11:43 AM
Drilling Down on Social Media Due Diligence for Insurers
Anand Rao, a partner at Chicago-based Diamond Management & Technology Consultants.
Anand Rao: "Insurers wanting to use social media face three primary risks – security risk, privacy risk and regulatory risk. Security risk is not new. Any new channel, whether it is online, email, mobile or social poses security risks with malevolent code that can cripple the site or do things not intended by the original developers. Given the highly “networked” nature of social media sites the problems can spread in a fraction of a time compared to email viruses. These security risks can also lead to private consumer information being passed around posing privacy risks. The recent Facebook incident is just one example in this regard. "In addition to the security and privacy risks the use of social media for insurance and financial service products is further subject to regulatory risks. FINRA has ruled recently that any ‘static’ content that resides in any online property, be it website or social media sites, is to be treated as advertisement subject to the stringent rules of authorization by company personnel. Any interactive content, such as conversations on Facebook are treated as communications and should follow the communications guidelines of being recorded and archived. Any breach of these regulations can prove costly to insurers from a reputation and financial perspective. So it is reasonable that some insurers are more cautious about venturing into Social Media."
I thought these were fair observations, but with regard to FINRA, and by extension potentially other regulators, I recently quoted Ken Hittel, New York Life’s VP, Corporate Internet on FINRA’s regulators recognition of the inevitability of insurers use of social media:
"It's very clear that they recognize the ubiquity of the phenomenon and that it makes no sense to tell companies that they should prohibit social media."
My piece also quoted a FINRA spokesman, who said that it was the body’s intention to "ensure that, as the use of social media sites increases over time, investors were protected ... and firms are able to effectively and appropriately supervise their associated persons' participation in these sites. At the same time, FINRA is seeking to interpret its rules in a flexible manner to allow firms to communicate with clients and investors using this new technology."
With these statements in mind, I asked Anand whether the quotes do not indicate that regulators are likely to work in good faith with insurers as the risks of social media become better understood? What is likely to constitute due diligence, in the regulators’ eyes?
Anand Rao: "FINRA would expect insurers to work in good faith and follow their existing compliance processes and governance with respect to social media. Given the current ruling, the regulators would expect insurers to review, record and monitor interactive content and make it available to regulatory authorities when demanded. In terms of governance, they would expect adequate social media rules and regulations to be in place, staff to be trained appropriately and governance of these to be in place. The regulators in U.K. and U.S. have been moving more towards a principles-based approach where they would expect insurers to have followed the ‘intent’ of the regulations.
“While insurers need to be cautious, the regulations by no means prevent the use of social media. Consumers having ‘conversations’ with each other and the insurer facilitating and participating in these conversations within the appropriate guidelines is still permissible. The insurer has to ensure that there is no implicit or explicit ‘advice’ that is being offered in these forums."
Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio