The Wall Street Journal recently published an excellent piece by attorneys Richard Raysman and Fracesca Morris defining CIOs’ responsibility for social media. As consumer adoption of social media has grown, organizations – seeking to increase brand awareness and drive engagement with their customers and partners – have become significantly more socially advanced, which has changed the role of the CIO.
Today, the CIO isn’t just focused on internal corporate network infrastructure and systems; his/her purview has now extended outside the enterprise to its external network – the social network. This increased scope in infrastructure has fueled demand for new IT strategies and expertise, as well as increased security, regulatory, and privacy concerns.
As Raysman and Morris explain, “In this rapidly evolving environment, CIO’s must not only advise their companies on the most effective social media techniques for their business purposes, but must also be cognizant of the latest rules and regulations to avoid running afoul of any regulatory regime which could lead to government investigation, reputational or financial damage.”
Regulatory Compliance Challenges
Requirements from regulators like FINRA, the SEC, the FDA, and, most recently, the FFIEC, are evolving rapidly and continuously. The new FFIEC Guidance “requires that financial institutions implement a risk management program with a governance structure, policies and procedures, management of third-party relationships, an employee training program, an oversight process for monitoring information, and audit and compliance functions.”
Creating a Successful Risk Management Program
The role of the CIO is evolving, and when it comes to social media, s/he is increasingly under pressure to create and support an infrastructure (including that for social media) where risk is mitigated and compliance requirements are enforced through both process and technology.
In one of our recent posts, we discussed the ways in which these new guidelines impact social media compliance, including steps to creating a safe and effective risk management program. Key to this process is outlining clear roles and responsibilities, including that of the CIO within your company’s governance structure and using automated technology like Nexgate’s to enforce application of compliance policy.
Nexgate’s pre-built policy templates and reports for social media regulatory requirements allow regulated organizations – whether publicly traded, financial, or pharmaceutical – to simplify and maximize the effectiveness of their compliance and risk management programs. This enables CIOs and their teams to effectively implement controls for their external social media networks.
Without the requisite controls, it’s easy for things to go awry. Take, for example, the screen capture below showing a post on the Facebook page belonging to a large financial institution. In it, the brand published an offer from its primary Facebook account promoting its lending program; however, the post didn’t fully disclose certain key information, such as the amount or percentage of any down payment, the total number of payments, the period of repayment, or whether the APR could increase, and also didn’t include any way for followers to determine that information on their own (such as a link). The result: this post constitutes an FFIEC violation.
Nexgate’s policy controls and natural language processing technology (NLP) can accurately identify FFIEC infractions (such as this one) and other compliance violations with just a few clicks, saving your team time, headache, and valuable resources. The CIO and social media teams can work together to ensure posted content conforms to policy, and automatically alert and remove any content that might constitute a violation.
For additional information on social media roles and responsibilities and how CIOs should help create successful social media security and compliance program, download our report on Mapping Social Media Roles and Responsibilities.Read more