French Caldwell

A member of the Gartner Blog Network

French Caldwell
VP and Gartner Fellow
15 years at Gartner
19 years IT industry

French Caldwell is a vice president and Gartner Fellow in Gartner Research, where he leads governance, risk and compliance research. Mr. Caldwell also writes and presents on knowledge management. His research includes analysis of the impact… Read Full Bio

Coverage Areas:

Next Up in Financial Services Regulation: Social Media Risk Management

by French Caldwell  |  January 25, 2013  |  1 Comment

I’ve read through new draft guidance from U.S. financial services regulators on the use of social media.  What struck me most is that instead of taking a compliance and control point of view, it talks instead of risks, and the need to ensure that social media risks are included in your risk management program.  That’s not to say that FSIs should take the guidance as merely advisory – as I learned in the Navy, a suggestion from a senior officer is an order. 

So here a few of the orders from the draft guidance:

  • Although this guidance does not impose additional obligations on financial institutions, as with any new process or product channel, financial institutions must manage potential risks associated with social media usage and access
  • The risk management program should be designed with participation from specialists in compliance, technology, information security, legal, human resources, and marketing
  • Financial institutions’ incident response protocol regarding a security event, such as a data breach or account takeover, should include social media, as appropriate
  • Components of a risk management program should include the following:
    • A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution
    • Policies and procedures (either stand-alone or incorporated into other policies and procedures) regarding the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations, and guidance
    • A due diligence process for selecting and managing third-party service provider relationships
    • An employee training program
    • An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party
    • Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance
    • Appropriate reporting to the financial institution’s board of directors or senior management

And the last sentence of the draft is a comprehensive mandate — As with any product channel, financial institutions must manage potential risks to the financial institution and consumers by ensuring that their risk management programs provide appropriate oversight and control to address the risk areas discussed within this guidance.

What this all means for FSIs is that in the next couple of years, you will have regulators examining your social media risk management programs.  Sure, right now they’ve got plenty to keep them busy – Dodd Frank is only about a third done.  But let’s not forget, there’s a new kid in town, the Consumer Finance Protection Board; in the social media risk area they don’t face a lot of competition from other regulators – what a great place to carve out quickly some new turf. 

CIOs, start working now with your legal counsel and government affairs to draft your comments.  And for Gartner clients, I’d recommend that before you submit the comments, you run them by us.  My colleagues, Stessa Cohen, Carol Rozwell, Andrew Walls, and I who are tracking social compliance and risk management are pleased to talk with you and provide our feedback.

Some Recommended Reading:

Gartner Fellows Interview With Patricia Flynn, Vice President at Fidelity Investments: Managing Social Media Compliance

Social Media Best Practices That Deliver Bank CEO Priorities

Use Gartner’s Social Business Program Maturity Model to Plan Your Next Move

Security Tools for Control of Social Media Usage

 

1 Comment »

Category: compliance public policy Risk Management Social Technology     Tags:

1 response so far ↓