Social Business: Solving Compliance Challenges

6 minute read
Joe Shepley avatar

In my last post, Social Business: Compliant Communities as a Strategic Differentiator, I talked about how the relationship of compliance to communities (and all social business activities as well) is undergoing an important shift. From being a roadblock initially, to becoming a challenge that simply made going social more difficult for organizations, compliance today presents a distinctive opportunity for organizations to differentiate themselves from the competition.

Compliance today is a barrier to entry, one that, because of the range of challenges it poses to organizations looking to go social, offers the possibility of significant returns to those organizations that are able to overcome it before their competitors. Those that don’t will eventually need to address the challenges, but they’ll be playing catch up: the real gains to be had will have been enjoyed by the first-movers in the space.

In the next two posts, I want to take a look at the four steps organizations need to take in order to give themselves the best chance of solving the compliance challenges of going social:

  1. Create a cross-functional body to “own” the problem of social media compliance
  2. Find out what’s happening with social media at all levels of your organization
  3. Focus on creating a reasonable, defensible social media compliance strategy
  4. Manage social media compliance the way you manage traditional compliance

Before I dive in and get specific about each of these four areas, it’s important to say a bit about why organizations find it so challenging to solve the compliance challenges associated with becoming a social business.


First, as you can see in Figure 1, the landscape of the social technologies available to organizations is complex. There are not only discreet technologies that address each quadrant, but category-spanning offerings that aim to address multiple quadrants (e.g., SharePoint for enterprise collaboration, Jive or IBM connections for social business software, Box.net or SpringCM for cloud content management).

Steps to Compliant Communities Figure 1.jpg

Figure 1 – Social Business Technology Landscape

At most large organizations, you’ll find at least one solution in play in each quadrant as well as in each of the category-spanning quadrants. And compliance must find a way to allow all of them to operate in accordance with applicable laws and regulations -- no mean feat.

Regulation (or Lack of It)

In addition, as you can see in Figure 2, of all the major U.S. regulatory bodies, only FINRA has specifically addressed social media.

Steps to Compliant Communities Figure 2.jpg

Figure 2 – Existing U.S. Social Media Regulation

This leaves organizations subject to other regulators in a bit of a lurch: their Enterprise 1.0 activities are governed quite specifically by these regulators, who haven’t given them any guidance on their Enterprise 2.0 activities. But they know that regulation is coming on the horizon, and so any of their E2.0 efforts need to anticipate what their regulators may do in the future -- again, no mean feat.
Information Complexity

On top of these technical and regulatory challenges, social business content is more complex than traditional electronically stored information (ESI).

Steps to Compliant Communities Figure 3.jpg

Figure 3 – The Complexity of Social ESI

As you can see in Figure 3, social ESI is comprised of structured content (e.g., data pulled from transactional systems), unstructured content (e.g., Office documents), and semi-structured content (e.g., images of reports, forms or transactional correspondence). Organizations typically have a hard enough time managing each of these types of content individually, let alone all together.

Beyond simply the type of content, social ESI also relies on context to convey meaning (e.g., the profile information about authors and contributors) and includes a host of related actions, such as liking or sharing, that are not a part of E1.0 ESI.

Finally, more than E1.0 ESI, social ESI unfolds over time: at any given point in its life, you get only a snapshot, a flat approximation of what was being communicated. Take the typical document management complexity of contract negotiations (multiple versions, the communication of redlines, discussion back and forth outside the contract document itself) and triple or quadruple it, and you have a good idea of how much complexity the time dimension of social ESI adds to the equation.

Think about the compliance challenges organizations face today around E1.0 ESI. Ask yourself whether your organization has the email problem solved or shared drives under control. How are you doing on system-driven records management for your enterprise systems? If you're anything like most of the organizations I work with, you likely are struggling with one or more (if not all) of these. Given the complexity of social ESI, you’re not going to fare much better (and likely will fare worse) once you get involved in becoming a social business

Learning Opportunities


On top of the technical, regulatory and content challenges, organizations have to overcome some deep-seated misconceptions about the nature both of social media as well as compliance.

Steps to Compliant Communities Figure 4.jpg

Figure 4 – Common Social Media Misconceptions (http://trevoryoung.posterous.com/social-media-in-a-tag-cloud-nutshell )

As you can see in Figure 4, there are a number of prevailing attitudes about social media that make building a successful social business compliance program difficult.

Social business is seen as requiring openness, freedom, grassroots support and a try-it-as-you-go attitude. Compliance is seen as requiring control, limits, top-down management and detailed planning to succeed.

And while there is a grain of truth in both of these views, on the whole, both are out of step with how successful compliance and social business operate.

No successful consumer social media products got to where they are without planning, control, planning, or management -- all of these are part and parcel of organizations like LinkedIn, Facebook, Flickr, or Twitter. What these organizations o have, however, is a culture of agility, i.e., they have a plan, but can change direction at a moment’s notice if conditions warrant it.

The same goes for organizations looking to become social businesses: they need to apply all the same planning, due diligence and discipline they would for any other initiative…and that extends to compliance activities.

And these attitudes aren’t only wrong in terms of social business, they’re wrong in terms of compliance. Compliance is never a black-and-white endeavor: regulations require interpretation to operationalize, and the cost of 100% compliance is often more than an organization can bear, so tradeoffs need to be made as part of enterprise risk management. The tradeoffs required by social media are no different.

The Final Word

In the next post, I’ll turn to a consideration of the four steps an organization needs to take to address the compliance challenges of becoming a social business. For now, however, I’d love to hear what folks think about my take on the matter as well as your own stories from the front lines about trying to tackle the compliance challenges of becoming a social business -- jump in and let’s get the conversation started!

Editor's Note: You may also be interested in reading:


About the author

Joe Shepley

Joe Shepley is a strategy consulting professional living and working in Chicago. In his current position as Managing Director at Ankura he focuses on helping organizations improve how they manage Privacy risk through improved processes and technology.