Operational Risk and Social Media: Are your policies anti-social?
I think it’s safe to say that everyone has heard of Facebook and Twitter by now. Even if you don’t know a Timeline from a Tweet, it’s likely you’ve encountered social media in some form: these technologies seem to pop up on every advertisement and website today. Indeed, businesses have now realized that social media is a powerful tool that can be used to gain a competitive advantage, generate business and interact with clients. However, to ensure a firm’s risk profile is not negatively impacted by these increasingly pervasive technologies, the right policies need to be in place.
Although you might think that social media is really just a marketing tool used by PR firms or consumer goods-related industries, it is increasingly being used in the financial industry. Banks, brokers and asset managers are embracing social media to attract and interact with clients, as well as to monitor social activity and evaluate data (and ultimately feed such data into algorithmic trading strategies).
A recent Financial Times article reported that such technologies have amplified the volume and frequency of price information and have also allowed asset managers to bypass brokers for data evaluation: “Why would an asset manager spend time and money speaking to their broker for recommendations when they can either turn to another third party provider or invest in the appropriate analysis tools to assess the information themselves?”
Furthermore, internal social networks such as instant messaging and online employee discussions can speed up processes for faster connections with employees, boosting both productivity and corporate culture.
However, firms need to be aware of the downside of using such technologies, as the risks associated with increased use of social media can be quite large – especially for financial firms. With the hope of increasing awareness, identifying potential risks and appropriately addressing such risks, the Federal Financial Institutions Examination Council (FFIEC, a US government agency that promotes uniformity and consistency in the supervision of financial institutions) released the proposed guidance “Social Media: Consumer Compliance Risk Management Guidance” in late January. The guidance intends “to help financial institutions understand potential consumer compliance and legal risks, as well as related risks, such as reputation and operations risks associated with the use of social media, along with expectations for managing those risks.”
The FFIEC suggests that financial institutions should have a risk management program that “allows it to identify, measure, monitor, and control the risks related to social media” and should include: a governance structure with clear roles and responsibilities; policies and procedures regarding the use and monitoring of social media and compliance with all applicable laws; a due diligence process for selecting and managing third-party service providers; an employee training program regarding company social media policy; an oversight process for monitoring social media postings; audit and compliance functions to ensure on-going compliance; and regular evaluation of the effectiveness of the social media program.
Such risk management programs and recommendations seem obvious, especially for the regulated and data-sensitive financial world. Indeed, the cost associated with risk technologies and operations across the global financial markets are predicted to continue to accelerate, topping over US$100 billion in 2013 – a clear recognition of the importance of managing risk.
But comprehensive plans can be difficult to put in place, especially with the number of social media technologies available and being used… that senior management knows about (IDG Media ran a story on the smart use of social media, in which 19 of the top 20 customer outreach campaigns they researched were being run without the CIO’s knowledge!). Nevertheless, social media appears to be here to stay. Thus, there’s no time like the present to take a closer look at how your firm is using social media and what your firm is doing to mitigate the associated risks. Otherwise, you could risk being anti-social.