In today’s ever-evolving, increasingly interconnected world, social media has become arguably the primary means through which information is transferred and communicated both to and amongst the masses on a daily basis. While recent social unrest and political tensions have in part exposed some of the negative aspects of these powerful platforms, the fact remains that sites such as Facebook, Instagram, Yelp and others remain havens through which individuals can gather with friends, strangers and companies alike to exchange ideas, voice their opinions, and grow their respective brands. The same holds true for businesses that are now able to engage with their customers at unprecedented levels – as evidenced during the COVID-19 pandemic – while adjusting their business models and daily workflows to better serve their client base. Given the growing societal reliance on new, potent technologies in seemingly every aspect of life in 2021, Jack Dorsey, the CEO of social media staple Twitter, has described social platforms as the new “public square” for the world. As such, the ability to harness the potential of, and manage the possible risks associated with, social media while maintaining compliance with regulatory responsibilities has developed into one of the top concerns for the modern financial and compliance professional. The trend towards social media monitoring across the financial sector has grown in prevalence accordingly.
Loosely defined as the process of identifying and analyzing information relevant to your business across social media platforms, social media monitoring can encompass a rather large scope of online engagement. This can include, but may not be limited to, mentions of your company/brand or that of your competitors and counterparts in the financial sector, identifying trends relevant to the industry, and even testing out varying marketing pitches with the purpose of collecting data and details to both gain a competitive edge and stay on top of compliance requirements. Regulations from government bodies such as the Financial Industry Regulatory Authority (FINRA), the Federal Communications Commission (FCC), and even the Securities and Exchange Commission (SEC) require financial service providers to be responsible for monitoring social media in various forms, including the publishing of both static and interactive content. Given that social media is a dynamic technology, this makes staying up to date with these requirements all the more challenging. And with the risks associated with social media usage for financial institutions encompassing the legal, reputational and operational realms, the consequences for non-compliance can have a significant impact on the future of an entire organization. As such, the Federal Financial Institutions Examination Council (FFIEC) in 2013 published guidelines to assist institutions in remaining compliant with respect to social media. Among the recommendations made by the FFIEC with respect to establishing a thorough risk management program for monitoring of social media are the creation of a clear governance structure specifically catered to meet these demands, having written policies and procedures in place that can be referred back to, enabling a third-party management process and oversight program for continuous monitoring, and reporting metrics made readily available to the appropriate executives. It also goes without saying that the greater an organization’s social media presence, the more comprehensive and detailed said risk management program must be to ensure that all bases are covered with respect to cybersecurity.
A company’s reputation is crucial to the strength of its brand. In today’s society, social media is one of the top ways that a business can create a lasting, positive perception of itself with the general public. If the perception/consumer sentiment surrounding a firm is negative (which can manifest in a number of ways), this can be evidenced in the form of negative engagement received online. From a reputational standpoint, companies must be aware of any negative publicity surrounding them (which is important to monitor at both small and large scales) and determine their relevancy. If proven legitimate, firms must then act as quickly as possible to mend these issues before significant harm is done – making the importance of ongoing monitoring all the more important. The same holds true with eliminating all relevant privacy concerns for consumers, as this too can have a negative impact on not only reputation, but the overall client experience. In addition to these matters, businesses are now paying closer attention to how their own employees – as well as potential hires – represent themselves (and potentially their institution) across their social media profiles. In fact, a 2018 survey from CareerBuilder found that 70% of employers use social media to screen candidates during the hiring process, and about 43% of employers use social media to check on current employees.2 Company’s are actively screening whether their employees, or those on their radar for hiring, are making inappropriate/contentious posts or speaking negatively about their company or those of others in the industry.
They are also examining whether or not these individuals are publicly discussing company business or sharing personal details about their clientele. Again, these are things that need consistent monitoring and subsequent remediation, especially if these individuals make reference to their employment with a specific institution in their respective profiles. Close watch must also be kept on those managing the company’s social media accounts and producing content for blogs, whitepapers and even the direct company webpages. There have been countless incidents where employees have abused their power as an online voice of the company and landed their firms in hot water, alienating portions of the customer base they worked so diligently to establish. There have also been cases where disgruntled employees have decided to publicly air their grievances against their employers and have used social media or their employed positions to purposefully damage their employer’s reputation. Companies need to be aware of these possibilities and have the appropriate systems in place to stay on top of these developments before significant reputational damage is done.
