Written policy: Firms should have a written policy in place that outlines, among other things, the platforms its representatives frequent, the employees who can post and whether the posts must receive prior approval from a compliance officer, according to Jennifer Openshaw, president of Finect Inc.
Capture: Firms should be able to capture and archive tweets and posts. They need to be able to sample and search for problematic terms. “Some of [the traffic] has to be sampled,” said Stuart Fross, a partner at Foley & Lardner LLP.
Monitor: Firms should be able to monitor not only what their employees are posting but also what others are saying about the firm.
Disclaimers: In the fluid social-media environment, it's easy for a client or third party to post comments about a firm, some of which may sound like ads. Posting disclaimers about statements that are outside of the firm's control is a key regulatory protection, according to Amy Lynch, president of Frontline Compliance LLC.
Mobile devices: Firms have to have agile social-media compliance systems that are able to capture employee tweets and posts wherever they may be, which is often away from their desk and computers. “Firms need to be aware that most activity occurs off-site on mobile phones and tablets,” Ms. Lynch said.