Upload
berwin-leighton-paisner-llp
View
446
Download
1
Embed Size (px)
DESCRIPTION
Review of ADCs in banking sector from ATMS to social media. Consideration of operational, legal and regulatory risks for "grown up" financial services institutions adopting social media channels. Analysis of social media regulation and guidance: FFIEC (USA) and FCA (UK)
Citation preview
Not long now …. The event will be starting
soon …. The presenters ARE on line ….
We shall be starting at
10:00 AM (EST)
Remember to turn your PC
sound ON to hear this
webinar
HARNESSING SOCIAL MEDIA IN THE
BANKING SECTOR: HOW TO MANAGE
REGULATORY AND LEGAL RISK
Presented by:
Berwin Leighton Paisner LLP
Welcome to the
BAFT-IFSA Presentation Series
Sponsored by the
BAFT-IFSA Supplier Committee
Date Presenting Supplier
Upcoming BAFT-IFSA supplier webinars
Webinar agenda – 60 min
Welcome & Introduction
Courtney McCarty
BAFT-IFSA
Presentation
HARNESSING SOCIAL MEDIA IN THE BANKING SECTOR:
HOW TO MANAGE REGULATORY AND LEGAL RISK
MARK LEWIS
PARTNER
HEAD OF IT & OUTSOURCING PRACTICE
BERWIN LEIGHTON PAISNER LLP, LONDON
Mark Lewis Partner, Head of Commercial Practice, Head of Outsourcing Sector Group,
Co-Chair India Group, Berwin Leighton Paisner LLP, London
29 years’ legal practice, including as senior counsel to the UK Treasury, Cabinet Office and other government agencies
Specialist IT and outsourcing lawyer
Engaged in some of the first banking IT and outsourcing projects globally
Advises on legal and regulatory issues in advance technology, including cloud computing, social media and payment processes
Strong focus on banking, insurance, investment management, fund management and other financial sectors
Advises both customers and providers to the sector: unusual perspective
Overall perspective: in the early days, the banks controlled/could control their technology environment. Nowadays, it’s different….
Introduction
Approach
The inevitable stats
The path through ADCs to social media in retail banking
Adoption in the global financial services industry
The opportunity for banks, and some of those who have…
Business and operational risk
Legal and regulatory risk
Regulatory landscape in the USA and UK, and how to manage risk now and for the future
Q&A
Inevitable stats
1 billion active monthly users
140 million active users, 350 million tweets a day
185 million members in 200+ territories
The path through ADCs to social media in retail banking
ADCs: alternative delivery channels other than traditional bank branches used to meet customer needs
ATM (prototype 1939, modern ATM patented 1966, first installed commercially in a Barclays branch London 1967, first produced USA 1968)
Telephone Interactive Voice Response (IVR)
Online banking
Short Message Service (SMS) banking text alerts and bill payment
Automated Clearing House (ACH) electronic payments
Mobile banking
Email alerts and notifications
Fax banking services
Video banking
Online social media banking, including payment services for virtual and real goods
• ICT Banking Strategies Designed to Grow and Retain E-Commerce: Alternative Delivery Channels’ Customer Base, Rudolph Strong, University of Wisconsin Stout, January 12, 2011 http://ssrn.com/abstract=1941095
• Federal Reserve Bank of Kansas City, Payments System Research Briefing, Where Social Networks, Payments and Banking Intersect, Terri Bradford, December 2012, http://kansascityfed.org/publicat/PSR/Briefings/psr-briefingdec2012.pdf
Adoption in the global financial services industry
Since March 2009, tracking and benchmarking how financial institutions use social media channels, mainly Facebook and Twitter – Visible Banking Watch Series
March 2009: 54 financial institutions (FIs) owned social media accounts
September 2011 tracking :
1,000 FI pages and apps on Facebook
1,500 FI Twitter accounts
in 75 countries
September 2011: 67% of the FIs pages tracked on Facebook were “open wall”
What is perceived to be the main blocker to banks adopting social media?
