“We asked, ‘How can we spark excitement and enthusiasm and engagement from our employees [about compliance]? It would be a great win, we thought, if we could not only deliver the content but actually get folks even a little excited about why it matters.”
– Jennifer Newstead, Chief Legal Officer, Meta Platforms
This week, listen to a legal and technology expert panel discussion exploring the regulatory response to developments on personal devices and messaging. Consider how the U.S. Securities and Exchange Commission (SEC) and Department of Justice (DOJ) are addressing the issue of impermanent electronic communications and recordkeeping—and get a step-by-step guide to Practical Behavioral Risk Management. Finally, learn about Meta’s unique approach to compliance by creating a Netflix-style training video series designed to spark excitement and enthusiasm among employees while delivering important compliance content.
Personal Devices and Messaging: Evolving Compliance Concerns and Best Practices
The DOJ has updated its Evaluation of Corporate Compliance Programs to address the changing landscape of professional communication and how companies should adapt their policies and procedures accordingly. The use of personal devices and messaging platforms for business purposes is becoming increasingly prevalent, requiring companies to consider the compliance risks associated with electronic communication, bring-your-own-device (BYOD) policies, records retention, preservation, and collection. A panel discussion involving legal and technology experts explores the regulatory response to these developments, providing insights into the DOJ’s updated guidance, the current regulatory landscape, and best practices for training and compliance programs.
Resource Alert: Step-by-Step Guide to Practical Behavioral Risk Management
Behavioral Risk Management (BRM) is a new paradigm that recognizes the crucial role of human behavior in organizational outcomes. This approach utilizes behavioral science insights to enhance risk identification, mitigation, and organizational resilience. A step-by-step practical guide for ethics and compliance (E&C) professionals has been developed to implement BRM successfully. The guide emphasizes the need to assess behaviors and their underlying drivers, zoom in on subcultures within the organization, create a behavioral risk map, start with small behavioral interventions, select the proper intervention based on drivers, and apply behavioral insights to compliance programs. In addition, the guide aims to help E&C practitioners leverage the power of behavioral science in their efforts by providing insights, tools, and strategies.
How Meta Uses Netflix-Style Videos to Get Engineers Thinking About Compliance
Meta Platforms took a unique approach to compliance training by creating an entertaining and engaging Netflix-style series featuring recurring characters and intriguing plot twists. The videos received an unexpectedly positive response from employees, with viral memes and impromptu watch parties replacing the usual groans and ignored emails. The company’s legal department aimed to spark excitement and enthusiasm among employees while delivering important compliance content. The initiative was motivated, in part, by a 2019 settlement with the Federal Trade Commission over data privacy concerns. The videos form part of Meta’s broader vision for legal and compliance, focusing on cultural change and innovation while ensuring adherence to regulations. The success of the training series is measured by its content-rich nature, engaging storyline, and resonance with real-life scenarios faced by employees.
Do Not Delete: SEC and DOJ Send Serious Messages on Preserving Ephemeral Communications
The SEC and DOJ are addressing the issue of impermanent electronic communications and recordkeeping. The SEC has settled enforcement actions against regulated entities for failing to retain employee communications on ephemeral messaging apps. At the same time, the DOJ has issued guidance on personal devices and messaging platforms. Both regulations cover various business-related communications on platforms that automatically delete messages. The enforcement actions and guidance emphasize compliance risks and challenges in meeting recordkeeping obligations. Companies should review policies, assess compliance measures, consider BYOD policies, implement restrictions and surveillance programs, and take corrective action to mitigate risks.
