It is 19 years since Facebook launched. Twitter followed a few years later. LinkedIn has been available since 2003, but took time to develop beyond a niche business resume service. Social networking was in our lives but was, during its infancy, understated.
Now, according to digital consultancy Kepios’ January 2023 data report, 59.4% of the population of the planet uses social networking platforms regularly. That’s 4.76 billion people. And the number of users is growing at an annualized rate of 3%. All of which means the way we interact with each other, including the way we do business, has changed completely.
The decision to adopt new technology or new methods of working is often made without a proper analysis of the compliance risk. This is especially true of activities or technologies that were not created with financial services users in mind.
Compliance requirements
Social media was not originally designed to satisfy financial regulators’ compliance requirements and, consequently, might offer only a snapshot of a user’s data at any particular moment. Someone’s data may include messages, recipients, posts, and the status of the system at a point in time. But the picture could still be incomplete from an audit-trail perspective, because someone could post something and then delete it quickly without a record of that activity being captured.
Market research from GWI, and quoted by Kepios, reveals that “the typical social media user actively uses or visits an average of 7.2 different social platforms each month, and spends an average of more than than two-and-half hours per day using social media”. That suggests, according to Kepios, that people spend roughly 15% of their waking lives using social media.
In short, it’s hard, if not impossible, to function nowadays without using a social media platform. And harder still to do business without having an active presence on more than one.
Network evolution
The first social networking site was Six Degrees — it used the term to describe itself when it launched in 1997. But there wasn’t a sufficient level of network connectedness to make it fly, and the platform was eventually sold off and subsumed into Youthstream Media Networks. Friendster went live in 2003 and was the first platform to engage at scale. But it couldn’t satisfy demand and users began to migrate to MySpace, which also launched in 2003.
By 2006, MySpace was the most visited site in the world, and valued at $12bn. Two years later, Facebook took over as the number one social network. MySpace would eventually become a footnote in the history of social networking, alongside Orkut and Yahoo! 360°.
Social media platforms became tools you needed to use if you wanted to be part of the conversation. Everyone was more connected than ever before.
Kepios research estimates that if you factor in under 13-year-olds — who are restricted from registering to most social media platforms but who almost certainly still use them — then 78% of the total eligible global population regularly uses social media.
The scale of reach, combined with ease of use, has contributed to a blurring of the lines between personal and professional. We have looked at the compliance issues arising from just one platform – WhatsApp – before.
There is also an important distinction between social and enterprise collaboration. Social is designed for community outreach and these platforms offer business-to-consumer communication (for example LinkedIn, Facebook and Twitter). Pure business-to-business enterprise communication takes place through providers such as Bloomberg, Refinitiv and IceChat, where regulatory concerns are a higher priority.
As easy-to-use channels of communication proliferate, it becomes less practical to control the use of pre-approved channels for business. It’s human nature to take the easiest route or be led by the customer’s channel of choice. Cue the critical role of connectors.
“What we have to investigate is how to bring the best out of the data and subsequently furnish it so it provides extra value to the customer.”
Sunny Chind, Group Product Manager, Global Relay
One of the first connectors to be developed by Global Relay came from Bloomberg in 2003. It was a plain text converter. Since then, Global Relay and Bloomberg have collaborated to conquer truncated email addresses, data gaps, malformed messages, duplicate messages, anomaly events, and numerous other areas.
Global Relay worked to identify many of the problems that Bloomberg faced, testing its fixes and patches on behalf of its customers and then reimporting data to ensure complete integrity of the data set. It also put in extra effort to reprocess malformed data.
Enterprise XML connectors were the market standard until a few years ago, when application programming interface (API) connectors became the norm. This development has moved in lockstep with the proliferation of enterprise messaging tools and the amount of choice has increased the risk for users.
Stored, monitored and retrieved
If you want to minimize the chances of business communication being non-compliant, you have to go to where people are communicating. This means having the ability to pipeline any comms from any original source into an environment where that data can be stored, monitored and retrieved.
For customers, there has to be total trust in the data plumbing (from source to archive vendor to processing and back to customer) so that there are no leaks or blockages that will threaten the data set’s regulatory integrity.
The only way to validate this is to examine the data processing and enforce the key components of reconciliation and connectivity, so that nothing is missed. Customers need reports, validation and verification to ensure that all data is captured. This is the best way to certificate completeness.
Think about the scale of this task. There are six social media platforms with more than one billion monthly users each worldwide, and the top 15 platforms (see box) have more than 400 million users each. LinkedIn, which doesn’t publish monthly user data and so is not included in this list, has 849.6 million users. Add in other heavily used comms channels such as Slack, Microsoft Teams, Bloomberg Messenger, Zoom, Symphony, AT&T … and the list goes on.
The 15 biggest social media platforms
Facebook has 2.958bn monthly active users.
YouTube’s potential advertising reach is 2.514bn.