http://www.visiblebanking.com
http://www.visiblebanking.com/two-third-facebook-pages-financial-services-at-risk
The opportunity for banks
“People like me”: enhance the brand Increase, broaden and tighten customer relationships Brand loyalty: increase customer satisfaction and
responsiveness Increase trades and financial transactions in the ‘real economy’ Drive revenue Reduce cost, especially in service, sales and marketing As ever, technology is the enabler Likely retail banking IT spend US$135bn by 2015 (Retail Banking
Technology Through 2015, Datamonitor/Ovum, 2012)
• KPMG, Evolving Banking Regulation, EMA Edition, February 2013, http://www.kpmg.com/global/en/issuesandinsights/articlespublications/evolving-banking-regulation/pages/default.aspx
• Accenture, Social Banking, The Social Networking Imperative for Retail Banks, 2011, http://www.accenture.com/SiteCollectionDocuments/PDF/Accenture-Social-Banking-Retail.pdf
Some of those who have…
https://twitter.com/vantagecu
Facebook Banking
Welcome to the world of Social Banking with FNB.
This service allows you to use your FNB Account to send
vouchers to your Facebook friends and do limited banking
and prepaid purchases directly on Facebook.
You can now do limited banking on Facebook, by linking
your FNB Banking account to your Facebook profile. Buy
airtime, SMS bundles or data bundles for yourself directly
from your FNB Banking account on Facebook.
https://www.fnb.co.za/social-banking/index.html
Business risk
The Generation Y hazard: the blurring of business and personal lives and information throughout the day and night
“Real tension between what advertisers wanted and free expression”: Sheryl Sandberg, COO Facebook, Financial Times, June 1/June 2 2013, p16
Social media and mass audience sites give rise to the highest concentration of online security risks
Social networking sites regularly targeted by cyber criminals
“Careless talk costs business”
Digital wildfires: the risk of automated /non-automated rapid distribution of false information
Reputational risk and negative branding: “open wall”, employee conduct
Not monitoring social media for “anti” campaigns and parody accounts
Social media not moderating inappropriate content alongside legitimate advertisements
• Cisco, Annual Security Report 2013,
http://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=5701&KeyCode=000112137 • World Economic Forum , Global Risks 2013 - Eighth Edition, http://www.weforum.org/reports/global-risks-2013-
eighth-edition
Operational risk
Identity theft
Introduction and distribution of malware
Social engineering, e.g. phishing, pharming, pretexting
Disclosure of IP or other sensitive or proprietary information
Immaturity and rapid evolution of social media
Managing employee access
Measuring impact, effectiveness and ROI
Lack of centralised governance
Physical security breaches
Presence, volume and duration of positive and negative chatter
Loss of employee productivity, distraction and carelessness
• BITS Financial Services Roundtable, Social Media Risks and Mitigation, June 2011,
http://www.bits.org/publications/security/BITSSocialMediaJun2011.pdf
Regulatory breaches:
inadvertent, unfair, misleading or unauthorised marketing and promotions, technological limitations in certain devices
breach of market/exchange rules, e.g. SEC (Reg FD)
breach of data retention regulations, e.g. NASD/FINRA, EU data protection directive rules
breach of specific social media financial services regulation and guidance, e.g. FCA, FINRA, SEC and FFIEC
Pre-screening, hiring and employment risks
Payment Card Industry (PCI) data risk
Privacy and data protection breaches
Confidentiality breaches
Advertent/ inadvertent disclosure of bank or third party IP or proprietary processes
Additional litigation risk caused by the above
Legal and regulatory risk
Federal Financial Institutions Examinations Council (FFIEC), Docket No. FFIEC-2013-0001, Social Media: Consumer Compliance Risk Management Guidance, January 23rd 2013
Closing date for comments March 25th 2013, formal guidance to follow
To help FIs identify potential risk areas in social media to address, and to ensure they are aware of their responsibilities to oversee and control these risks within their overall risk management programs: p 6
By reference to a range of risks and relevant legislation, from the Truth in Savings Act/Regulation DD and Part 707 – Fair Credit Reporting Act, via the Gramm-Leach-Bliley Act Privacy Rules and Data Security Guidelines: pp 13 -26
Risks identified:
Compliance and Legal Risks: p 12
Reputation Risk: p 26
Operational Risk: p 30
• http://www.ffiec.gov/press/pr012213.htm
• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf
• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf
• http://www.ffiec.gov/press/pr012213.htm
• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf
• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf
Regulatory landscape: USA, FFIEC Guidance
FFIEC risk management expectations
FIs to have risk management programs that enable them to identify, measure, monitor and control social media risk
Size and complexity of risk management program to be commensurate with the breadth of FIs’ involvement in social media
