Tag: Big Data

Risk Mitigation for Facebook with Questions for Advertisers/Investors

Privacy Roadmap v2Poor internal controls, political impacts, and lack of data usage transparency at Facebook have elevated privacy concerns for regulators, advertisers, and investors globally. The broad use of social media has desensitized most Americans to the risk of exposing vast amounts of personal information to companies like Facebook and Google. Will this event materially harm Facebook?

Facebook has the technical skills to fix it going forward and will be a much better company if it does so. The problem is the historical data provided to third parties is not recoverable, and there will be regulatory fines and regulation. “Facebook began in 2007 letting outsiders access its ‘social graph’ – the friend connections, interests, and ‘likes’ that links its user base together.  By 2015, Facebook had largely stopped access to users’ friend connections, though political campaigns could still find would-be supporters by buying ads and using Facebook’s targeting tools” (Tau).

I have managed a Privacy function for more than seven years, so I have a road map of activities that Facebook should consider.

1)    Establish an internal Data Governance team for data control, capture consent for data collected, provide transparency for data given to third parties, and improve news/reporting integrity. Most financial institutions have established data owners and data stewards for data governance.

2)    Recognize that all consumers have different privacy expectations varying from indifference to protective. Create a system to capture user’s preference at the data element level and honor each user’s choice.

3)    There are numerous ways of masking personal data: using pseudonyms; encrypting certain sensitive data elements tagged by the user; and aggregating numerous users’ data into an autonomous virtual identity with similar characteristics (NOTE: the old rule of thumb of 10 aggregated individuals with similar behaviors is completely inadequate given today’s Big Data models). Additionally, “Computer Scientists have developed algorithms, sometimes called ‘differential privacy’ that randomizes or modifies data in ways that make them useful for academic research but not for other purposes. Apple has pioneered the use of this tool” (Duan).

4)    Utilize data mining to review partners’ Privacy Notices and ensure that data is used according to the most current and restrictive Privacy Notice policy. Ensure that all contracts have data usage audit requirements or data is stored on a jointly-managed protected server.

5)    Establish computer system requirements with partners that allow Facebook to delete Facebook’s user data on partners’ systems, thereby allowing user data to “be forgotten” as required under the EU General Data Protection Regulation.

6)    Verify that Facebook and third-party developers are adhering to all regulatory requirements. Democratic Sens. Mark Warner of Virginia and Amy Klobuchar of Minnesota are the co-authors of the Honest Ads Act bill that would subject online political ads to the same rules and restrictions as those for TV, radio, and satellite” (Swartz).   Mark Zuckerberg is supportive of the Honest Ads Act.  Facebook is already under investigation by Canada’s privacy commissioner (Seetharaman).

Mr. Zuckerberg and Ms. Sandberg have proactively defined an approach to determine what data has been captured and misused. “In an interview with CNN, a contrite Zuckerberg vowed to mount a ‘full investigation’ of thousands of apps with access to wide swaths of data ‘before we locked down our platform in 2014.’ ‘There will always be bad actors’ trying to misuse the platform, his No. 2 Sheryl Sandberg, told CNBC. ‘We are taking aggressive steps to be more transparent’” (Swartz).

Facebook’s greatest regulatory problem is securing user data collected by data miners and developers in the past to build apps and services. Facebook said it would audit apps that show suspicious patterns on how they pulled data. Developers, who have misused data or refuse to submit to an audit, will be banned from Facebook and their users notified (Seetharaman).

Investor Concerns

“Trillium Asset Management suggested establishing a risk oversight committee at the Board level. The New York State Common Retirement Fund asked Facebook to review and report on ‘the efficacy of its enforcement of its terms of service, related to content policies and assessing the risk posed by content management controversies,’ such as election interference, hate speech, and sexual harassment” (Norton).

These fund managers made solid suggestions, but there are questions that many investors should consider in evaluating these recommendations.

