Social media is no longer optional for financial services firms. Advisors, bankers, and analysts are on LinkedIn every day — building relationships, sharing insights, and representing their firms to clients and prospects. That’s a good thing for business. It’s a complicated thing for compliance.
The regulatory landscape around social media in financial services has shifted dramatically in the past few years. Since 2021, SEC, CFTC, and FINRA enforcement actions related to electronic communications — including social media — have resulted in more than $3.5 billion in fines across the industry. The message from regulators is clear: if your people are using digital channels, you need to be supervising and archiving those communications.
The Regulatory Framework
For U.S.-based broker-dealers and registered investment advisers, the key regulations governing social media use include:
SEC Rule 17a-4 requires broker-dealers to retain certain electronic communications in a non-rewritable, non-erasable format. When employees use LinkedIn to communicate with clients or prospects, those interactions may fall under this retention requirement.
FINRA Rule 3110 requires member firms to establish and maintain a system for supervising the activities of their associated persons. That includes social media activity. Firms need written supervisory procedures that address how they monitor and review social media use.
FINRA Rule 2210 governs communications with the public, including social media posts. Content shared by registered representatives on LinkedIn — whether it’s a company post, a personal insight, or a comment on someone else’s content — may be considered a communication with the public and subject to pre-approval or review requirements.
For firms operating in the UK and EU, FCA and MiFID II regulations impose similar obligations around record-keeping and communications supervision, though the specific requirements differ.
Where Most Firms Have Gaps
The challenge isn’t that firms don’t know about these rules. Most compliance teams are well aware of their obligations. The gap is usually in execution — specifically around LinkedIn.
Traditional archiving solutions were built for email and messaging platforms with well-defined APIs. LinkedIn is different. Employee activity on LinkedIn spans posts, comments, reactions, direct messages, and group discussions. Many firms archive some of these channels but not all of them. And many firms have employees actively using LinkedIn who aren’t enrolled in any archiving or supervision solution at all.
This creates a coverage gap. A firm might have 500 registered representatives, 350 of whom are active on LinkedIn, but only 200 of whom are being archived and supervised. The remaining 150 represent potential compliance exposure — not because they’re doing anything wrong, but because the firm can’t demonstrate oversight if a regulator asks.
The Shift from Reactive to Proactive
Historically, compliance teams have taken a reactive approach to social media: lock it down, restrict what people can post, and hope that limiting activity limits risk. That approach made sense when social media was a nice-to-have. It doesn’t work anymore.
LinkedIn has become a primary business development channel for financial services professionals. Restricting access means restricting growth. The firms that are getting this right have shifted to a proactive model — one that enables employees to use social media effectively while maintaining full compliance oversight.
That proactive model typically involves three components:
Archiving — capturing and retaining all LinkedIn activity (posts, comments, DMs) in a compliant archive that meets SEC Rule 17a-4 and FINRA requirements.
Supervision — reviewing employee social media activity against firm policies, with automated flagging for potentially non-compliant content.
Enablement — providing employees with pre-approved content, sharing tools, and clear guidelines so they can be active on LinkedIn without creating compliance risk.
The most effective programs combine all three. Archiving without enablement means you’re documenting risk but not reducing it. Enablement without archiving means you’re encouraging activity you can’t oversee.
What This Means for Your Firm
If your firm has registered representatives or supervised persons who are active on LinkedIn, it’s worth asking a few questions:
- Do you know how many of your regulated employees are active on LinkedIn?
- Are all of them enrolled in your archiving and supervision solution?
- Can you demonstrate to a regulator that you have supervisory procedures in place for social media activity?
- Are your employees sharing content that could be considered a communication with the public under FINRA Rule 2210?
If you can’t answer these questions with confidence, you’re not alone — most firms have some degree of gap here. The good news is that closing the gap doesn’t require shutting down social media activity. It requires the right combination of technology, process, and culture.
Getting Started
The first step is understanding your current exposure. How many of your people are on LinkedIn? What are they doing there? And how much of that activity is being captured and supervised?
EveryoneSocial helps financial services firms answer these questions with a free LinkedIn Compliance Risk Report — a personalized analysis of your firm’s LinkedIn footprint that identifies potential archiving and supervision gaps. It’s designed to give your compliance team a clear picture of where you stand, so you can make informed decisions about what comes next.
