As organisations increasingly use social media as a communications and promotional tool, so the challenge to the extremely risk averse and regulated sectors, such as the finance industry, becomes more apparent. Ever evolving features within social media platforms such as Twitter, Facebook and Linkedin means that most financial institutions will not only have to be vigilant, but will have to amend existing company policies as a result.
Companies, have to be aware of what is posted out, which employees gain access to their social media accounts and who manages the process and enforces the policies.
An example of how unprotected Twitter access proved disastrous was when the newly appointed CFO of Francesca’s, a US clothing retailer with stores in 44 states, sent out the following Tweet after a confidential meeting: “Board meeting. Good numbers=Happy Board.”
Francesca’s is a publicly traded company and the CFO was dismissed for sharing inside information.
However The Securities and Exchange Commission had questioned a post last year by Reed Hastings, Netflix chief executive, which he posted on his personal Facebook page stating that Netflix's monthly online viewing had exceeded one billion hours for the first time. The company didn't report this information to investors through a news release or SEC filing.
Netflix shares rose sharply by 6.2% on July 3, the day Hastings posted the message. The SEC noted that neither Hastings nor Netflix had previously used Hastings's personal Facebook page to announce company metrics and previously had not taken steps to alert investors that the page might be used as an outlet for communicating company information. The SEC didn't initiate an enforcement action or allege wrongdoing by Hastings or Netflix.
These two examples highlight the murkiness of what constitutes acceptable social media practice.
A question that is being raised in many organisations is: Who is in charge of the social media policy and governance?
Generally social media has been the preserve of the marketing department. Then of course by its nature social media also falls under the remit of the IT department. Yet who will be held responsible if there is a breach in policy, security or there’s a legal issue, such as an employee posting about sensitive trading issues or sending potentially libelous Tweets?
Even the most innocent of intentions can cause speculation and affect the business. Imagine a junior member of the team or a temp tweeting this: “I just saw Richard Branson in the CEO’s office” or even worse “Richard Branson just stormed out of the CEO’s office.”
It’s a safe assumption that the person in charge of compliance, probably the financial director, will be the one ducking most of the incoming internal flack. However, the marketing department will not get off lightly as it will be seen as incompetent, and the IT department will be regarded as negligent for not securing the organisation’s social media network.
In the US The Federal Financial Institutions Examination Council (FFIEC) released proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks, savings associations, and credit unions, as well as nonbank entities supervised by the Consumer Financial Protection Bureau and state regulators.
This guidance came as a direct result of pressure from the finance industry to give some direction specifically relating to social media compliance.
The FFIEC is taking social media compliance seriously indicates the power of the medium. It also warns us, here in the UK, that we shouldn’t wait for our governing bodies to follow suit, we should be taking action now to protect our organisations and assets.