Monday23 March 2020 ★ FINANCIAL TIMES 3Risk ManagementFinancial Institutions
W
hen Barclays installed
newsoftware to moni-
tor employees’compu-
ter use earlier this year,
i t w a s h o p i n g f o r
insights intotheir behaviour. Weeks
later, the bankscaled back use of the
system as staff annoyance over moni-
toringspilled into the press, and was
then amplified further in publicby
social media.
Like other banks, insurers and asset
managers, Barclays is having to adapt as
social media plays a bigger role in creat-
ing, and shaping,its public image.
“Control of reputation has been
dragged out of the boardroom and
press releases, and into the pockets of
the smartphone generation,” says
George Beattie, a director at insurance
broker Willis Towers Watson. “It is a
very volatile situation.”Companies in all sectors face similar
concerns, but Sven Klingemann of the
Reputation Institute, which assesses cor-
porate reputations, says the banks are
starting from a challenging position.
“Banking has historically been at the
lower end of the 12 to 15 industries we
cover,” says Mr Klingemann. “The large
banks struggle most with reputation,
while the smaller regional or online
banks tend to do better.”
Threats from social media come in
several forms. ne is internal — as Bar-O
clays discovered, employee dissatisfac-
tion with a new system or policy can eas-
ily leak into the public sphere.
Improper behaviour that spills out
into the open is a similar risk. “The big-
gest risk for the banking industry is
unethical behaviour,” says Mr Klinge-
mann. “[This can include] deceptive
sales practices and inappropriate
behaviour such as harassment, bullying
or discrimination. And if you fire or
punish whistleblowers, it’s not going to
look good.”
Even banks’ own social media and
marketing teams can get it wrong if
they misread the public mood. Chase
Bank in the US discovered this to its cost
last April. Its Twitter team used the
#MondayMotivation hashtag on a tweetthat suggested people should eat out less
and walk rather than taking cabs.
The reaction was swift and wide-
spread. Chase was accused of shaming
poor people and insulting its customers,
with politicians, including former presi-
dential candidate Elizabeth Warren,
weighing in against the bank and Jamie
Dimon, chief executive of its parent
company JPMorgan Chase.
Chase ended the day with a tweet:
“Our #MondayMotivation is to get betterat #MondayMotivation tweets. Thanks
for the feedback Twitter world.”
TD Bank aced a similar storm lastf
year when social media users accused it
of coded racism in an advert referring to
an ethnically diverse Boston neighbour-
hood. The bank laterapologised.
Mr Beattie says banks must be mind-
ful of these pitfallswhen planning cam-
paigns or posts. “Companies are not
ready to deal with crises fuelled by
social media,” he says. “A poorly
thought-through social media campaign
can be more damaging than not doing
anything at all. Testing an idea in social
media in real time can be quite risky.
You need to look at what demographic
you are targeting and what virality
might look like,” he adds.
Not all social media crises are inter-
nally generated. Financial services
companies face an array of outside
voices that could have a reason to
attack their reputation.
“There is state-driven manipulation
of social media to undermine economic
strength. The idea of sowing dissent in
democracies and their brands might be
quite attractive,” says Mr Beattie.
Even pressure groups of more
straightforward kinds can exploit social
media to build support, and financialservices companies need to be ready to
respond appropriately.
Campaigns on climate change are one
example. Banks, insurers and asset
managers are under pressure from
action groups to dissociate themselves
from companies accused of responsibil-
ity for global warming, by refusing to
lend to them, insure them or invest in
them. Groups such as Unfriend Coal,
which campaigns to end insurance
industry involvement in coal mining,
are enthusiastic users of social media.
Yasmin Crowther, a vice-president at
Polecat, which analyses social media
data, says financial services companies
have lagged behind consumer brands
such as Nike and Nestlé.
“[Consumer] organisations are
sophisticated in their understanding of
social media,” she says. Financial serv-
ices companies, however, “have not
been at the cutting edge of understand-
ing it”, she says.
According to Mr Beattie, the first step
for companies is to understand what
information they can access on what is
being said about them, when and
where.
Although this data has only been
around for a couple of years, he adds, it
can generate “astounding insights”.Banks discover antisocial side of social media
Reputation
Financial services
groups were slow to
adapt to online public
image challenges,
writesOliver Ralph
Misjudged: Chase Bank’s tweetas the falling costs of launching large-
scale cyber attacks, the report noted.
Financial services businesses’ vul-
nerability to cyber attacks as beenh
illustrated by a string of high-profile
incidents,including a recent breach
that temporarily paralysed UK-based
payments groupTravelex. Hackers
threatened to sell customer data unless
a ransom was paid (see story, page 4).
Peter Kennedy, head of UK technol-
ogy at consultancy Capco, says cyber
security is the “first question that comes
up” when clients contemplate introduc-
ing new technology, while Mr Ghose
adds that among banks’ most senior
executives “cyber is top of mind in a way
it probably wasn’t 10 years ago”.
The worstcyber attack for banksis
one that compromises customer data,
says Heedon Kang,co-author of the
IMF’s February’s report on cyber risk.
