Traditional risk management policies are not sufficient when it comes to handling the plethora of exposures posed by social media, a new report from Accenture Finance & Risk Services cautions.
The Accenture report, “A Comprehensive Approach to Managing Social Media Risk and Compliance,” addresses the growing importance of social media to business and how business can take advantage of new platforms effectively. The report notes that the global social network audience is expected to hit 2.55 billion by 2017, and highlights a number of hidden pitfalls. For example, your employee’s innocuous LinkedIn account could be providing access to your client list, or Millenials used to over-sharing personal information on social media sites could unwittingly disclose confidential information and land their employer in trouble with regulators.
“At issue here is the fact that traditional risk management policies and procedures were not designed for, quite literally, minute-by-minute monitoring of social media chatter to identify brand, strategy, compliance, legal, and market risks,” Steve Culp, senior managing director of Accenture Finance & Risk Services, said in the report.
Culp said those risks are substantial. “Financial institutions have had to shut down social media forums due to unanticipated negative feedback; the stock markets have been buffeted by fraudulent social network postings; businesses have had to change or rescind strategies in response to the force of social media; other businesses have suffered brand damage due to the power of social media to send negative impressions almost instantly around the world,” Culp wrote.
Accenture points to statistics showing that among the Fortune 500, 77 percent have active Twitter accounts, 70 percent have Facebook pages, and 69 percent have YouTube accounts. However, recent surveys show that 71 percent of executives polled said their company is concerned about the risks posed by social media but believe the risks can be mitigated or avoided, while another 13 percent said their company does not believe it has any appreciable risks.
More concerning is the fact that 59 percent of those executives said their company had no social media risk assessment plan, and only 36 percent reported offering training in social media.
“The data strongly implies that they are at times overconfident and inadequately prepared,” Culp said.
But Culp said social media presents more than just brand or reputational risks, and if companies fail to understand their full exposure, they are unlikely to have an adequate approach to mitigating those risks. Companies also must realize the strategic, business, regulatory, legal, and market risks they face, he said.
For example, financial services firms have clear, enforceable obligations to stakeholders, and even unintentional failures to maintain client confidentiality or premature release of market-sensitive information by an employee raises the possibility of regulatory sanctions.
Non-compliance risks also are likely to increase, with Accenture pointing to the SEC’s decision last year to allow businesses to use Twitter and other platforms to release material information and make financial disclosures.
“The stakes are getting higher. Although no penalties are yet in place if a company has vulnerabilities that allow it to be hacked in a way that manipulates a market, this could change,” the report notes.
Accenture advocates companies take a number of steps, including the establishment of formally defined roles and responsibilities both enterprise-wide and within business units, acceptable-use policies for social media, a clear crisis management plan with a defined path of escalation, and better coordination among business units. Accenture also recommends firms conduct a risk assessment across various categories, including reputation and fraud prevention. A company’s social media risk compliance program should have the same cornerstones as other compliance programs, including adequate governance and oversight, monitoring, and reporting. But traditional risk assessment methods won’t be as effective due to always-on nature of social media, the report said. Accenture pointed to the new requirement from the Consumer Financial Protection Bureau, mandating financial institutions track complaints on social media even if there has been no formal complaint lodged to the regulator or to the institution itself, which has the makings of a herculean task. Companies need to take advantage of technology like data mining and text analytic engines to help mitigate and monitor their risks given the vast amount of data involved.
But perhaps most critical for an effective policy, the report said, is cultivating a risk-aware culture throughout the company, something achieved through training, clear-cut rules, and accountability. “You can put in as many firewalls as you like, but people still need to be knowledgeable about risks and understand their role in mitigating them,” one banking social media executive told Accenture.
No comments yet