Not long now …. The event will be starting

soon …. The presenters ARE on line ….

We shall be starting at

10:00 AM (EST)

Remember to turn your PC

sound ON to hear this

webinar

HARNESSING SOCIAL MEDIA IN THE

BANKING SECTOR: HOW TO MANAGE

REGULATORY AND LEGAL RISK

Presented by:

Berwin Leighton Paisner LLP

Welcome to the

BAFT-IFSA Presentation Series

Sponsored by the

BAFT-IFSA Supplier Committee

Date Presenting Supplier

Upcoming BAFT-IFSA supplier webinars

Webinar agenda – 60 min

Welcome & Introduction

Courtney McCarty

BAFT-IFSA

Presentation

HARNESSING SOCIAL MEDIA IN THE BANKING SECTOR:

HOW TO MANAGE REGULATORY AND LEGAL RISK

MARK LEWIS

PARTNER

HEAD OF IT & OUTSOURCING PRACTICE

BERWIN LEIGHTON PAISNER LLP, LONDON

Mark Lewis Partner, Head of Commercial Practice, Head of Outsourcing Sector Group,

Co-Chair India Group, Berwin Leighton Paisner LLP, London

29 years’ legal practice, including as senior counsel to the UK Treasury, Cabinet Office and other government agencies

Specialist IT and outsourcing lawyer

Engaged in some of the first banking IT and outsourcing projects globally

Advises on legal and regulatory issues in advance technology, including cloud computing, social media and payment processes

Strong focus on banking, insurance, investment management, fund management and other financial sectors

Advises both customers and providers to the sector: unusual perspective

Overall perspective: in the early days, the banks controlled/could control their technology environment. Nowadays, it’s different….

Introduction

Approach

The inevitable stats

The path through ADCs to social media in retail banking

Adoption in the global financial services industry

The opportunity for banks, and some of those who have…

Business and operational risk

Legal and regulatory risk

Regulatory landscape in the USA and UK, and how to manage risk now and for the future

Q&A

Inevitable stats

1 billion active monthly users

140 million active users, 350 million tweets a day

185 million members in 200+ territories

The path through ADCs to social media in retail banking

ADCs: alternative delivery channels other than traditional bank branches used to meet customer needs

ATM (prototype 1939, modern ATM patented 1966, first installed commercially in a Barclays branch London 1967, first produced USA 1968)

Telephone Interactive Voice Response (IVR)

Online banking

Short Message Service (SMS) banking text alerts and bill payment

Automated Clearing House (ACH) electronic payments

Mobile banking

Email alerts and notifications

Fax banking services

Video banking

Online social media banking, including payment services for virtual and real goods

• ICT Banking Strategies Designed to Grow and Retain E-Commerce: Alternative Delivery Channels’ Customer Base, Rudolph Strong, University of Wisconsin Stout, January 12, 2011 http://ssrn.com/abstract=1941095

• Federal Reserve Bank of Kansas City, Payments System Research Briefing, Where Social Networks, Payments and Banking Intersect, Terri Bradford, December 2012, http://kansascityfed.org/publicat/PSR/Briefings/psr-briefingdec2012.pdf

Adoption in the global financial services industry

Since March 2009, tracking and benchmarking how financial institutions use social media channels, mainly Facebook and Twitter – Visible Banking Watch Series

March 2009: 54 financial institutions (FIs) owned social media accounts

September 2011 tracking :

1,000 FI pages and apps on Facebook

1,500 FI Twitter accounts

in 75 countries

September 2011: 67% of the FIs pages tracked on Facebook were “open wall”

What is perceived to be the main blocker to banks adopting social media?

http://www.visiblebanking.com

http://www.visiblebanking.com/two-third-facebook-pages-financial-services-at-risk

The opportunity for banks

“People like me”: enhance the brand Increase, broaden and tighten customer relationships Brand loyalty: increase customer satisfaction and

responsiveness Increase trades and financial transactions in the ‘real economy’ Drive revenue Reduce cost, especially in service, sales and marketing As ever, technology is the enabler Likely retail banking IT spend US$135bn by 2015 (Retail Banking

Technology Through 2015, Datamonitor/Ovum, 2012)

• KPMG, Evolving Banking Regulation, EMA Edition, February 2013, http://www.kpmg.com/global/en/issuesandinsights/articlespublications/evolving-banking-regulation/pages/default.aspx

• Accenture, Social Banking, The Social Networking Imperative for Retail Banks, 2011, http://www.accenture.com/SiteCollectionDocuments/PDF/Accenture-Social-Banking-Retail.pdf

Some of those who have…

https://twitter.com/vantagecu

Facebook Banking

Welcome to the world of Social Banking with FNB.

