Category: Uncategorized

Risk Mitigation for Facebook with Questions for Advertisers/Investors

Privacy Roadmap v2Poor internal controls, political impacts, and lack of data usage transparency at Facebook have elevated privacy concerns for regulators, advertisers, and investors globally. The broad use of social media has desensitized most Americans to the risk of exposing vast amounts of personal information to companies like Facebook and Google. Will this event materially harm Facebook?

Facebook has the technical skills to fix it going forward and will be a much better company if it does so. The problem is the historical data provided to third parties is not recoverable, and there will be regulatory fines and regulation. “Facebook began in 2007 letting outsiders access its ‘social graph’ – the friend connections, interests, and ‘likes’ that links its user base together.  By 2015, Facebook had largely stopped access to users’ friend connections, though political campaigns could still find would-be supporters by buying ads and using Facebook’s targeting tools” (Tau).

I have managed a Privacy function for more than seven years, so I have a road map of activities that Facebook should consider.

1)    Establish an internal Data Governance team for data control, capture consent for data collected, provide transparency for data given to third parties, and improve news/reporting integrity. Most financial institutions have established data owners and data stewards for data governance.

2)    Recognize that all consumers have different privacy expectations varying from indifference to protective. Create a system to capture user’s preference at the data element level and honor each user’s choice.

3)    There are numerous ways of masking personal data: using pseudonyms; encrypting certain sensitive data elements tagged by the user; and aggregating numerous users’ data into an autonomous virtual identity with similar characteristics (NOTE: the old rule of thumb of 10 aggregated individuals with similar behaviors is completely inadequate given today’s Big Data models). Additionally, “Computer Scientists have developed algorithms, sometimes called ‘differential privacy’ that randomizes or modifies data in ways that make them useful for academic research but not for other purposes. Apple has pioneered the use of this tool” (Duan).

4)    Utilize data mining to review partners’ Privacy Notices and ensure that data is used according to the most current and restrictive Privacy Notice policy. Ensure that all contracts have data usage audit requirements or data is stored on a jointly-managed protected server.

5)    Establish computer system requirements with partners that allow Facebook to delete Facebook’s user data on partners’ systems, thereby allowing user data to “be forgotten” as required under the EU General Data Protection Regulation.

6)    Verify that Facebook and third-party developers are adhering to all regulatory requirements. Democratic Sens. Mark Warner of Virginia and Amy Klobuchar of Minnesota are the co-authors of the Honest Ads Act bill that would subject online political ads to the same rules and restrictions as those for TV, radio, and satellite” (Swartz).   Mark Zuckerberg is supportive of the Honest Ads Act.  Facebook is already under investigation by Canada’s privacy commissioner (Seetharaman).

Mr. Zuckerberg and Ms. Sandberg have proactively defined an approach to determine what data has been captured and misused. “In an interview with CNN, a contrite Zuckerberg vowed to mount a ‘full investigation’ of thousands of apps with access to wide swaths of data ‘before we locked down our platform in 2014.’ ‘There will always be bad actors’ trying to misuse the platform, his No. 2 Sheryl Sandberg, told CNBC. ‘We are taking aggressive steps to be more transparent’” (Swartz).

Facebook’s greatest regulatory problem is securing user data collected by data miners and developers in the past to build apps and services. Facebook said it would audit apps that show suspicious patterns on how they pulled data. Developers, who have misused data or refuse to submit to an audit, will be banned from Facebook and their users notified (Seetharaman).

Investor Concerns

“Trillium Asset Management suggested establishing a risk oversight committee at the Board level. The New York State Common Retirement Fund asked Facebook to review and report on ‘the efficacy of its enforcement of its terms of service, related to content policies and assessing the risk posed by content management controversies,’ such as election interference, hate speech, and sexual harassment” (Norton).

These fund managers made solid suggestions, but there are questions that many investors should consider in evaluating these recommendations.

1) Why should we allow dual shares that protect leaders and diminish the role of shareholders and the Board? “Mr. Zuckerberg and insiders control over 60% of the voting rights, owing to Facebook’s dual share class structure” (Norton).

2) Both of these funds are examples of sustainable funds that market their investments within the framework of ESG (Environmental, Social, and Governance). The very nature of Facebook’s lack of social consciousness over the use of its data by political operatives, and the lack of governance over third-party contracts points to governance weakness, especially due diligence, at ESG funds that chose technology as one of their primary investment sectors.

Advertisers Realize that Facebook has a Unique Product

“Facebook was, for a time, exfiltrating massive amounts of data about its users to developers and data miners of every stripe.” Facebook allowed this data access, hoping to build a business-like Apple Inc.’s iPhone App store” (Mims).

