ffiec social media guidance briefing for uk financial services firms

15
Page 1 | FFIEC social media guidance briefing | January 2014 Best practice advice for UK Financial Service Institutions from the FFIEC social media guidelines Danielle Sheerin, Senior Consultant, NixonMcInnes @DanielleSheerin

Upload: danielle-sheerin

Post on 17-Aug-2014

3.468 views

Category:

Economy & Finance


0 download

DESCRIPTION

The Financial Conduct Authority (FCA) has recently announced plans to release updated guidance for financial firms operating on social media. At the moment, there is no indication about what this might contain, however, recent US social media guidelines, released by the FFIEC, provide some good insight into regulatory and risk management best practice. With this in mind, I have created a briefing document to inform UK institutions about the FFIEC guidelines and what they can learn from them.

TRANSCRIPT

Page 1: FFIEC social media guidance briefing for UK financial services firms

Page 1 | FFIEC social media guidance briefing | January 2014

Best practice advice for UK Financial Service Institutions from the FFIEC social media guidelines

Danielle Sheerin, Senior Consultant, NixonMcInnes@DanielleSheerin

Page 2: FFIEC social media guidance briefing for UK financial services firms

Page 2 | FFIEC social media guidance briefing | January 2014

•The FCA plans to publish new social media guidance for UK financial service companies in 1Q14

•This follows the final version release of the Official FFIEC Guidelines for Social Media in Banking in the US just before Christmas 2013

•Current FCA social media guidance around social media extends the guidance for financial promotions to communications on social channels but provides little insight into specific social media risks for firms

•While we don’t know as yet what the new FCA guidance will cover, the FFIEC release provides some useful insight into social media best practice for risk mitigation that can be applied by UK financial service institutions

What is this all about?

Page 3: FFIEC social media guidance briefing for UK financial services firms

Page 3 | FFIEC social media guidance briefing | January 2014

The extent of the guidanceThe FFIEC Guidance proposes a combination of expectations, considerations and advice for financial services organisations. Broadly this breaks down as:•Financial institutions are expected to manage risks associated with all types of consumer and customer communications, no matter the medium•The Guidance provides considerations that financial institutions may find useful in conducting risk assessments and crafting and evaluating policies and procedures regarding social media•Financial institutions are expected to use the Guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their involvement in social media

Page 4: FFIEC social media guidance briefing for UK financial services firms

Page 4 | FFIEC social media guidance briefing | January 2014

What does this mean in practice?So, according to the FFIEC:•Financial service institutions should have a risk framework•This framework should reflect the institution’s level of

social media activity. If the institution is not active on social media, this will be relatively light, compared to an institution operating an advanced social media strategy – however, some sort of risk management consideration should still exist

•There are no new requirements that apply directly to social media (above and beyond existing compliance requirements) BUT the guidance offers some best practice advice and some important considerations for financial service institutions crafting their risk frameworks

Page 5: FFIEC social media guidance briefing for UK financial services firms

Page 5 | FFIEC social media guidance briefing | January 2014

Why is this relevant for UK firms?So, why does this matter to you?•This is equally important for UK financial service institutions

that want to manage risk effectively•Regardless of the final content of the forthcoming FCA

guidelines, all UK financial service institutions should be proactively managing the risks associated with social media, whether they are active on social media or not

•Social media is global. Over time we would expect to see a convergence of regulation and rules so that there is a global consistency in the way customer communications are managed

Page 6: FFIEC social media guidance briefing for UK financial services firms

Page 6 | FFIEC social media guidance briefing | January 2014

What you need to doMore than anything, what the FFIEC guidance encourages is some common sense due diligence for financial service firms with regard to social media.If you are a financial service firm, and you want to use social media properly, treat it as you would any other business project and get the following elements in place:

But what sort of things should you take into consideration? Fortunately the FFIEC advice provides some insight here too.

Risk framework with controls and ongoing assessment

Strategic plan

Relevant supporting policies, processes and guidelines

Employee training

Measurement and reporting framework

Page 7: FFIEC social media guidance briefing for UK financial services firms

Page 7 | FFIEC social media guidance briefing | January 2014

Recommendations from the FFIEC guidanceThe main recommendations from the FFIEC guidance (in plain English) are:1.Make sure that all your communications are compliant2.Have a social media strategy3.Monitor social media activity around your brand4.Have processes, guidelines and training that provide the appropriate controls5.Have an audit trail6.Measure and report you activity against your strategic goalsLet’s have a look at these in more detail to see what they entail and what they might mean for you.