This service allows you to use your FNB Account to send

vouchers to your Facebook friends and do limited banking

and prepaid purchases directly on Facebook.

You can now do limited banking on Facebook, by linking

your FNB Banking account to your Facebook profile. Buy

airtime, SMS bundles or data bundles for yourself directly

from your FNB Banking account on Facebook.

https://www.fnb.co.za/social-banking/index.html

Business risk

The Generation Y hazard: the blurring of business and personal lives and information throughout the day and night

“Real tension between what advertisers wanted and free expression”: Sheryl Sandberg, COO Facebook, Financial Times, June 1/June 2 2013, p16

Social media and mass audience sites give rise to the highest concentration of online security risks

Social networking sites regularly targeted by cyber criminals

“Careless talk costs business”

Digital wildfires: the risk of automated /non-automated rapid distribution of false information

Reputational risk and negative branding: “open wall”, employee conduct

Not monitoring social media for “anti” campaigns and parody accounts

Social media not moderating inappropriate content alongside legitimate advertisements

• Cisco, Annual Security Report 2013,

http://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=5701&KeyCode=000112137 • World Economic Forum , Global Risks 2013 - Eighth Edition, http://www.weforum.org/reports/global-risks-2013-

eighth-edition

Operational risk

Identity theft

Introduction and distribution of malware

Social engineering, e.g. phishing, pharming, pretexting

Disclosure of IP or other sensitive or proprietary information

Immaturity and rapid evolution of social media

Managing employee access

Measuring impact, effectiveness and ROI

Lack of centralised governance

Physical security breaches

Presence, volume and duration of positive and negative chatter

Loss of employee productivity, distraction and carelessness

• BITS Financial Services Roundtable, Social Media Risks and Mitigation, June 2011,

http://www.bits.org/publications/security/BITSSocialMediaJun2011.pdf

Regulatory breaches:

inadvertent, unfair, misleading or unauthorised marketing and promotions, technological limitations in certain devices

breach of market/exchange rules, e.g. SEC (Reg FD)

breach of data retention regulations, e.g. NASD/FINRA, EU data protection directive rules

breach of specific social media financial services regulation and guidance, e.g. FCA, FINRA, SEC and FFIEC

Pre-screening, hiring and employment risks

Payment Card Industry (PCI) data risk

Privacy and data protection breaches

Confidentiality breaches

Advertent/ inadvertent disclosure of bank or third party IP or proprietary processes

Additional litigation risk caused by the above

Legal and regulatory risk

Federal Financial Institutions Examinations Council (FFIEC), Docket No. FFIEC-2013-0001, Social Media: Consumer Compliance Risk Management Guidance, January 23rd 2013

Closing date for comments March 25th 2013, formal guidance to follow

To help FIs identify potential risk areas in social media to address, and to ensure they are aware of their responsibilities to oversee and control these risks within their overall risk management programs: p 6

By reference to a range of risks and relevant legislation, from the Truth in Savings Act/Regulation DD and Part 707 – Fair Credit Reporting Act, via the Gramm-Leach-Bliley Act Privacy Rules and Data Security Guidelines: pp 13 -26

Risks identified:

Compliance and Legal Risks: p 12

Reputation Risk: p 26

Operational Risk: p 30

• http://www.ffiec.gov/press/pr012213.htm

• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf

• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf

• http://www.ffiec.gov/press/pr012213.htm

• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf

• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf

Regulatory landscape: USA, FFIEC Guidance

FFIEC risk management expectations

FIs to have risk management programs that enable them to identify, measure, monitor and control social media risk

Size and complexity of risk management program to be commensurate with the breadth of FIs’ involvement in social media

Risk management program should be designed with input from specialists in compliance, technology, information security, legal, HR and marketing

Even if a FI doesn’t use social media actively, it must monitor and address negative commentary and complaints in social media