Perhaps the most notable risks with respect to social media however are of the operational variety (i.e. hacking, internal/external fraud, etc.). As evidenced by the now-notorious SolarWinds hack led by Russian operatives that compromised local, state and federal agencies of the United States government, as well as major American tech companies, hacking schemes of increasing sophistication are becoming all the more common and doing more and more damage. Institutions small and large have become equally susceptible to hacking exploits and data breaches when failing to implement necessary safeguards for deterring cybercrime, with criminals searching for all available loopholes to capitalize at the expense of unsuspecting individuals and organizations. Several major social media platforms have experienced attacks affecting the integrity of accounts held by some of their most renowned users (i.e. the 2020 hacks of the Twitter accounts of notable names such as Elon Musk, Barack Obama and Joe Biden amongst countless others). With more and more companies turning to social media to attract and interact with potential clientele, these entities must ensure that their IT departments have the appropriate cybersecurity measures in place to safeguard confidential information. With consistent monitoring of their social media accounts, companies must also make certain that there is little-to-no sensitive data or information associated with said accounts in the event that their defenses are breached by bad actors.
While operational failures can have catastrophic effects on the bottom line for across entities operating across the entire financial spectrum, by no means should legal risks should be discounted. Privacy laws, copyright infringement, harassment, defamation, insider trading, and discrimination are just a few of the sticking points that face the modern financial institution with respect to social media activity. Aside from these issues, financial service providers need also take things a step further to stay compliant with government regulations. To combat shortcomings in this regard, a proactive approach to mitigating risk should be adopted by financial institutions of all sizes. Financial institutions are now required to mitigate risks posed by utilization of third-party vendors. As such, vendor data encryption policies must be fully operational with respect social media applications (as well as email services, direct messaging and chat apps, and video-conferencing services used) and should be consistently monitored as well.
More refined monitoring practices employed by financial institutions should also carry over with respect to managing customers both at the client onboarding phase and throughout the duration of the financial relationship. This helps to ensure that any individuals with active ties to the bank itself are not involved in any readily-apparent illegal or high-risk activities that could lead to repercussions (including possible multi-million dollar financial penalties and sanctions) against the firm itself down the road. While employing new, complex processes can often be a daunting (and costly) undertaking, certain software solutions such as those employed by Global RADAR allow for the automation of these often-overwhelming tasks. This allows firms to stay ahead of the curve with respect to the monitoring of relevant social media activity while staying within their respective budgets without cutting any corners with respect to compliance requirements.
With social media monitoring becoming a necessary element for effective and comprehensive due-diligence with respect to customers, employees, and even company executives, many of America’s most prominent financial institutions are turning to outside sources to better meet these formidable requirements. One of the more prominent companies with respect to this space is ActiveComply, a firm that has aided some of the world’s most respected financial service providers in keeping track of all company affiliated profiles, meeting archival requirements, and ensuring that the online presence of these companies meets and exceeds the requirements set by the latest federal and state financial regulations. ActiveComply offers easily deployable cloud-based solutions for mortgage lenders, banks, and credit unions that allow these entities to engage with social media safely while allowing for the consistent monitoring of identified social media accounts on an ongoing basis — while cutting associated costs and manpower requirements extensively. Solutions such as these are among the most powerful tools available to both compliance and general financial executives in maintaining organizational compliance and overall security, with ActiveComply’s presence likely to become a key component in modern regulatory compliance for decades to come.
As the world continues to move towards widespread technological innovation, the role of maintaining proper due diligence with respect to social media monitoring cannot be understated, and will likely prove a significant hurdle for the modern financial institution if steps are not taken to address this novel playing field in the months to come.
Weekly Roundup
Deutsche Bank Settles Bribery, Spoofing Charges
German multinational investment and financial services firm Deutsche Bank AG recently agreed to pay over $130 million to settle the United States Department of Justice (DOJ) investigation into the bank’s violations of the Foreign Corrupt Practices Act (FCPA). Approximately $7.5 million of the eye-popping total will contribute to the settlement of a separate probe led by the CFTC into a commodities fraud scheme orchestrated by the company. Compliance Week writes that among the allegations brought against one of Germany’s top financial firms, regulators found that “between 2009 and 2016, Deutsche Bank violated the FCPA by paying more than $7 million to business development consultants in China, the United Arab Emirates, and Saudi Arabia.”5 These “consultants” acted as third-party intermediaries to effectively conceal corrupt payments and bribes made to foreign individuals with great political/economic reach, with these kickbacks ultimately allowing Deutsche to secure lucrative business deals in the process. The firm was found to have failed to implement an adequate internal accounting control system with regards to the use of company funds, in addition to deliberately falsifying its records and financial statements to conceal this lengthy scheme.
