Review of ADCs in banking sector from ATMS to social media. Consideration of operational, legal and regulatory risks for "grown up" financial services institutions adopting social media channels. Analysis of social media regulation and guidance: FFIEC (USA) and FCA (UK)
Managing Regulatory and Legal Risk of Social Media in Banking
1. Not long now …. The event will be starting
soon …. The presenters ARE on line ….
We shall be starting at
10:00 AM (EST)
Remember to turn your PC
sound ON to hear this
webinar
2. HARNESSING SOCIAL MEDIA IN THE
BANKING SECTOR: HOW TO MANAGE
REGULATORY AND LEGAL RISK
Presented by:
Berwin Leighton Paisner LLP
Welcome to the
BAFT-IFSA Presentation Series
Sponsored by the
BAFT-IFSA Supplier Committee
4. Webinar agenda – 60 min
Welcome & Introduction
Courtney McCarty
BAFT-IFSA
Presentation
HARNESSING SOCIAL MEDIA IN THE BANKING SECTOR:
HOW TO MANAGE REGULATORY AND LEGAL RISK
MARK LEWIS
PARTNER
HEAD OF IT & OUTSOURCING PRACTICE
BERWIN LEIGHTON PAISNER LLP, LONDON
5. Mark Lewis
Partner, Head of Commercial Practice, Head of OutsourcingSector Group,
Co-Chair India Group, Berwin Leighton Paisner LLP, London
29 years’ legal practice, including as senior counsel to the UK Treasury,
Cabinet Office and other government agencies
Specialist IT and outsourcing lawyer
Engagedin some of the first banking IT and outsourcingprojects globally
Advises on legal and regulatory issues in advance technology,including
cloud computing, social media and payment processes
Strong focus on banking, insurance, investment management,fund
managementand other financial sectors
Advises both customers and providers to the sector: unusual perspective
Overall perspective: in the early days, the banks controlled/couldcontrol
their technology environment.Nowadays, it’s different….
Introduction
6. Approach
The inevitable stats
The path through ADCs to social media in retail banking
Adoption in the global financial services industry
The opportunity for banks, and some of those who have…
Business and operational risk
Legal and regulatory risk
Regulatory landscape in the USA and UK, and how to
manage risk now and for the future
Q&A
7. Inevitable stats
1 billion active monthly users
140 million active users, 350 million
tweets a day
185 million members in 200+ territories
8. The path through ADCs to social media in retail banking
ADCs: alternative delivery channels other than traditional bank branches used to meet
customer needs
ATM (prototype 1939, modern ATM patented 1966, first installed commercially in a
Barclays branch London 1967, first produced USA 1968)
Telephone Interactive Voice Response (IVR)
Online banking
Short Message Service (SMS) banking text alerts and bill payment
Automated Clearing House (ACH) electronic payments
Mobile banking
Email alerts and notifications
Fax banking services
Video banking
Online social media banking, including payment services for virtual and real goods
• ICT Banking Strategies Designed to Grow and Retain E-Commerce: Alternative Delivery Channels’ Customer
Base, Rudolph Strong, University of Wisconsin Stout, January 12, 2011 http://ssrn.com/abstract=1941095
• Federal Reserve Bank of Kansas City, Payments System Research Briefing, Where Social Networks,
Payments and Banking Intersect, Terri Bradford, December 2012,
http://kansascityfed.org/publicat/PSR/Briefings/psr-briefingdec2012.pdf
9. Adoption in the global financial services industry
Since March 2009, trackingand benchmarkinghow financial institutions use
social media channels,mainly Facebook and Twitter – Visible BankingWatch
Series
March 2009: 54 financial institutions (FIs)owned social media accounts
September 2011 tracking :
1,000 FI pages and apps on Facebook
1,500 FI Twitter accounts
in 75 countries
September 2011: 67% of the FIs pages tracked on Facebook were “open wall”
What is perceived to be the main blocker to banks adopting social media?