Overall, reaffirms that the same standards as apply to “traditional” media should apply in use of social media

• http://www.ffiec.gov/press/pr012213.htm

• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf

• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf

FFIEC risk management program key components

Governance structure – clear roles/responsibilities, controls, ongoing risk assessment

Policies and procedures about use and monitoring of social media and compliance with all applicable laws and regulations, including methodologies for dealing with negative comments/complaints/replies and data retention

Due diligence process for selecting and managing third party social media providers

Employee training programs, including for official, work-related and personal use of social media

Oversight process for monitoring information posted on social media sites used by the FI or third parties on its behalf

Audit and compliance functions to ensure ongoing compliance with the program

Reporting process and parameters: appropriate reports to FI’s directors/senior management to enable periodic evaluation of the program

• http://www.ffiec.gov/press/pr012213.htm

• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf

• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf

Effective April 1st, 2013, FSA replaced by Financial Conduct Authority (FCA)

FCA likely to be more aggressive in protecting consumer rights than the FSA and will actively monitor behaviour of FIs’ use of social media in the UK

With the FCA came extensive guidance and rules on FIs’ use of social media, replacing the FSA’s high-level guidance, Financial promotions using new media, June 2010

Sources:

Conduct of Business Sourcebook (COBS), communications and financial promotions to be “fair, clear and not misleading”

Perimeter Guidance Manual (PERG), Ch. 8, financial promotions: technology and medium neutral

PERG 8.22, “The Internet”, including what is a financial promotion, e.g. hypertext links

SYSC 3 (Systems and Controls), and SYSC 4 (General Organisational Requirements)

Financial promotions communication rules; COBS 4, BCOBS 2 (banking) and MCOB 3 (mortgages/home finance) – see next slide

• http://fshandbook.info/FS/html/FCA/COBS/4/2 http://www.fshandbook.info/FS/html/FCA/PERG/8

• http://www.fshandbook.info/FS/html/FCA/PERG/8/22 http://www.fshandbook.info/FS/html/FCA/COBS/4

• http://www.fshandbook.info/FS/html/FCA/BCOBS/2 http://www.fshandbook.info/FS/html/FCA/MCOB/3

• http://www.fshandbook.info/FS/html/FCA/SYSC/3/1 http://www.fshandbook.info/FS/html/FCA/SYSC/4#D1

• http://www.ffiec.gov/press/pr012213.htm

• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf

• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf

Regulatory landscape: UK, FCA Guidance

Policy and training

Construct and document social media policy

Train employees in policy

Monitor and identify breaches, and follow up with employees when discovered

Social media content

“Fair, clear and not misleading”

As communicated, content to be compliant (“standalone compliant”)

Financial promotions must be approved by FCA authorised persons

Timely withdrawal of approval when it should no longer continue

Supervision

Construct and implement sound systems and controls to ensure compliance

Vet and approve all social media business communications

Monitor and identify policy breaches, and take appropriate action

Actively monitor interactive content and messaging

Capture, archiving and retrieval of social media data

Record and retain for the required period(s) all financial communications through social media

• Attribution: “Social media compliance under the new “twin peaks” UK financial services regulatory structure, Zarabi and Herfkens, hearsaysocial, http://hearsaysocial.com/2013/04/fca-social-media-compliance/

• http://www.ffiec.gov/press/pr012213.htm

• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf

• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf

FCA social media compliance requirements

Questions

Answers

For additional information, please contact:

mark.lewis@blplaw.com, +44 203 400 4214

THANK YOU!

BAFT-IFSA and the Supplier Committee

BAFT-IFSA is the premier global financial services association formed by the merger of the

Bankers’ Association for Finance and Trade (BAFT) and the International Financial Services

Association (IFSA). It provides advocacy, education and community-building opportunities for

financial services institutions around the globe as well as suppliers to the financial services

industry. BAFT-IFSA is the leading forum for analysis, discussion and action among

international financial professionals on a wide range of topics affecting transaction banking,

including trade finance, payments, and compliance. For additional information log on to our

website www.BAFT-IFSA.com or contact BAFT-IFSA at info@BAFT-IFSA.com.

The goal of the Supplier Committee is to broaden the industry point of view regarding issues

confronting the financial community. The Suppliers Partners Committee will add its knowledge

and expertise to offer solutions in partnership with the financial community.