1) Why should we allow dual shares that protect leaders and diminish the role of shareholders and the Board? “Mr. Zuckerberg and insiders control over 60% of the voting rights, owing to Facebook’s dual share class structure” (Norton).

2) Both of these funds are examples of sustainable funds that market their investments within the framework of ESG (Environmental, Social, and Governance). The very nature of Facebook’s lack of social consciousness over the use of its data by political operatives, and the lack of governance over third-party contracts points to governance weakness, especially due diligence, at ESG funds that chose technology as one of their primary investment sectors.

Advertisers Realize that Facebook has a Unique Product

“Facebook was, for a time, exfiltrating massive amounts of data about its users to developers and data miners of every stripe.” Facebook allowed this data access, hoping to build a business-like Apple Inc.’s iPhone App store” (Mims).

Facebook and Google command 63% of the $83 billion digital-ad market in the U.S. Mobile advertising generated more than 86% of Facebook’s $40.7 billion total revenue in 2017” (Swartz).

P&G said it cut its digital-ad budget by $200MM last year. Digital-ads account for a third of P&G’s $7.1 billion ad budget” (Swartz).  However, $200MM is only 2.8% of the budget so how impactful will the reduction be to Facebook or Google? I would argue as a P&G investor that their ads follow established brand loyalty and quality messages but are ineffective against cheaper store brands and innovative competitors that use digital ads more effectively. If you type “P&G” or “Proctor and Gamble” into the Apple Store or Google Play Store, you will see a few consumer apps for products like Pampers, Charmin or Tide laundry service amidst a host of other non-consumer apps. My recommendation for certain advertisers is look carefully at the value provided by Facebook versus subscription services or cross-product loyalty programs tied to consumers’ phone apps rather than providing ad content that Facebook can leverage with competitors on social media response data.

Blog Author Email: bphelan@riskdirector.com

LinkedIn Profile: http://www.linkedin.com/in/bob-phelan

 

References

Duan, Charles, and Weissmann, Shoshana. “How could Facebook Have Been So Careless?” The Wall Street Journal, 26 Mar. 2018.

Mims, Christopher. “Facebook Confronts Identity Crisis.” The Wall Street Journal, 21 Mar. 2018.

Norton, Leslie P. “Facebook Shareholders Force Data Privacy Vote.” Barron’s. 26 Mar. 2018

Seetharaman, Deepa. “Lax Data Policies Haunt Facebook.” The Wall Street Journal, 21 Mar. 2018.

Swartz, Jon. “Facebook under Seige”, Barron’s. 26 Mar. 2018

 

Tau, Byron. “Data Blowback Pummels Facebook.” The Wall Street Journal, 20 Mar. 2018.

Advertisements

Recognizing Diversity and the Evolution of Risk Management

Bob Phelan

Financial Risk / Asset Management / Advisor

One advantage of a long career in one business function is the ability to provide perspective on how the function has evolved. This year, I have taken the time to explore risk management options in different industries, evaluated the risk needs of corporate boards, and identified pricing of risk assets as part of my investment oversight role.

Risk management has improved over the last 15 years by:

1)    Expanding the role of risk management to cover the full spectrum of potential risks

2)    Collaborating with Compliance, Audit, Finance, Human Resources, and the Board

3)    Embraced diversity of leadership within risk management which is providing more opportunities for Women, Minorities, and Veterans

4)    Improving transparency and reporting of risks to all levels of management and the Board

5)    Providing trusted due diligence on new products, M&A activity, and strategic decisions

6)    Building a diverse risk culture with increased communication venues to discuss shareholder goals, customer engagement, employee satisfaction, competitive threats, and social impacts

When I started as a risk manager with Bankers Trust in the late 1980s, we leveraged data and analytics to identify risk drivers, determine P&L volatility (value-at-risk (VaR)), and estimate return on credit and market risk-adjusted capital (RAROC) as a framework for strategic decisioning. Almost every risk manager was quantitatively trained and a programmer. Risk management functions continue to use the latest technology to support profitable business opportunities. At the start of my career, I utilized a Cray Computer and a 3rd Party database of all collateralized mortgage obligations to monitor valuations of arbitrage positions and provide independent risk assessments which gave the firm a competitive advantage. Recently, my teams used text-mining to take action on customer feedback, implemented realtime data updates for transaction processing, controlled targeting using social media data, and leveraged BigData with machine learning models to improve prediction of risk and customer preferences.

