“Once again, a new invention or advancement that is created to help has as much power to harm; in this case, the social media revolution. Noteworthy is the prevailing concern that businesses have about what uneducated employees may post to their platform of choice. In addition to the regulatory issues listed, the added security options that companies may need to consider appear endless. Will future job applications, for example, require access to a potential hire’s Facebook or Twitter account to determine what their posting habits are?”
Managing Social Business Risks: How CFOs Can Craft Governance and Compliance Policies
CFO Insight and Analysis written by Deloitte
Published November 9, 2012
To the regulatory agencies charged with enforcing rules and regulations governing publicly traded companies, a careless reference to a client’s confidential business goals or performance posted on a social networking site may be just as problematic as sharing insider information among friends over lunch. For all of its potential business value, social business may expose publicly traded companies to increased compliance risk that they need to incorporate into their risk management and governance policies, according to a Deloitte webcast, Social Business and Regulatory Compliance: What New Challenges Could You Face?.
“What makes social business riskier than other traditional or even online communications vehicles is its extreme viral and permanent nature. Information posted on social media platforms can potentially reach millions of people in a matter of minutes,” says Wallace D. Gregory, Jr., a partner at Deloitte LLP who specializes in risk management. Mr. Gregory was one of the webcast presenters explaining the risk considerations and steps CFOs and other business leaders can take to help their organizations govern social business activities and comply with the evolving regulatory environment.
The Challenge: Managing Social Business Risks and Issues
The benefits of employing social business reach across the business, to advance strategy, improve marketing, recruit and collaborate, gain competitive intelligence and enable innovation. But so do a slew of new risks and issues: reputation management, inappropriate use of content, loss of data or intellectual property and regulatory complications and penalties.
“As you formulate a strategy using social media you have to think of the risks involved and the impacts on your regulatory compliance,” says Mr. Gregory. The information on corporate social media sites may be subject to similar regulatory requirements as traditional content, but social-sphere activity may create situations not covered by traditional rules and risk frameworks. “The challenge companies—and their employees—now face with using social media tools in their business is managing that risk effectively,” Mr. Gregory adds.
The degree of that challenge was reflected in responses to polls taken during the webcast.
Regulatory Issues to Consider
“When you consider the regulatory issues around social media use, you have to look across the organization,” says J.R. Reagan, a principal at Deloitte & Touche LLP, who discussed how the various regulatory agencies approach the issue of social media use during the webcast. “Each agency has a different point of view, and companies should be aware of them when crafting their own compliance approach,” he observes.
Regulations and guidelines of the various regulatory agencies include the following:
- Financial Industry Regulatory Authority (FINRA), which has issued extensive guidelines concerning social networking websites and business communications, specifically retention of social media communications to customers, investment recommendations triggering National Association of Securities Dealers suitability requirements and blog participation supervision and advertisement rules.
- Securities and Exchange Commission, which issued the first set of guidelines to help investment advisers comply with antifraud and recordkeeping mandates through its National Examination Alert. The alert provides investment advisers considerations for evaluating use of social media compliance policies, including usage guidelines, monitoring, content standards and information security.
- National Labor Relations Board (NLRB), which focuses on workplace policies and their interaction with employees’ rights under Section 7 of the National Labor Relations Act. The NLRB’s approved policy prohibits “inappropriate postings.”
- Food and Drug Administration, whose communications rules led to the shutdown of many pharmaceutical social networking pages when the FDA eliminated the option to turn off public comments.
- Federal Trade Commission, which has issued rules regarding identity and affiliation disclosures, disclaimers and endorsements.
Develop a Risk Management and Governance Strategy for Social Business
Managing the potential risks entailed by the use of social business tools starts with incorporating social business risk into risk management and compliance programs. Deloitte, notes Mr. Gregory, has established a social media working group, comprised of people across the organization, from risk, talent, information technology and the business units. “This group brings together diverse perspectives to address and set policy on the various risks and issues that come up around using social tools and technologies,” he says.
Some actions to consider for social media risk management and regulatory compliance include:
- Incorporating social business risk into risk management and compliance programs.
- Planning for incident response.
- Stepping up customer service.
To govern social media effectively, companies should work closely with employees to help them understand the role that social media play in the company and the ways that they can be leveraged to help achieve strategic goals. “A sound governance policy and process for social media use are critical to your risk management,” says Mr. Gregory. Companies can create detailed social media policies that clearly communicate the “dos and don’ts” of social media usage.
Governance around social business should address the company’s vision as well as policy, training, monitoring and enforcement. Specifically, it should:
- Educate employees, then empower them.
- Help employees understand and own the risks.
- Hold employees accountable.
- Address organization social media account “ownership” and hand-offs when spokespeople leave.
Furthermore, companies should educate their employees on how violating rules of confidentiality and professional discretion can lead to regulatory noncompliance and legal difficulties that can have far-reaching consequences for those involved.
“Employees should understand the nature of the regulations in place, why they exist and the potential consequences of violating them,” Mr. Gregory says. “Some employees may think that because current regulations were not written specifically to address social media, that somehow social media is exempt from traditional oversight. As many companies have learned, that is not the case.”
Subscribe to our E-Newsletter
EGC Group on Twitter
- This anti-spoiler Twitter app is awesome. The programmer behind it is even more awesome. http://t.co/2CXfXILJOO 03:10:11 PM June 11, 2013 ReplyRetweetFavorite
- This tweet brought to you by #iOS7! http://t.co/y6BnBXBdaR 10:30:17 AM June 11, 2013 ReplyRetweetFavorite
- Welcome aboard, Jim! (He's running our new craft beverage division!) http://t.co/2ZlbWSQTGP 03:05:27 PM June 10, 2013 ReplyRetweetFavorite
- Did you miss the Weekend Reading? We're looking at #leadership, disruptive #innovation, and #commencement speeches: http://t.co/wCYvgQwNHw 08:31:38 AM June 10, 2013 ReplyRetweetFavorite
- Ad Review Tuesdays
- Advertising Agency
- Advertising Agency
- Advertising in Today's Economy: How to Emerge a Market
- Celebrity Guest Blogger
- Content Marketing
- Digital Marketing
- Direct Marketing
- Event Marketing
- Great Article
- Online Marketing
- Public Relations
- Social Media
- Social Networking
- The EGC Weekend Reading
- The Latest Trends in Marketing
- Traditional Media
- Weekend Reading
TagsAdvertising advertising agency Andrea LaSala Snyder apple Black Friday brand awareness Branding cable TV advertising charity content marketing CreateAthon CRM digital digital marketing digital media Education and Assistance Corporation EGC egc group Ernie Canadeo Event Marketing facebook franchise marketing Girl Scouts of Suffolk County google Independent Group Home Living iPads for Autism iphone leadership marketing new media Nicole Larrauri non-profit Online Marketing online media organic search retail retail marketing search engine marketing search engine optimization seo Social media Social Networking The EGC Group Twitter video marketing