Facebook and Google command 63% of the $83 billion digital-ad market in the U.S. Mobile advertising generated more than 86% of Facebook’s $40.7 billion total revenue in 2017” (Swartz).

P&G said it cut its digital-ad budget by $200MM last year. Digital-ads account for a third of P&G’s $7.1 billion ad budget” (Swartz).  However, $200MM is only 2.8% of the budget so how impactful will the reduction be to Facebook or Google? I would argue as a P&G investor that their ads follow established brand loyalty and quality messages but are ineffective against cheaper store brands and innovative competitors that use digital ads more effectively. If you type “P&G” or “Proctor and Gamble” into the Apple Store or Google Play Store, you will see a few consumer apps for products like Pampers, Charmin or Tide laundry service amidst a host of other non-consumer apps. My recommendation for certain advertisers is look carefully at the value provided by Facebook versus subscription services or cross-product loyalty programs tied to consumers’ phone apps rather than providing ad content that Facebook can leverage with competitors on social media response data.

Blog Author Email: bphelan@riskdirector.com

LinkedIn Profile: http://www.linkedin.com/in/bob-phelan

 

References

Duan, Charles, and Weissmann, Shoshana. “How could Facebook Have Been So Careless?” The Wall Street Journal, 26 Mar. 2018.

Mims, Christopher. “Facebook Confronts Identity Crisis.” The Wall Street Journal, 21 Mar. 2018.

Norton, Leslie P. “Facebook Shareholders Force Data Privacy Vote.” Barron’s. 26 Mar. 2018

Seetharaman, Deepa. “Lax Data Policies Haunt Facebook.” The Wall Street Journal, 21 Mar. 2018.

Swartz, Jon. “Facebook under Seige”, Barron’s. 26 Mar. 2018

 

Tau, Byron. “Data Blowback Pummels Facebook.” The Wall Street Journal, 20 Mar. 2018.

Advertisements

Customer Risk in Cryptocurrency and Florida Payday Lending

There are new risks that might evade detection by the current risk management machine learning models used in financial institutions. I wanted to share some interesting observations that could impact risk in credit card portfolios.
Florida is a state dominated by small business services. All small businesses rely to some degree on credit cards for their payments and working capital. I want to highlight recent changes that could increase credit risk and should be explored by risk management departments of financial institutions.
1) Florida is the only state in the US that changed the law in March 2018 for payday lenders to offset the CFPB rule on interest rates. “The state currently allows loans of up to $500 paid off in a lump sum within 31 days, with annual interest rates often exceeding 300%… To get around the CFPB rule, Florida will permit loans of up to $1,000, to be paid back in installments in 60 days or 90 days. The federal regulation doesn’t generally cover loans lasting 45 days or longer” (Hayashi). The high-interest rate for a longer period could accelerate delinquencies with small businesses and consumers in Florida that are accustomed to payday loans but unaware of the additional interest due.
2) To maintain a home, consumers use a network of small businesses that provide services ranging from lawn care to home repair. My experience is that many of the small business owners are now accepting payment in cryptocurrencies that they say increase their margins (similar to cash payments). In January 2018, Citibank, Chase, Bank of America, and Capital One stopped customers from purchasing cryptocurrencies on their credit cards (Andriotis). Risk management should reassess the debt to payment pattern for the segment of cryptocurrency buyers given the 50% decline in value of their cryptocurrency assets. This risk segment is small for most financial institutions, but preemptive line reductions for heavily indebted customers could help them better manage their finances and avoid default.
3) Given that most financial institutions in 2018 have prohibited cryptocurrency purchases with their credit cards, the risk of a fraudulent merchant activity is reduced for those institutions. However, credit risk remains as numerous posts on the internet explain how to buy cryptocurrencies with PayPal or other payment processors that could enable customers to continue to create credit risk for their financial institution (Martindale).

Blog Author Email: bphelan@riskdirector.com

LinkedIn Profile: http://www.linkedin.com/in/bob-phelan

 

 

References

Hayashi, Yuka. “Florida Gives Payday Lenders a Boost.” The Wall Street Journal, 19 Mar. 2018. Web. 21 Mar. 2018.
https://www.wsj.com/articles/florida-gives-payday-lenders-a-boost-1521503621?mod=searchresults&page=1&pos=1.

Andriotis, AnnaMaria. “Bitcoin Investors Had a Tough Week. Credit Card Companies are about to make it Tougher. ” The Wall Street Journal, 3 Feb. 2018. Web. 21 Mar. 2018. .

Martindale, John. “How to Buy Bitcoin with Paypal.” DigitalTrends.com. 20 Feb. 2018.
Web. 22 Mar. 2018.
https://www.digitaltrends.com/computing/how-to-buy-bitcoin-with-paypal/.