Such breaches “create an erosion of con-
fidence”, he says.
In the aftermath of December’s attack,
Travelex stressed that customer data
was not compromised. US bank Capital
One was less fortunate last year when an
attack ompromised more than 100mc
customers’ data. The alleged perpetra-
tor, a former Amazon Web Services
employee who is accused of accessing
data held on Capital One’s cloud comput-
ing server, will face trial in October.She
pleaded not guilty last September.Banks’ rapid adoption of cloud com-
puting — switching data and computing
power to servers managed by big tech-
nology companies rather than keeping it
in house — has been a mixed blessing.
Cases such Capital One show how the
cloud introduces potential gateways to
banks’ data. Regulators at the Financial
Stability Board voicedconcerns bouta
the concentration risks associated with
having data for hundreds of financial
service institutions mostly spread
across the three biggest cloud providers,
Microsoft, Amazon and Google.
Others say cloud computing improves
resilience. “We believe that moving partContinuedfrompage 1of the activity to the cloud is actually
positive in terms of cyber protection
because usually the capability of the
cloud providers [is better],” says Ales-
sandro Roccati, a senior vice-president
at Moody’s, the rating agency. “[They
can] block attacks more effectively
because they can adapt to the changing
nature of cyber attacks quicker.”
Hacks of data servers have a big
impact on banks and customers but
hacks of individuals’ digital accounts are
far more common. Banks are often not
legally liable if a customer reveals their
passwords and their accounts are
drained, but sometimes offer compensa-
tion to avoid losing customers’ goodwill.
“[Customers] still need a lot of finan-
cial literacy education,” says Mr Ghose.
“It’s not just about old people versus
young people... People just give away
their credentials, they get a phone call
saying you won a prize, there’s a problem
with your ID, you’re in trouble. They
play with your emotions and it’s amazing
how many people [fall for it].”
Banks are using technology to reduce
this risk, by creating more sophisticated
authentication features including facial
and voice recognition, geolocation, and
tools that evaluate how a phone is held
and how keys are pressed.
They also use technology to curb risks
in other parts of their business, including
artificial intelligence tools that monitor
traders’ behaviour (to counter the risk of
rogue trading) and big data techniques
used in underwriting loans.
“We’re seeing our clients take a more
aggressive approach to define their
threats and make sure [they] are miti-
gated by some of the latest and greatest
tools,” says Mr Kennedy of Capco.
Mr Ghose says these efforts to deploy
technology to limit risk could become a
differentiating challenge faced by igb
banks and smaller banks. “Big banks
have bigger tech budgets, if you need to
spend half a billion dollars on
cyber... go and hire government
experts, ex-FBI experts, that’s much
harder [for a smaller bank].”New tech
broadens
scope for
cyber attacks
Chase Bank in the US was
accused of shaming poorpeople and insulting its
customers in a tweetContributors
Robert Armstrong
US finance editorGeorge Hammond
Property reporterBilly Nauman
Producer/reporter, Moral MoneyLaura Noonan
US banking editorOliver Ralph
Insurance correspondentJerry Andrews
Commissioning editorSteven Bird
DesignerEsan Swan
Picture editorFor advertising details, contact:
Ben Tobin, +44 (0) 20 7775 6615
[email protected], or your usual FT
representative.All FT Reports are available on FT.com at
ft.com/reportsFollow us on Twitter: @ftreportsAll editorial content in this report is
produced by the FT.
Our advertisers have no influence over or
prior sight of the articles.001 m+
Capital One
customers’ data
was compromised
in a cyber attack3
largest cloud
providers host
most financial
services dataO
n the southern edge of
Derby, a new manufactur-
ing and innovation district
called Infinity Park is
springing up. The most
striking building isthe iHub, a sleek
innovation centre that opened in 2017.
The curved glass walls and shared
atrium events space emphasise its aim
to promote collaboration among its ten-
ants. The £12m, 45,000 sq ft building
hosts research and technology firms
searching for the next breakthrough in
the aerospace, automotive and rail sec-
tors.
Derby council and central govern-
ment paid for the building to encourage
growth in start ups. Its location in an
Enterprise Zone brings tax breaks, and
free superfast broadband.
Tenants include VRCO, designing a
flying passenger vehicle, Airbus, the
aerospace company, and law firms that
advise industrial companies. It is almost
fully occupied.
It also contains an ‘iLab’ equipped
with 3D printers and software to enable
the rapid prototyping of new products
and services.
Steve Barbour, managing director of
Composite Braiding, which has devel-
oped a lighter, stronger form of compos-
ite material for industry, said: “The
iHubprovides a combination of modern
workshop and office space, ideal for a
manufacturing start-up, with flexible
terms. It is also close to our transporta-
tion and infrastructure target markets.
“The iHub also impresses potential
customers — first impressions do
count.”MARCH 23 2020 Section:Reports Time: 19/3/2020- 17:15 User:jerry.andrews Page Name:RMX3, Part,Page,Edition:RMX, 3, 1