In my first post in this series, I looked at some of the biggest risks social media poses for insurers. Now, I shall explore Accenture’s approach to addressing the organizational weaknesses that underlie this risk.
We recommend a number of distinctive activities across governance, processes and systems. Let’s look at them in turn, starting with the new governance structures, policies and accountabilities necessary for managing social media risk.
General governance principles apply in the realm of social media, but there are a few noteworthy differences. These include the need to coordinate effectively across functions and the need to have well-defined crisis management procedures. Here are some points to consider.
Roles and accountabilities for social media risks: Compliance, corporate affairs, IT, marketing, and other groups in the insurer’s organization need to cooperate to combat their mutual vulnerabilities. This means sharing information and operating according to consistent policies and understandings.
Part of this shared understanding involves clearly defining each group’s roles and accountabilities. The marketing organization, for example, might be primarily focused on brand or reputational risk, while the legal and audit departments would be accountable for privacy issues and fraud, respectively.
Acceptable-use policies for social media: Creating an acceptable-use policy for employees (as well as, potentially, contractors and vendors) when it comes to social media does not mean starting with a blank page.
Instead, insurers should build on existing policies covering media interaction, public communications, the handling of confidential information and how to protect against the misuse of information. For inspiration, The Social Media Governance organization maintains a database of sample social media acceptable-use statements from more than 200 organizations.
Well-defined social media risk tolerance levels: Insurers must define their risk tolerances for social media. For example, if an insurer wants to encourage more open engagement with the public and get many people talking about its brand, that opportunity carries with it a higher degree of risk. Another consideration concerns the kind of information the company is comfortable sharing over social media sites. In general, it is important for carriers to run scenarios with outcomes of increasing levels of impact to determine where they want to set their limits.
Escalation pathways and reporting lines: Insurers should appoint, for each key-category risk, an individual who is responsible for making the ultimate decisions about these risks, managing them, and handling any crises that may arise. From the risk owner downward in the organizational structure there should be a clear reporting line—if an indicator of risk appears, everyone should know exactly how the issue is to be escalated.
An operating model for crisis management: To be ready when risks become real issues, insurers need an operating model for crisis management.
Having defined the capabilities and structures that comprise an effective governance structure, in my next post I’ll examine how to make them come alive as actions. Here, we’ll turn to the role of processes in managing social media risk.
Download the full report: A Comprehensive Approach to Managing Social Media Risk and Compliance