WhatsApp has at least 2bn monthly active users.
Instagram has 2bn monthly active users.
WeChat has 1.309bn monthly active users.
TikTok ads can potentially reach 1.051bn adults over the age of 18 each month.
Facebook Messenger’s potential advertising reach is 931m.
Douyin has 715m monthly active user.
Telegram has 700m monthly active users.
Snapchat’s potential advertising reach is 635m.
Kuaishou has 626m monthly active users.
Sina Weibo has 584m monthly active users.
QQ has 574m monthly active users.
Twitter’s potential advertising reach is roughly 556m.
Pinterest has 445m monthly active users.
Source: Kepios
Each time someone uses an app such as Facebook, or sends an instant message, or checks the weather on their phone, an API is used. But it is not unusual for the newest messaging platforms to have no API at all.
Executives should thoroughly analyze a communication platform before it is approved for use. As an example, some platforms may have compliance APIs but only log a subset of the communication. This poses a risk to the user and the institution that not all of an individual’s activity will be logged, archived and retrievable.
Not all enterprise users need this level of audit integrity, but almost all financial services companies do. The delta is represented by what is missing from a regulatory requirements perspective — compliance teams can advise on whether communications can be captured to satisfy the regulators. This risk needs to be balanced against any reward in terms of new customers and revenue from using a communication platform, and whether it is sustainable.
As these platforms add new features to appeal to their end users, their compliance solutions tend to fall behind while they prioritize supporting the new features, which can result in data gaps.
The vast amount of data and the increase in channels through which it is transmitted is not insignificant, but with penalties for absent recordkeeping now so high, no organization can afford to take any short cuts when it comes to archiving data and ensuring it is searchable in the most efficient manner.
“Apart from not losing any messages, one of the major challenges comes when we have to interpret the granularity and complexity of the data from the service provider,” says Sunny Chind, Group Product Manager at Global Relay, who works within the team focused solely on connectors. “What we have to investigate is how to bring the best out of the data and subsequently furnish it so it provides extra value to the customer.”
“Enrichment” is the term Chind uses to describe the process. “It’s about ensuring we provide pertinent information that is meaningful through business logic, about removing redundant information, structuring the data, breaking down the data into ‘conversation-sized’ pieces that can be turned into an email for archiving purposes,” he says.
Enriching the information enables users to know where to look for the valuable nuggets, and that’s where having knowledge of the financial terrain combined with technical expertise helps to gain a real competitive advantage.
“We enrich the data to drive efficiency for compliance officers in their searches, monitoring (to identify anomalies) and management via the archive,” says Chind. “It’s about highlighting the edits on what has changed, grouping related events into a single email record, enriching for analytical reports within the archive, and ensuring consistent formatting across connectors so that horizontal searches and monitoring can be seamlessly observed across multiple datatypes, thereby ensuring a good user experience.
Connectors ecosystem
“There is a lot of information which is ingested. Connectors provide an efficient and rapidly expanding conduit to further finesse the data which is gained from the service provider and then sent to the archive with consistent formatting, so that it can be subsequently parsed, indexed and analyzed in order to provide a collective view of the regulated archive data. Our mantra, of ensuring that what we capture is encrypted at rest and in transit, is always implicit as part of the connectors ecosystem.”
The challenges are going to increase further as the use of voice messaging and spoken word content grows exponentially. While there is still industry debate on how valuable voice will be in a compliance environment, owing to the complexities of correctly transcribing speech patterns, it would be a mistake to assume that voice is not going to grow as a channel that people use with increasing ease and in increasingly complex ways.
“In relation to voice, we are now offering customers the option of transcribing their regulated user voice media content which is embedded inline within the email body sent to the archive. This provides the ‘value add’ in allowing reviewers to look at policy flagged hits of the transcribed message, thereby saving time and money,” says Chind.
He views the challenge this poses for those working on connectors as exciting because “with technical architectural changes we are able to develop our in-house connectors faster. Along with the steady stream of connectors launched to market, we have also introduced Open Converter API. This will provide customers even greater flexibility, scale and control to post their custom datatypes directly to Global Relay for regulatory compliance”.
Open converter
Chind is similarly excited about the Global Relay Open Converter, which has a common interface to ingest both XML and API data flow. The new converter gets source data in various different formats and converts it to data for archive or to go back to the customer.
The logic built into the converter enables analytics features and the utilization of granular metadata; Global Relay is sharing its IP and features with its partners and customers so that their data is processed in the same compliant and rigorous way. This allows proprietary development teams to capture all their data for regulatory purposes. This means that files and data that were previously treated as one data point are now enriched with all the extra features that are available in the standard Global Relay archive.
It significantly widens the field beyond the established messaging and collaboration providers where there are already native connectors. This enables any application to take advantage of the data enrichment and archive features available for the larger data providers. This is the future for connectivity, where the APIs are designed to work for the underlying datatype.
One day all connectors will be built this way.