Corporate Governance and Managing Social Media Risks
Corporate Governance and Managing Social Media Risks
HEADLINE: Company Could Pay for CFO’s Misguided Tweets
SUMMARY: The company that fired its CFO last week over his social-media postings may not have let itself off the hook by doing so. Despite the company’s claim that it was unaware of the finance chief’s activities until May 11, it still may face a Securities and Exchange Commission enforcement action. On at least one occasion, Gene Morphis, the former CFO of Francesca’s Collections, revealed confidential company information via his Twitter account.
Analysis by Firestorm Expert Council Member Jerry Hudspeth
The continuing growth and use of social networks like Facebook, LinkedIn and Twitter have created yet another risk segment for corporate America to analyze, embrace and manage. The stories and accounts of corporate social media issues are almost daily announcements in the press and news media.
One account in May had a CFO for a public company fired over his social media postings via his Twitter account for stating that company results were going to be positive. His Twitter account provided links to his personal Facebook page and also to his LinkedIn profile. He was correct about company performance as the stock price climbed 15% over the next six days prior to the company’s quarterly earnings announcement. Although the company is claiming no knowledge of their CFO’s activities, they still may be subject to SEC enforcement action.
Public Companies and Social Media
Executives and management of public companies must know and understand the ins and outs of using social media while remaining compliant with the Security Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) regulations and guidelines. Some examples of FINRA regulatory guidelines regarding social media are:
- Publicly available web sites (ex: Twitter) are considered advertisements
- An email or instant message is considered sales literature if it is sent to 25 or more prospective customers
- An email or instant message is considered correspondence if it is sent to a single customer, an unlimited number of existing retail customers, and/or fewer than 25 prospective retail customers (ﬁrm-wide) within a 30-day period
- Password-protected web sites (ex: Facebook or LinkedIn) are considered sales literature
- Chat room discussions (ex: Facebook discussions, LinkedIn Q&A) are considered public appearances
SEC Regulation FD (Fair Disclosure) also sets the bar for sharing of information and the social media activities of employees of publicly traded companies.
Private Sector Companies
Companies are understandably concerned about the potential for security breaches or embarrassing incidents resulting from ill-judged social media activities on the part of employees and the disconnect between management and employees on the issue.
The National Labor Relations Board (NLRB) is closely monitoring company policies on social media, especially policies that discipline or terminate employees because they talk negatively to each other about an employer or a supervisor on social media such as Facebook or Twitter. The NLRB feels that some policies may be a breach of the employee’s right to concerted activity under the National Labor Relations Act.
Summary and Opinion
Using social media in order to identify and foster relationships that can deliver business results while creating brand awareness and loyalists is an integral part of the strategies and tactics of many 2012 company business plans. Effective corporate governance must be in place; however, in order to clarify the role management and employees should play relative to social media, as well as to address the complexity, interrelationships and variables that an organization must manage in order to strengthen governance over this area.
Corporate senior management needs to confirm that the social media policy the organization adopts is based on best practices and is enforced consistently and that no members of the organization are neglected. The resulting written policy needs to address the appropriate use of social media by employees at all levels and in all functions. Once the policy is in place, social media risk mitigation should be integrated into the organization’s everyday risk management processes.
Corporate management should ensure that the social media policy is communicated appropriately to all employees and relevant business practices and codes of conduct are addressed. After an organization implements its policy, it needs to monitor employee compliance.
Last but not least, is individual responsibility. We have discussed corporate requirements and corporate responsibility and management and control but I think individual responsibility and social media is also a topic for concern. I suggest that those of us in the business community and those of us that will one day be in the business community view social media as an opportunity to “ create and manage your own brand” and remember the words of esteemed businessman and inventor, Charles F. Kettering:
“We should all be concerned about the future because we will have to spend the rest of our lives there.”
To schedule Mr. Hudspeth to speak to your group or organization, call: (800) 321-2219 Or Contact Us Here