http://www.visiblebanking.com
http://www.visiblebanking.com/two-third-facebook-pages-financial-services-at-risk
10. The opportunity for banks
“People like me”: enhance the brand
Increase, broaden and tighten customer relationships
Brand loyalty: increase customer satisfaction and
responsiveness
Increase trades and financial transactions in the ‘real economy’
Drive revenue
Reduce cost, especially in service, sales and marketing
As ever, technology is the enabler
Likely retail banking IT spend US$135bn by 2015 (Retail Banking
Technology Through 2015, Datamonitor/Ovum, 2012)
• KPMG, Evolving Banking Regulation, EMA Edition, February 2013,
http://www.kpmg.com/global/en/issuesandinsights/articlespublications/evolving-banking-
regulation/pages/default.aspx
• Accenture, Social Banking, The Social Networking Imperative for Retail Banks, 2011,
http://www.accenture.com/SiteCollectionDocuments/PDF/Accenture-Social-Banking-Retail.pdf
11. Some of those who have…
https://twitter.com/vantagecu
Facebook Banking
Welcome to the world of Social Banking with FNB.
This service allows you to use your FNB Account to send
vouchers to your Facebook friends and do limited banking
and prepaid purchases directly on Facebook.
You can now do limited banking on Facebook, by linking
your FNB Banking account to your Facebook profile. Buy
airtime, SMS bundles or data bundles for yourself directly
from your FNB Banking account on Facebook.
https://www.fnb.co.za/social-banking/index.html
12. Business risk
The GenerationY hazard: the blurring of business and personal lives and information
throughoutthe day and night
“Real tensionbetweenwhat advertiserswantedand free expression”:Sheryl
Sandberg,COO Facebook,Financial Times,June 1/June 2 2013, p16
Social media and mass audiencesites give rise to the highestconcentrationof online
security risks
Social networkingsites regularly targetedby cyber criminals
“Carelesstalk costs business”
Digital wildfires: the risk of automated/non-automatedrapid distribution of false
information
Reputationalrisk and negativebranding:“open wall”, employeeconduct
Not monitoringsocial media for “anti” campaignsand parody accounts
Social media not moderatinginappropriate contentalongsidelegitimate
advertisements
• Cisco, Annual Security Report 2013,
http://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=5701&KeyCode=000112137
• World Economic Forum , Global Risks 2013 - Eighth Edition, http://www.weforum.org/reports/global-risks-2013-
eighth-edition
13. Operational risk
Identity theft
Introduction and distribution of malware
Social engineering,e.g. phishing, pharming, pretexting
Disclosure of IP or other sensitive or proprietary information
Immaturity and rapid evolution of social media
Managingemployee access
Measuring impact,effectiveness and ROI
Lack of centralisedgovernance
Physical security breaches
Presence,volume and duration of positive and negative chatter
Loss of employee productivity, distraction and carelessness
• BITS Financial Services Roundtable, Social Media Risks and Mitigation, June 2011,
http://www.bits.org/publications/security/BITSSocialMediaJun2011.pdf
14. Regulatory breaches:
inadvertent,unfair, misleadingor unauthorisedmarketingand
promotions, technological limitations in certain devices
breach of market/exchangerules, e.g. SEC (Reg FD)
breach of data retention regulations, e.g. NASD/FINRA, EU data
protection directive rules
breach of specific social media financial services regulation and
guidance, e.g. FCA, FINRA, SEC and FFIEC
Pre-screening, hiring and employment risks
Payment Card Industry (PCI) data risk
Privacy and data protection breaches
Confidentialitybreaches
Advertent/ inadvertentdisclosure of bank or third party IP or proprietary
processes
Additional litigation risk caused by the above
Legal and regulatory risk
15. FederalFinancialInstitutionsExaminationsCouncil (FFIEC),Docket No. FFIEC-2013-
0001, Social Media: ConsumerComplianceRisk ManagementGuidance,January 23rd
2013
Closingdate for commentsMarch 25th 2013, formal guidanceto follow
To help FIs identifypotentialrisk areas in social media to address,and to ensure they
are aware of their responsibilitiesto oversee and control these risks within their
overall risk managementprograms: p 6
By referenceto a range of risks and relevantlegislation,from the Truth in Savings
Act/RegulationDD and Part 707 – Fair Credit Reporting Act, via the Gramm-Leach-
Bliley Act Privacy Rules and Data Security Guidelines:pp 13 -26
Risks identified:
Complianceand LegalRisks: p 12
ReputationRisk: p 26
OperationalRisk: p 30
• http://www.ffiec.gov/press/pr012213.htm
• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf
• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf
Regulatory landscape: USA, FFIEC Guidance
16. FFIEC risk management expectations
FIs to have risk managementprograms that enable them to identify,
