What does Ferretly do?

Ferretly is an AI-powered social media background screening platform that analyzes publicly available online content to surface behavioral risk signals for hiring, compliance, and brand protection.

Is Ferretly compliant with FCRA and other regulations?

Ferretly is designed with regulatory compliance at its core. Its workflows support Fair Credit Reporting Act requirements and align with EEOC and GDPR guidance when used for employment-related social media screening.

Ferretly is used by employers, staffing and background screening providers, government agencies, financial services organizations, healthcare providers and brands that want deeper insight into digital behavior than traditional background checks provide.

What data sources does Ferretly analyze?

Ferretly analyzes public content across major social media platforms and can incorporate web, news and media sources to build a clearer picture of digital behavior over time.

How long of a history can Ferretly review?

Depending on the plan and use case, Ferretly can review up to approximately ten years of publicly available social media content, with options for continuous monitoring going forward.

The UK Just Redrew the Line on Conduct Risk. Most Firms Aren't Ready.

PS25/23 exposes flawed vetting. Firms relying on manual screening risk bias, inconsistency, and regulatory scrutiny without structured processes.

Darrin Lipscomb

Fundador e CEO

April 20, 2026

On 1 September 2026, a new version of fitness and propriety goes live in UK financial services. The FCA's PS25/23 makes non-financial misconduct: harassment, violence, behavior that damages public trust. A formal input into who gets hired, certified, and promoted across the regulated sector.

The instinct, predictably, has been to read this as a surveillance mandate. It isn't. The FCA is explicit that firms shouldn't proactively monitor private accounts, shouldn't chase trivial allegations, and shouldn't treat online noise as evidence. What they should do is act on material risk when it surfaces—threats of violence, patterns of harassment, indicators of criminal conduct, behavior that would reasonably undermine confidence in the financial system.

That's a much harder standard than "monitor everything." It requires judgment. And judgment, in most firms right now, is the weakest part of the vetting stack.

Walk into a compliance team at a mid-sized asset manager and ask how they handle online conduct risk. You'll usually find some combination of a junior analyst running Google searches, a senior hiring manager glancing at LinkedIn, and a gut-level call made in a conference room. There's no consistent methodology. No audit trail. No materiality filter. Two candidates with identical digital footprints can get completely different outcomes depending on who's searching and what day it is.

PS25/23doesn't create that problem. It exposes it.

The firms that will struggle in September aren't the ones that ignored the guidance. They're the ones that tried to comply using the same manual, improvised process they've always used, just applied more aggressively. That's how you end up with over-investigation, inconsistent decisions, and the exact bias risks the FCA is trying to avoid.

The fix isn't more screening. It's structured screening.

Structured screening means the same framework gets applied to every candidate, every certification review, every regulatory reference. It means the signals that matter: violence, harassment, dishonesty, criminality are defined in advance, not reverse-engineered after someone's feed gets scrolled. It means the outputs are documented, reviewable, and defensible in front of a regulator. And it means the private, the trivial, and the irrelevant stay out of the decision entirely.

This is the shift the FCA is actually asking for. Not a bigger net. A better filter.

At Ferretly, we've spent years building toward this model because it's where screening was always going to end up—regulated or not. Public data only.Materiality thresholds aligned with real risk categories. Consistent, auditable reporting. Bias reduction through standardization. When PS25/23 takes effect, our UK clients won't be scrambling to rebuild their vetting process. They'll be running it.

The firms that recognize this early will do more than check a compliance box.They'll make better hiring decisions, catch real risks earlier, and build the kind of governance record regulators reward. The firms that don't will discover— probably in a Section 166 review—that "we Googled him"isn't a defense.

September isn't far. The work to get ready started yesterday.