The bank’s commodities fraud case, which dates back to the period beween 2008-2013, centered on the defrauding of traders on the New York Mercantile Exchange Inc. and Commodity Exchange Inc. A DOJ press release notes that on many occasions, “traders on Deutsche Bank’s precious metals desk in New York, Singapore, and London placed orders to buy and sell precious metals futures contracts with the intent to cancel those orders before execution, including in an attempt to profit by deceiving other market participants through injecting false and misleading information concerning the existence of genuine supply and demand for precious metals futures contracts” – an illicit practice otherwise known as “spoofing.”4 Deutsche Bank ultimately agreed to cooperate with the CFTC, voluntarily disclosing this misconduct and making a number of remediation efforts before agreeing to the reduced $7,530,218 financial penalty.
OFAC Sanctions Saudi & French Banks For Sanctions Violations
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently announced that it had reached a settlement with Saudi Arabian financial institution National Commercial Bank (NCB) over breaches of American sanctions. Compliance Week writes that NCB agreed to pay $653,347 to the Treasury to resolve 13 apparent sanctions violations involving transactions processed by the bank that were ultimately transited through the U.S. financial system on behalf of Sudanese and Syrian companies between 2011 and 2014.1 The transactions in question totaled approximately $5.9 million. NCB reportedly identified the violations upon a company-wide sweep of its compliance programs that commenced in 2011. Under OFAC’s Economic Sanctions Enforcement Guidelines, the base civil monetary penalty amount applicable to the case is $1,814,854. The final agreed-upon amount came secondary to OFAC’s consideration of NCB’s lack of sanctions history to date, the institution’s cooperation in the investigation, and subsequent improvement of their internal controls since these deficiencies were identified.
In a separate settlement agreement announced on January 4th, French financial institution Union de Banques Arabes et Françaises (UBAF) agreed to pay over $8.5 million to the U.S. government to settle as many as 127 violations of Syria-related sanctions. A press release from the Treasury Department notes, “UBAF processed the payments on behalf of sanctioned Syrian financial institutions with the majority of the apparent violations involving UBAF’s processing of internal transfers on behalf of Syrian entities that were followed by corresponding funds transfers through the U.S. financial system.”6
China Sentences Ex-Head of State Asset Management Firm to Death
A Chinese high court recently announced the shocking sentencing of Lai Xiaomin, a former chairman of one of China’s largest state-controlled asset management firms, after the defendant pleaded guilty to a multitude of charges in one of the highest profile financial crime cases seen in the country over the past two decades. According to The Guardian, Xiaomin seriously abused his position of power in “soliciting almost 1.79bn yuan ($276.7m) in bribes over 10 years, a period when he was also acting as a regulator.”3 Lai’s crimes were uncovered following a widespread investigation into political graft and other misconduct that began during President Xi Jinping’s anti-corruption crusade in 2013.
Aside from taking large bribes on a number of occasions, Xiamin was also accused of embezzling more than 25 million yuan in public funds and found guilty of bigamy. Each of the aforementioned crimes ultimately contributed to the rather drastic death sentence Lai is currently facing, one that was levied without a customary two-year reprieve that would have allowed his sentence to be commuted to 25 years to life in prison. Chinese officials have maintained that the sheer scale of the defendant’s crimes legally justified the death penalty. Still, the decision was eye-opening, and will likely act as a major deterrent to future crimes of this variety in both the Chinese public and private sectors.
Citations
- Brasseur, Kyle. “OFAC Fines Saudi Bank for Sudan/Syria Sanctions Violations.” Compliance Week, 29 Dec. 2020.
- CareerBuilder. “More Than Half of Employers Have Found Content on Social Media That Caused Them NOT to Hire a Candidate, According to Recent CareerBuilder Survey.” PR Newswire: News Distribution, Targeting and Monitoring, 9 Aug. 2018.
- Davidson, Helen. “China Sentences Top Banker to Death for Corruption and Bigamy.” The Guardian, Guardian News and Media, 5 Jan. 2021.
- “Deutsche Bank Agrees to Pay over $130 Million to Resolve Foreign Corrupt Practices Act and Fraud Case.” The United States Department of Justice, 8 Jan. 2021.
- Nicodemus, Aaron. “Deutsche Bank to Pay $130M to Settle Bribery, ‘Spoofing’ Charges.” Compliance Week, 8 Jan. 2021,
- “Settlement Agreement between the U.S. Department of the Treasury’s Office of Foreign Assets Control and Union De Banques Arabes Et Françaises.” U.S. Department of the Treasury, 4 Jan. 2020.