Voltaire wrote that with great power comes great responsibility, and CFOs are slowly but surely catching on that social media can be an immeasurably powerful tool to businesses large and small. But communication through social channels also has the potential to wreak havoc on companies’ carefully thought-out regulatory-compliance policies and procedures. But lucky for CFOs, more and more of whom are managing risk within their companies, it won’t require a complete policy overhaul to get all the bases covered.
“Companies are trying to augment what exists already,” explains J.R. Reagan, a principal at Deloitte who led a webcast on the subject of social media and regulatory compliance in September. “It’s still communication, just with a different channel. So they don’t have to recreate a whole new set of policies.”
The Securities and Exchange Commission laid the groundwork for companies in January 2012, when it issued preliminary guidelines on usage, monitoring, content standards, and information security with respect to social media. But during the webcast, Reagan said many businesses still aren’t aware of the risks. “This is the time where businesses should be saying, ‘Yes, we’re allowing the exchange of information and doing it in broader ways. But we don’t want to open up a gap in the good infrastructure we have around making sure there’s no insider information or someone doesn’t get an unfair advantage,’” he told CFO.
During an interview at CFO’s recent Rising West conference in Las Vegas, Bill Zerella, CFO of health-care communications company Vocera, said that this summer, Vocera began developing a social-media strategy to reach its would-be customers through less conventional channels, such as Twitter, Facebook, blogs, and message boards. As part of that strategy, he said, Vocera is still in the process of coming up with an internal social-media policy, including who is authorized to speak for the company and under what circumstances.
“We have designated a group, which includes executives and marketing people who are authorized to speak on social media for Vocera,” said Zerella. “We have plenty of employees on Facebook and on their own Twitter handles, and we make sure when they’re talking online, they’re talking as individuals, not as a representative of Vocera.”
Zerella said an employee is prohibited from mentioning Vocera on social media at all without authorization. But he admitted he’s unsure how that will be enforced going forward. It’s hard to find an employee who isn’t using social media, he said, and education is the only real form of protection a company has.
“We’ve done a lot in the way of education, which we did as part of going public [last year],” said Zerella. “If you tell our employees that any discussions could result in imprisonment, they tend to get the picture. Ultimately, that’s how you manage it: through education.”
At Vocera, all current and new employees must go through training on business ethics and insider trading, and must certify that they’ve read all the policies and understand them. Zerella said he tends to give his employees the benefit of the doubt. “There’s a lot of opportunity, but I think you could argue there’s even more risk, if you’re a public company,” he says. “Previously, there was never a means by which employees could make public statements. But I think most employees understand that if you do something, there’s nowhere to hide. There’s a trail. And we’ve found that most employees want to do the right thing.”
But businesses like Vocera will also have to watch out for privacy laws that could hinder compliance policy by limiting an employer’s control over employees’ private social-media accounts, says Reagan. Such laws have already been proposed in several states, including Massachusetts and New York.
“That’s where you get into a little bit of the rub,” Reagan says. “[National Labor Relations Board] guidelines are trying to address the issue from an employee’s angle, trying to protect their rights in terms of what they can say in the workplace, and whether businesses can take away employee rights in a social space.”
CFOs should make employees aware, Reagan said during the webcast, that the tenets of public-company disclosure — most notably Regulation Fair Disclosure, or Reg FD — apply to social media. Someone within the company must ensure employees are not violating those tenets by sharing information only with people who use the particular social-media platform or by issuing a statement via social media that does not coincide with SEC filings, he said. Someone will also need to monitor social-media channels to ensure investors or third parties don’t post inaccurate or nonpublic information in Twitter feeds or on Facebook pages.
“Most businesses are still looking at this more as a [public relations] or marketing area. But when you start competing on analytics — and social media is a big part of that — it starts getting into the operations part of the business,” says Reagan.
As organizations move from using social media as a novel marketing tool to using it as a true form of business communication between employees and customers to using it as an analytics tool, Reagan says they will see a bigger need for social media to have its own department, or at least its own manager. CFOs that are still looking for proof of social media’s return on investment might balk at the potential costs associated with such measures. But Reagan contends that in time, they simply won’t have a choice.
“This is where a lot of firms are not thinking about it the right way,” he says. “You can look at it in the traditional way of, ‘I’m not going to spend another dollar on effort until I know what I am going to get back’ or you can look at the strategic risk of, ‘What if we don’t? Will we be out-positioned through better client service [and] better access to our clients?’ That’s really the bigger challenge for CFOs.”