Social Media Risk Factors for the Financial Service Industry and Beyond

SOCIAL MEDIA RISK FACTORS FOR THE FINANCIAL SERVICE INDUSTRY AND BEYOND

MANAGING RISK, UNLOCKING VALUE

August 1, 2012 Your Presenters

Jeff Auker Robert Goodsell Director, PwC Managing Director, PwC

2 First Point

3 Second Point

4 http://www.flickr.com/photos/swimvixen2/420802315/ If You Choose Not To Decide, You Still Have Made A Choice

- Rush, Freewill

5 Disciplined.

Social.

Media.

Strategy + Objectives + Measurement - Risk

http://www.zazzle.com/i_love_discipline_tshirt-235430896282680870 Thumbnail

1 The Business Value of Social 2 Identifying Risks

3 Managing Risks

7 1 THE BUSINESS VALUE OF SOCIAL MEDIA

8 Business Has Gone Digital...

1999 2002

2005 2009

9 …Digital Has Gone Social…

901,000,000 active users of Facebook (Over half access via mobile) FACEBOOK, APRIL 2012 39% of Americans spend more time socializing online than 45-50 year olds face-to-face make up the BADOO, APRIL 2012 fastest growing US segment of 22% of Americans visit social media users social networking sites EDISON RESEARCH, JUNE 2012 several times per day EDISON RESEARCH, JUNE 2012

93% of recruiters use LinkedIn to 61% of US companies listen to source candidates what is being said about them CNET NEWS, JULY 12, 2012 in social networks INSITES CONSULTING, JUNE 11, 2012

The meetup.com SF Chihuahua group consists of 594

members who have. met up 53 times since November 2006 10 San Francisco Chihuahua Meetup, Meetup.com, 2011 …And Social Has Gone Mobile

Smart phone penetration 90% doubling

of US has a mobile every 3 years phone

11 80% of the attention your brand receives online is offsite – Postrank

90% of the data in the world today has been created in the last two years alone – IBM

Volume

Velocity Variety 12 Evolving Customer Expectations

Traditional Media Social Media Authenticity Talking points Real conversations Collaboration One-to-many Many-to-many Organization Designed segments Self-selecting Ownership Firm creates & curates Co-creation & curation Transparency Preserve brand Open disclosure

TRUST

13 CPE Question 1

Monthly Facebook users do NOT outnumber:

A. The 3rd, 4th, and 5th most populous nations -- combined B. The population of all European countries -- combined C. Mobile phone users in Africa and Latin America D. Total world population in 1800 E. The number of YouTube views of Justin Bieber’s “Baby” video

14 CPE Answer 1

Monthly Facebook users do NOT outnumber:

15 The 3 Ages Of Social Communications

In the 2500 years of recorded human history, human social interactions have been driven by two-way networked interactions

Agrarian Industrial Information

60 years 4000 BC 1940 2000 16 Implication 1: The Thank You Economy

17 Implication 2: The Networked Enterprise

Organizational Business Stakeholder Structure Process Engagement 1950’s + 1980’s + 00’s +

Stake holder Manager Source Make Deliver

Engage Stake Engagement Stake Target Acquire Retain ment SME holder Platforms holder Platform

Ideate Develop Launch Staff Staff Staff Stake holder

How do I organize and command skill sets? How do I structure my How do I identify and engage business processes? communities that can help me address business objectives?

18 How do I identify and engage communities that can help me address business objectives?

Strategy Risk Measurement

19 Unlocking the Business Value of Social

1 Brand Awareness

2 Acquisition

3 Customer Service 4 Research 5 Risk Management 6 Crisis Management 7 Product Development 8 Social Enterprise

9 Recruiting

Many Companies Are Still Winging It...

While the vast majority of companies are now engaged in some form of social media…

Just 12% consider themselves effective 27% of companies rely on the users2 intuition of their executives to assess the business value of 40% of companies admit to social media initiatives.1 having no training or governance of social media2

45% consider linking Social Media to 28% of companies do not ROI the greatest challenge to 1 measure the performance of success. social media marketing. At all.1

Only 29% consider their social media initiatives “strategic.”1

1The Economics of the Socially Engaged Enterprise, Pulsepoint Group & The Economist, May 2012 21 2Usefulsocialmedia.com March 2012 Current State Of The Art

22 Path To Maturity

Co-Creation Engagement Presence

Controls

Experimentation

23 2 IDENTIFYING RISKS

24 Social Media Crises Originate Evenly Across Platforms

25 Most Crises Can Be Avoided Or Lessened

26 Bad Experiences Are Quickly Amplified

27 Typical – And Some Not So Obvious – Risks

Risk #3: Gaps in Risk #1: Privacy internal expertise Even if employees know your Do know where your agency is rules, do they know the rules of tonight? the networks & tools they use?

Risk #4: Regulatory Is it clear what regulators demand of you?

Risk #2: Gaps in Risk #5: Porous accountability borders Do your processes and accountabilities What happens when internal and have gaps exposed by new technologies? external blur?

The people in charge The people in charge of of talking are in the listening are in the Risk #6: Employee marketing But… service or sales department. department.* relations What are the responsibilities of the employer who knows too much? 28 CPE Question 2

According to Altimeter, what % of social media crises could be avoided or mitigated (approximately)?

A. 90% B. 75% C. 50% D. 25% E. 10%

29 CPE Answer 2

According to Altimeter, what % of social media crises could be avoided or mitigated (approximately)?

