Once business organizations reach a certain size, their leaders have to start thinking systematically about how to structure reporting relationships to ensure vital information reaches the top; how to identify and account for the internal and external risks that could hobble the company; and how to ensure the organization is complying with a skein of local, state, and federal laws and regulations. This area of “governance, risk, and compliance” or GRC is the one that my company, MetricStream, helps people with. And like every executive, I try to stay aware of the trends affecting my industry.
Many of the larger trends that dominated the tech news in 2013—including social media, big data, mobility, and the cloud—promise to affect risk and compliance efforts in specific ways in the coming year. Organizations have realized the business benefits of these technologies, and will now look for effective ways of managing the associated risks and regulations. In that context, here are four key technology trends that will shape risk and compliance efforts in 2014:
Social Media Strategies Will Place Greater Emphasis on Risk Monitoring
Social media is fast gaining acceptance as a formal channel of business communication. Even the SEC has ruled that social media can be used to disclose key company information in compliance with Regulation Fair Disclosure (FD).
LinkedIn, YouTube, Google+, Pinterest, Tumblr…all these social media sites have opened up exciting ways of connecting with customers. And with Facebook and Twitter going public, there might be new paid opportunities for businesses to market themselves via social networks.
However, a series of hacker attacks this year on the Twitter accounts of prestigious news sources such as The Guardian and the Associated Press revealed how social media can be an organization’s weakest point of defense, posing risks to information security, reputation, legal/ compliance, and a number of other business areas.
Responding to these risks, the Financial Industry Regulatory Authority (FINRA), the Federal Financial Institutions Examination Council (FFIEC), and the Federal Trade Commission (FTC) have begun issuing multiple social media guidelines.
Therefore, in 2014, companies are likely to broaden their social media focus beyond marketing/ communications, to include real-time risk monitoring and compliance. It will become increasingly important to use advanced social media analytics to filter through online conversations, and detect risks and non-compliance incidents.
The Bring-Your-Own-Device (BYOD) Tug-of-War Will Intensify
A 2013 CISCO survey predicted that the number of BYOD devices in U.S. workplaces will reach 108 million by 2016 . This increasing adoption of BYOD means better efficiency and cost savings for companies, and more work-life flexibility for employees.
But what if a personal device with confidential business information gets stolen or a user-installed app on the device is compromised by malware and the security and confidentiality of business data is put at risk?
In 2014, we are likely to see a greater tension between the need to protect corporate data, and the demand for BYOD flexibility; between management oversight of BYOD activities, and employees’ privacy rights.
At some point, we will have to strike a balance by defining what is acceptable and unacceptable in BYOD; implementing mature policies and best practices; and addressing questions such as:
