There was never any doubt that – sooner or later – the regulators would recognize the need for better guidance on the use of social media in banks. The risks are, frankly, considerable. Mis-selling, poor investment advice and financial scams are already becoming more commonplace on social media channels, while errant tweets and poorly-advised disclosures on Facebook have shifted stocks and threatened market volatility.
And while many of these risks have always been present for banks – mis-selling and bad investment advice were industry challenges long before social media – the issue has been greatly accentuated by the speed, accessibility and lack of formal process that social brings.
Not surprising, then, that the regulators are perking up on the topic. In the UK, the Financial Conduct Authority (FCA) reinforced that their rules remain the same regardless of the communication channel. They have also suggested that they will monitor financial organizations’ use of social media channels as part of their regular market surveillance exercises.
And while the US regulators have been somewhat slower to offer guidance to regulate the use of social media by banks and the investment industry, the SEC did say in April that it would accept the use of social media for earnings announcements and other material disclosure as long as investors were aware that the channel represented an authorized source.
With little specific guidance available, many banks and a growing number of industry bodies are now looking at developing their own approach to helping ensure that the channel complies with relevant regulation. In the US, for example, the Federal Financial Institutions Examination Council released a set of draft guidelines on the risks of using social media in client/customer interactions.
This is a prudent strategy. For one, banks would be wise to get out ahead of the regulators by creating a Code of Conduct (universal if possible; bank by bank at the very least) that not only ensures compliance with existing regulation, but also helps employees across the bank to understand their individual obligations and group expectations. The current lack of specific regulation on social media also creates new risks that banks should be working to mitigate through a thorough review of their compliance policies.
Likely one of the most challenging areas that banks and regulators will need to face will stem from banks’ prospective use of Big Data and information collected from social media. Regulators will no doubt be keen to ensure that any information the banks collect is properly secured and managed within the current data privacy and security guidelines. And given that most Big Data is unstructured and often user supplied, regulators will also want to ensure that any information being used is receiving proper due diligence.
However, as the banks start to delve further into the world of social media and Big Data by – let’s say – harvesting data to develop individualized service offerings to commercial clients, regulation will likely become increasingly complex. As such, banking executives will want to build stronger relationships between their IT, compliance and risk departments and the core business.
The reality is that – in most jurisdictions – financial services regulatory oversight already extends over social media. Indeed, in the EU, the notion of ‘durable mediums’ is fairly clear that its requirements apply to all digital media, current or future. Many other regulators around the world have also suggested that – unless other regulation is promulgated – banks had best apply the current regulatory framework to their social media activities.
This means that CEOs and other senior executives will need to find a keen balance between supporting innovation and ensuring that their regulatory and compliance controls remain tight. In particular, banking executives will want to focus on ensuring that all of the inputs, regardless of channel, are being captured from the sales and marketing phase through to any post-sales interactions so that the sales process can be reconstructed.
It is also important to recognize, however, that banks – particularly in Europe and the US – are already dealing with a mounting regulatory burden and, as such, social media ranks rather low on the list of priorities.
However, rather than create a new ‘social media workstream’ to grapple with the issue, banking executives may simply need reinforce that the current rules apply to all channels, social or not. Just to be sure, they may also want to task their compliance departments with working within the bank to ensure that controls are being appropriately applied and that any new policy change within the bank reflects the potential future use of social media.
By embedding the realities of social media – both present and future – into compliance strategy and change programs, we believe banks can more easily get ahead of regulatory change and – in the meantime – do their best to minimize their regulatory risk.
By Giles Williams, Partner, Regulatory Centre of Excellence, KPMG in the UK