measure, monitor and control social media risk
Size and complexity of risk managementprogram to be commensurate with
the breadth of FIs’ involvement in social media
Risk managementprogram should be designedwith input from specialists
in compliance, technology,information security,legal, HR and marketing
Even if a FI doesn’t use social media actively, it must monitor and address
negative commentary and complaints in social media
Overall, reaffirms that the same standardsas apply to “traditional” media
should apply in use of social media
17. FFIEC risk management program key components
Governance structure – clear roles/responsibilities, controls, ongoing risk
assessment
Policies and procedures about use and monitoring of social media and
compliance with all applicable laws and regulations,including
methodologies for dealingwith negative comments/complaints/replies and
data retention
Due diligence process for selectingand managingthird party social media
providers
Employee training programs, including for official, work-relatedand
personal use of social media
Oversight process for monitoring information posted on social media sites
used by the FI or third parties on its behalf
Audit and compliance functions to ensure ongoing compliance with the
program
Reporting process and parameters:appropriate reports to FI’s
directors/seniormanagementto enable periodic evaluation of the program
18. Effective April 1st, 2013, FSA replaced by Financial Conduct Authority (FCA)
FCA likely to be more aggressive in protecting consumer rights than the FSA and will actively
monitor behaviour of FIs’ use of social media in the UK
With the FCA came extensive guidance and rules on FIs’ use of social media, replacing the
FSA’s high-level guidance, Financial promotions using new media, June 2010
Sources:
Conduct of Business Sourcebook (COBS), communications and financial promotions to be
“fair, clear and not misleading”
Perimeter Guidance Manual (PERG), Ch. 8, financial promotions: technology and medium
neutral
PERG 8.22, “The Internet”, including what is a financial promotion, e.g. hypertext links
SYSC 3 (Systems and Controls), and SYSC 4 (General Organisational Requirements)
Financial promotions communication rules; COBS 4, BCOBS 2 (banking) and MCOB 3
(mortgages/home finance) – see next slide
• http://fshandbook.info/FS/html/FCA/COBS/4/2 http://www.fshandbook.info/FS/html/FCA/PERG/8
• http://www.fshandbook.info/FS/html/FCA/PERG/8/22 http://www.fshandbook.info/FS/html/FCA/COBS/4
• http://www.fshandbook.info/FS/html/FCA/BCOBS/2 http://www.fshandbook.info/FS/html/FCA/MCOB/3
• http://www.fshandbook.info/FS/html/FCA/SYSC/3/1 http://www.fshandbook.info/FS/html/FCA/SYSC/4#D1
Regulatory landscape: UK, FCA Guidance
19. Policy and training
Construct and document social media policy
Train employees in policy
Monitor and identify breaches, and follow up with employees when discovered
Social media content
“Fair, clear and not misleading”
As communicated, content to be compliant (“standalone compliant”)
Financial promotions must be approved by FCA authorised persons
Timely withdrawal of approval when it should no longer continue
Supervision
Construct and implement sound systems and controls to ensure compliance
Vet and approve all social media business communications
Monitor and identify policy breaches, and take appropriate action
Actively monitor interactive content and messaging
Capture, archiving and retrieval of social media data
Record and retain for the required period(s) all financial communications through social
media
• Attribution: “Social media compliance under the new “twin peaks” UK financial services regulatory structure,
Zarabi and Herfkens, hearsaysocial, http://hearsaysocial.com/2013/04/fca-social-media-compliance/
FCA social media compliance requirements
22. BAFT-IFSA and the Supplier Committee
BAFT-IFSA is the premier global financial services association formed by the merger of the
Bankers’ Association for Finance and Trade (BAFT) and the International Financial Services
Association (IFSA). It provides advocacy, education and community-building opportunities for
financial services institutions around the globe as well as suppliers to the financial services
industry. BAFT-IFSA is the leading forum for analysis, discussion and action among
international financial professionals on a wide range of topics affecting transaction banking,
including trade finance, payments, and compliance. For additional information log on to our
website www.BAFT-IFSA.com or contact BAFT-IFSA at info@BAFT-IFSA.com.
The goal of the Supplier Committee is to broaden the industry point of view regarding issues
confronting the financial community. The Suppliers Partners Committee will add its knowledge
and expertise to offer solutions in partnership with the financial community.