SEC Scrutiny Highlights Risks of Social Media

Robert Cruz


September 3, 2019

SEC social media risk

Employees naturally want to use the social platforms and collaboration tools they are most familiar with to do their jobs. For younger workers, these preferences may reflect a desire for communications immediacy, helping them achieve higher response rates and meet the needs of a new generation of clients. Often, this does not include email.

The problem with this shift is that  firms operate under regulatory frameworks that require the retention of all relevant electronic communications, including social media and mobile conversations. Emails are relatively easy to capture, but newer forms of social media communication are not. Traditionally, organizations in regulated and highly litigated industries have simply tried to prohibit the use of communication tools that they are not proactively capturing and archiving. But that can have negative ripple effects on employee productivity and morale, and is largely ineffective since users consistently find ways to bring new tools to the workplace anyway.

A recent Securities and Exchange Commission (SEC) case demonstrates how the unfettered use of social media communication tools can have costly consequences. In August 2018, Tesla CEO Elon Musk tweeted that he was considering taking the company private in a proposal that valued the company at $420 a share, falsely claiming that funding for the deal had been secured. The SEC charged Tesla and Musk with securities fraud for misleading investors and eventually reached a settlement in which both the company and its CEO were ordered to pay separate $20 million fines, while Musk agreed to get legal approval for tweets that could affect Tesla’s share price.

However, that agreement fell apart this year when Musk tweeted about the number of cars Tesla expected to make in 2019. SEC Commissioner Robert Jackson was not amused. On June 13, Jackson urged the agency to publish new guidance on chief executives’ use of social platforms such as Twitter and Instagram.

“What’s important to me is that the legal principles we’ve always had in the securities markets apply to all the innovative things that are happening,” Jackson said. “But Twitter is a little different. It’s a medium, it’s informal. It can be responsive, there can be retweets, there can be a conversation, in ways that are not contemplated by every single SEC rule.”

In fact, many firms are unprepared to address the interactive nature of today’s social and collaborative technologies. The world is adopting technologies that allow people to interact over multiple modalities and have long conversations that can be altered an infinite number of times, or may jump to other networks. But the tools most people use for regulatory and discovery purposes were designed for the flat, static, monotone world of email and digital and paper files. Considering that most firms today use a variety of unique and interactive tools, keeping track of all these methods of communication can be challenging.

With the SEC potentially ramping up its scrutiny of digital communications, firms need to take certain considerations into account when adopting new tools, including:

  • The risks from social media misuse apply to all organizations. All publicly traded corporations need to consider how they are monitoring for potential disclosure of non-public information through all communications channels.

  • Methods of capture matter more than ever. Not all tools provide reliable methods for capturing all content, metadata and event information, and screen-scraping and self-service downloads are often insufficient for the needs of firms that are heavily regulated or litigated. Planning how to capture social network content before allowing its use is vital.

  • Social media and mobile messaging need to be built into ongoing content inspection processes. Content containing risk or value can live anywhere, and processes need to catch up with today’s communications tools.

  • Pre-review of social content can pay huge dividends. Tools that allow content to be inspected and approved prior to delivery or posting can generate an enormous return on investment—especially when compared to a $20 million fine.

  • Risk is not just about “regulated users.” Executive staff, legal teams and other key stakeholders can also use social media or internal collaborative tools inappropriately. Compliance teams need to broaden their supervisory lens to include these groups.

  • Policies need to be adaptable. It is critical to define how corporate policies can be adjusted to address new communications formats.

The widespread use of social media and interactive collaboration tools for business purposes will continue to grow. Since prohibition is not effective, the only way to mitigate the governance risks of social media use will be to implement new strategies for digital information capture and archival in order to avoid possible compliance issues.
Robert Cruz is senior director of information governance for Smarsh. He has more than 20 years of experience in providing thought leadership on topics including eDiscovery, information governance, data privacy, and regulatory compliance.