Page 8: FFIEC social media guidance briefing for UK financial services firms

Page 8 | FFIEC social media guidance briefing | January 2014

1. Make sure that all your communications are compliantThe FCA social media guidelines already cover compliance around financial promotions and state that the rules are generally… “media-neutral, and they focus on the content of the financial promotion, rather than the medium used to communicate it. Therefore, applying the rules to financial promotions made using new media is no different to financial promotions using any other medium.”Questions for you•Are your employees aware of their responsibilities with regard to compliance on social media? •Does your risk management include employee training on social media in a professional capacity?

Page 9: FFIEC social media guidance briefing for UK financial services firms

Page 9 | FFIEC social media guidance briefing | January 2014

2: Have a social media strategyThe FFIEC suggests you should have “a governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution.” Don’t assume that because you’re organisation does not use social media that this recommendation does not apply to you. Even if you are not active on social media, this should be because you have made a decision not to be active for clear, well documented business reasons. It should not be an omission or oversight.Questions for you•Does your organisation have a formal social media strategy that supports your business strategy and outlines clear goals for activity•Does this strategy go right to the top of your organisation with clear governance and accountability for direction and implementation sitting with the senior exec of your organisation?

Page 10: FFIEC social media guidance briefing for UK financial services firms

Page 10 | FFIEC social media guidance briefing | January 2014

3: Monitor social media activity around your brandThe FFIEC suggest that monitoring should be appropriate to provide the level of oversight commensurate with the institution’s social media activity.Questions for you•Do you monitor your own social spaces to spot customer posts that could expose you to potential reputational or privacy risk?•Even if you do not manage any social media spaces as an organisation, others may still be talking about you online. This puts you at risk of fraud, brand hijacking or PR crises. Are you aware of the risks here? Do you monitor for this? And have you considered how you would respond if any of these things happened?•If you have third parties managing your spaces do you have oversight on the posts they are making on your behalf to ensure they are compliant?

Page 11: FFIEC social media guidance briefing for UK financial services firms

Page 11 | FFIEC social media guidance briefing | January 2014

4: Have processes, guidelines and training that provide the appropriate controlsIf you are monitoring, you will need the appropriate controls in place so that you know how and when to act to mitigate the risks identified. According to the FFIEC this might include policies and procedures, employee training and other guidance relevant to your activities.Questions for you•If a customer posts a negative comment or complaint, what is your policy and process for handling this? •How will you act if someone posts personal details online, creating a privacy risk? •Do you have escalation processes in place? •Do your staff training, policies and guidelines provide sufficient guidance that staff know what they can and can’t say on social media in a professional or personal capacity?

Page 12: FFIEC social media guidance briefing for UK financial services firms

Page 12 | FFIEC social media guidance briefing | January 2014

5: Keep an audit trailAccording to the FFIEC you should include “audit and compliance

functions to ensure ongoing compliance with internal policies and all applicable laws and regulations”.

Questions for you•Are you tracking your conversations on social media and

keeping records of conversations? •Do you have a robust approach to complaints identification and

handling on social media? •Are you able to manage and report on customer issues

originating in social media in the same way as those in other media?

Page 13: FFIEC social media guidance briefing for UK financial services firms

Page 13 | FFIEC social media guidance briefing | January 2014

6: Measure and report you activity against your strategic goalsThe FFIEC also states that you should provide “appropriate reporting to the financial institution’s board of directors or senior management that enables periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives”. This does not mean you must show the ROI for your social media activity, it just means you should know why you are doing what you are doing and if it is working.Questions for you•Do you have a measurement framework in place that lets you track how your social media is delivering against your strategy?•Do you report on this and have processes in place to ensure that insights from this are acted on and your strategy and tactical activity on social media are evolved accordingly?

Page 14: FFIEC social media guidance briefing for UK financial services firms

Page 14 | FFIEC social media guidance briefing | January 2014

ConclusionThe FFIEC guidelines are obviously not obligatory for UK financial service firms. However, adopting their recommendations would certainly put you in a good place with regard to your understanding of the risks social media poses your organisation and the mitigations you can take. And this is a good position for your business to be in ahead of the new FCA social media guidelines this spring.

Page 15: FFIEC social media guidance briefing for UK financial services firms

Page 15 | FFIEC social media guidance briefing | January 2014

About the authorDanielle Sheerin is a senior

consultant at NixonMcInnes, specialising in digital transformation in financial services.

NixonMcInnes is a UK-based consultancy that helps organisations address the digital challenge by developing cultures, strategies and structures that allow them to be more innovative, agile and collaborative.

If you would like support with managing social media risks in your organisation, please get in touch on +44 1273 764015 or email [email protected]

Cover image by Sean MacEntee