A. 90% B. 75% C. 50% D. 25% E. 10%

30 3 MANAGING RISKS

31 Risk Management Is In The Early Stages

63% 29% of organizations believe that of organizations believe they social media presents a have the necessary controls serious security threat to the in place to mitigate risk organization posed by social media

65% 35% of organizations do not have of organizations that have an a policy in place that informs acceptable social media use employees of acceptable use policy actually enforce the of social media, or are policy unsure if such policies exist

Source: Websense, Ponemon Institute, Global Survey on Social Media Risks, Sep. 2011 32 Risk Management Is In The Early Stages

54% 51% of organizations worry about of organizations worry about loss of confidential increased exposure to information or violation of malware and viruses confidentiality policies

Source: Websense, Ponemon Institute, Global Survey on Social Media Risks, Sep. 2011

50%

40% 43%

37%

30% 32%

20%

10% Have a security strategy for Have a security strategy Have a security strategy employee use of personal devices for mobile devices for social media

Question 17: “What process information security safeguards does your organization currently have in place?” (Not all factors shown. Total does not add up to 100%.) (PwC Global Survey) 33 The Risks May Be New, But Proven Approaches Still Hold

Reputational Risk Operational Risk • Employees posting sensitive • Publication of inappropriate information on personal content accounts • Inadequate monitoring and • Ineffective corporate social response to social media media usage • Unauthorized sources posing • Information security issues and as Morgan Stanley malware

Social Media Ecosystem

Regulatory & Legal Risk • Regulatory inquiries and fines • Legal expense and judgments • Unclear legal ownership of social media accounts 34 Social Media Execution Framework

6 2

5 3

35 Internal Audit Objectives

There are generally five objectives that come from internal audit of social media : 1. Evaluate Strategy – Evaluate whether effective oversight and strategy have been established for social media 2. Evaluate Design – Evaluate the design, communication, operating effectiveness of the enterprise’s social media policies and processes 3. Evaluate Consistency – Evaluate consistency of the company brand and messaging on external facing corporate owned social media channels 4. Evaluate Training – Evaluate whether appropriate levels of training have been established to ensure all personnel have been provided sufficient information regarding the organization's approach, policies, and procedures related to social media 5. Evaluate Reliability – Evaluate the reliability and accuracy of the established monitoring and reporting controls

36 Key Questions For Your Clients

Have you performed a social media risk assessment? Have you mapped social media risks with 1 various regulatory and compliance requirements?

Does your organization have a social media strategy? 2

Has the organization established an appropriate social media governance framework, including 3 leadership and accountability, policies and guidance, and stakeholder involvement?

How do you educate your employees, stakeholders, and partners about social media risks? Are 4 employees aware of their responsibilities with regards to use of social media?

Is your organization monitoring or listening what’s being said on social media channels? Have 5 you developed a process for responding to social media threats?

Have processes been established for creation and management of social media channels? 6

Are the social media channels and platforms scanned for vulnerabilities? Is there an threat and 7 vulnerability management program and is social media included in that?

How do you measure and monitor the return on investment? Do you have an information 8 management strategy to integrate social media content?

37 Determining Scope

In Scope VS Out of Scope

Which business teams should be involved and which decision-making stakeholders should be involved?

Business Team Examples:

Digital Public Customer Employee Business Customer Legal HR/Ethics Security marketing Relations Relations Communication Services Insights

Decision-Making Stakeholder Examples:

Operations Employee Operations Community Corporate Blog Chief Ethics Operations Process Lead Response Lead Lead Relations Lead Supervisor Owner Officer Lead

Should the audit include internal social collaboration tools as well? Should international social media channels, brands, and accounts be included? Which processes (governance, processes, people, security and tech) should be focused on?

38 Enterprise Deployment - Overview

Define Program Scope and Universe Define universe and objectives and Establish Governance associated policies and guidance which Model reflect governance strategy Define corporate stance on social media strategy

Deployment Deploy social strategy in organization

Analyze Risk Posture Perform risk analysis to ensure alignment between projected and actual risk levels

Operations & Management Sustainability and long term operations 39 Social Enterprise

Social Media Governance and Executive Sponsorship

Social Media Strategy, Objectives, and Policy

Human Risk, Business Marketing & Information Resources and Compliance, Sponsorship Communications Security Legal and Audit

• Business objectives • Social media • Terms of use • Authentication and • Risk assessments and KPIs universe and policy • Code of conduct and authorization • Risk management • Monitoring metrics • Community staff rules • Certification & • Regulatory and ROI management • Partnership accreditation compliance measurement • Brand management agreements • Monitoring & • Internal controls • Information • Crisis management • Training and incident response • Internal audit management awareness • Vulnerability enforcement • Staffing scanning

PwC 40 CPE Question 3

Which of the following is not typically a type of social media risk?

A. Reputational & Perception B. Data Security & Protection C. Financial & Operational D. Legal & Compliance E. Insurable & Logistical

41 CPE Answer 3

Which of the following is not typically a type of social media risk?

A. Reputational & Perception B. Data Security & Protection C. Financial & Operational D. Legal & Compliance E. Insurable & Logistical

42 Thank you

Jeff Auker Robert Goodsell Director, PwC Managing Director, PwC 860-597-2206 612-596-6343 [email protected] [email protected]

43 SOCIAL MEDIA RISK FACTORS FOR THE FINANCIAL SERVICE INDUSTRY AND BEYOND

MANAGING RISK, UNLOCKING VALUE