Risk management program should be designed with input from specialists in compliance, technology, information security, legal, HR and marketing
Even if a FI doesn’t use social media actively, it must monitor and address negative commentary and complaints in social media
Overall, reaffirms that the same standards as apply to “traditional” media should apply in use of social media
• http://www.ffiec.gov/press/pr012213.htm
• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf
• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf
FFIEC risk management program key components
Governance structure – clear roles/responsibilities, controls, ongoing risk assessment
Policies and procedures about use and monitoring of social media and compliance with all applicable laws and regulations, including methodologies for dealing with negative comments/complaints/replies and data retention
Due diligence process for selecting and managing third party social media providers
Employee training programs, including for official, work-related and personal use of social media
Oversight process for monitoring information posted on social media sites used by the FI or third parties on its behalf
Audit and compliance functions to ensure ongoing compliance with the program
Reporting process and parameters: appropriate reports to FI’s directors/senior management to enable periodic evaluation of the program
• http://www.ffiec.gov/press/pr012213.htm
• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf
• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf
Effective April 1st, 2013, FSA replaced by Financial Conduct Authority (FCA)
FCA likely to be more aggressive in protecting consumer rights than the FSA and will actively monitor behaviour of FIs’ use of social media in the UK
With the FCA came extensive guidance and rules on FIs’ use of social media, replacing the FSA’s high-level guidance, Financial promotions using new media, June 2010
Sources:
Conduct of Business Sourcebook (COBS), communications and financial promotions to be “fair, clear and not misleading”
Perimeter Guidance Manual (PERG), Ch. 8, financial promotions: technology and medium neutral
PERG 8.22, “The Internet”, including what is a financial promotion, e.g. hypertext links
SYSC 3 (Systems and Controls), and SYSC 4 (General Organisational Requirements)
Financial promotions communication rules; COBS 4, BCOBS 2 (banking) and MCOB 3 (mortgages/home finance) – see next slide
• http://fshandbook.info/FS/html/FCA/COBS/4/2 http://www.fshandbook.info/FS/html/FCA/PERG/8
• http://www.fshandbook.info/FS/html/FCA/PERG/8/22 http://www.fshandbook.info/FS/html/FCA/COBS/4
• http://www.fshandbook.info/FS/html/FCA/BCOBS/2 http://www.fshandbook.info/FS/html/FCA/MCOB/3
• http://www.fshandbook.info/FS/html/FCA/SYSC/3/1 http://www.fshandbook.info/FS/html/FCA/SYSC/4#D1
• http://www.ffiec.gov/press/pr012213.htm
• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf
• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf
Regulatory landscape: UK, FCA Guidance
Policy and training
Construct and document social media policy
Train employees in policy
Monitor and identify breaches, and follow up with employees when discovered
Social media content
“Fair, clear and not misleading”
As communicated, content to be compliant (“standalone compliant”)
Financial promotions must be approved by FCA authorised persons
Timely withdrawal of approval when it should no longer continue
Supervision
Construct and implement sound systems and controls to ensure compliance
Vet and approve all social media business communications
Monitor and identify policy breaches, and take appropriate action
Actively monitor interactive content and messaging
Capture, archiving and retrieval of social media data
Record and retain for the required period(s) all financial communications through social media
• Attribution: “Social media compliance under the new “twin peaks” UK financial services regulatory structure, Zarabi and Herfkens, hearsaysocial, http://hearsaysocial.com/2013/04/fca-social-media-compliance/
• http://www.ffiec.gov/press/pr012213.htm
• http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf
• http://www.bits.org/publications/comment/FFIECSocialMediaRFC03252013.pdf
FCA social media compliance requirements
Questions
Answers
BAFT-IFSA and the Supplier Committee
BAFT-IFSA is the premier global financial services association formed by the merger of the
Bankers’ Association for Finance and Trade (BAFT) and the International Financial Services
Association (IFSA). It provides advocacy, education and community-building opportunities for
financial services institutions around the globe as well as suppliers to the financial services
industry. BAFT-IFSA is the leading forum for analysis, discussion and action among
international financial professionals on a wide range of topics affecting transaction banking,
including trade finance, payments, and compliance. For additional information log on to our
website www.BAFT-IFSA.com or contact BAFT-IFSA at [email protected].
The goal of the Supplier Committee is to broaden the industry point of view regarding issues
confronting the financial community. The Suppliers Partners Committee will add its knowledge
and expertise to offer solutions in partnership with the financial community.