- Facebook has beefed up the power of its audit committee, which is chaired by the former White House chief of staff Erskine Bowles.
- The committee will monitor Facebook's social impact, privacy safeguards, and cybersecurity risk.
- It is being seen as a major concession to shareholders, who have campaigned for a risk committee.
- They welcomed the news but said Facebook would be judged by its actions and not by its promises.
Facebook has beefed up the power of its audit committee in what is being claimed as a major victory for shareholders who were angered by the Cambridge Analytica data disaster and other scandals.
On Friday, Facebook quietly changed the name of its audit committee - which is chaired by the former White House chief of staff Erskine Bowles - to the audit and risk oversight committee.
The committee's responsibilities have also been increased to encompass three major issues:
- It will review how Facebook "services can be used to facilitate harm or undermine public safety or the public interest." This could be read as a reference to fake news and election interference.
- It will investigate Facebook's "privacy program" following the Cambridge Analytica, in which the accounts of up to 87 million users were compromised.
- Facebook's "cybersecurity risk exposures" will also be analyzed by the committee.
Bowles' group of executives, who include Marc Andreessen, Kenneth Chenault, and Jeffrey Zients, will conduct these reviews at least once a year.
The changes follow pressure from investors on Facebook to establish an independent risk committee. In fact, this very proposal was tabled at Facebook's investor meeting last month and attracted support from 45% of the company's independent shareholders.
A 'necessary and positive' move
Jonas Kron, a senior vice president of Trillium Asset Management, which tabled the proposal on behalf of its client Park Foundation, welcomed Facebook's decision to beef up its audit committee.
"This is a very necessary and positive development," he told Business Insider. "It provides investors with a clearer understanding of who has ultimate responsibility for overseeing privacy, social impact, cybersecurity, and compliance."
Kron, who manages about $10 million of Facebook stock on behalf of Park Foundation, did strike a note of caution, however. He said the committee should be given appropriate power to hold management to account and should meet every three months, or at least twice a year.
Open Mic, an organization that helps shareholders campaign to improve governance at some of America's biggest companies, said it was an "important step" showing Facebook had "responded to pressure from shareholders."
Its executive director, Michael Connor, who worked with Trillium on its proposal, added: "Facebook will continue to be judged by how it actually avoids risks and harms to its billions of users, not by what it promises."
In a statement, Bowles played down the idea that Facebook made the change in response to shareholders. He said: "Facebook has grown significantly since going public, and so has the role of the audit committee, especially its role managing risk oversight.
"To reflect this, the board updated the committee's charter to clarify how the committee's role has grown, as well as to address other emerging issues, particularly in the areas of privacy and data use, community safety and security, and cybersecurity."