or taken out of context.
Our archives are captured and maintained in a future-proof Web ARChive (WARC) file format that works on any platform and any system, today and at any time in the future. The WARC file format is backed by ISO standard 28500 and is the file format preferred by the Library of Congress. Hanzo’s archives are also captured and maintained in a WORM format that complies with SEC Rule 17a-4.
Because they’re fully navigable, our archives are also searchable, making them easy to review both for eDiscovery and for regulatory supervision, and because our work centers around the needs of litigation and compliance professionals, we’ve built our archives to be both admissible and subject to authentication.
When you need to archive your online and social media communications, don’t waste your time and budget on vendors and technology providers that don’t understand what it takes to create defensible, workable website archives for regulatory compliance. Ask for a demo, see what they show you, and remember the three questions we've posed in this article.
The potential risks of non-compliance are easy to avoid, but it starts with making the right decision about who to work with. To learn more about how Hanzo can help, schedule a free consultation to discuss Instagram, your website, or other social media channels used by your organization today.