June 11, 2015

It’s (Past) Time to Focus on Social Media Compliance

The average Fortune 100 firm has a staggering 320+ social media accounts with over 200,000 followers and 1500 employee participants who make over 500,000 posts to these accounts. Proofpoint Nexgate’s latest “State of the Social Media Infrastructure” report presents these (and other) concerning results of its analysis of 32,000+ social media accounts of Fortune 100 companies:


– The average company suffered from a total of 69 unmoderated compliance incidents during the study’s 12 month research window.
– Nine different U.S. regulatory standards triggered incidents, including rules and regulations of the SEC (e.g., Reg. FD), FINRA, FTC, FDA and the UK’s FCA.
– Financial Services Standards violations dominate the field. However, improper disclosure of confidential corporate activity accounted for 118 standalone incidents (i.e., 150 additional incidents crossed categories) – consisting of information regarding layoffs and restructurings, earnings and financial updates and M&A transactions. Reg. FD violations accounted for an additional 149 incidents.
– There were over 900 “Regulated Data” incidents consisting of improper disclosure of user names/passwords, SSNs, credit card numbers, etc.

The report also offers recommendations for developing a successful social media compliance program – summarized by Compliance Week.

See also this WSJ article discussing the various state social media laws, this Corporate Compliance Insights post, and this new FTI/NYSE Law in the Boardroom survey, which found that social media ranks among the top three areas about which directors have the least amount of confidence in their GCs’ oversight. And 91% of directors and 79% of GCs affirmed that they don’t have a thorough understanding of their company’s social media risks.

Access additional resources in our “Social Media” and “Compliance Programs” Practice Areas.

When & How to Update Your Compliance Policies

This recent CEB (Corporate Executive Board) blog identifies the most important triggers, and provides a decision tree, for determining when to develop a new or update an existing policy.

CEB research found that the seven most important reasons for writing a new policy or updating an existing one are:

  1. New risk assessment results.
  2. Revision of the company’s code of conduct.
  3. New internal audit findings.
  4. Publicized failure in the same or similar industry.
  5. Shift in business strategy.
  6. Merger, acquisition, or other organizational change.
  7. Geographic expansion.

See the blog’s nifty decision tree, and this CEB Policy Management Toolkit on how to create and implement a policy on policies.

More on “The Mentor Blog”

We continue to post new items daily on our blog – “The Mentor Blog” – for members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply inputting their email address on the left side of that blog. Here are some of the latest entries:

– Spencer Stuart Addresses Board “Refreshment”
– Avoiding & Managing Boardroom Disputes
– Using COSO to Assess & Manage Cyber Risks
– Form 10-K Preparation Tips
– How to Proactively Tackle the Director Tenure Issue


– by Randi Val Morrison