Over the past 15 years, Risk Management has expanded its remit with broader assessments within the three main risk categories: credit, market, and operational risk. All have been influenced by regulatory requirements such as Basel and CCAR capital planning, as well as Dodd Frank resolution planning, Volker rule, and numerous other requirements. However, regulatory capital requirements have been hard to rationalize especially for operational risk. That said, risk leaders have engaged in improving operational risk processes and systems as they were trying to lower the risk capital requirements. We have made progress across operational risk by improving processes for 3rd party risk, anti-money laundering & sanctions, regulatory adherence, compliance, technology risk, reputational risk, fraud, cybersecurity, privacy, litigation risk, and human resource risk. The recent coordination with compliance and audit functions eliminates costly redundancy in assessing operations and systems. Due to the integration of risk management with other control functions, risk management teams now come from a variety of backgrounds and diverse cultures that benefits the entire organization.

There are some concerns that accompanied the evolution of Risk Management:

1)    The recent regulatory environment drove the creation of three lines of defense and created a higher cost structure that does not effectively drive risk-balanced decisions with clear accountability. On the positive side, the three lines of defense enhanced regulatory relationships as regulators relied upon the second line of defense to be the internal regulator that supplies analysis to them. The challenge role of the second line of defense can alter first line decisions but has been inefficient because it may: require extra documentation of challenge resolutions, address issues late in a new initiative execution plan, and lack measures of success.

2)    The current risk management environment primarily relies upon regulatory models as they are drivers of firm capital requirements. The regulatory models may increase systematic risk because the regulatory guidelines create similar models across the industry, and they use similar time periods of data to develop the models.

3)    Almost all risk assessments are based on models, historical data and typical risk scenarios impacting company assets, liabilities, and processes. However, there are numerous scenarios that are atypical but are not considered in current risk scenarios. In today’s world, the list of possible risk events is long and the world is unstable. There are competitive threats (Amazon, Fintech, foreign competition from China and India), disruptive technologies ( self-driving cars, automation/robots displacing workers, expanded mobile and digital capabilities), and government/political risks (trade wars, taxes, tariffs, sanctions, Federal Reserve raising short interest rates and impacting segments, Fed reducing its $4.5 trillion balance sheet and raising long interest rates and impacting segments, cybersecurity and impact on the electric grid, financial system, food systems), military risks (war, nuclear incident, impacting various geographic locations), social risks (decline of small business profitability impacting local communities, outsourcing of jobs to low-cost countries, minimum wage issues, moral and political suasion on financial obligations like debt repayment, changes in debt and bankruptcy forgiveness, tax policy implications especially mortgage and interest deductions, and healthcare cost implications).

Risk leaders have an obligation to preserve their firm value and drive profitable growth for the company, employees, customers, and society. There has been great progress and risk management is well-represented across many industries today. Risk leaders must continue to work with senior management and the board to establish a clear risk appetite framework and develop strategies to manage through whatever the future might bring, good or bad, from the unexpected.

 

Broadband is the best choice in Final Four against Facebook, Alphabet, Microsoft #FCC, #FTC,#BigData, #Privacy

Broadband is the best choice in Final Four against Facebook, Alphabet, Microsoft #FCC, #FTC,#BigData, #Privacy

A poem to research the impact of changing referees has on the investments game as the opportunity for high dividends and a higher foothold in BigData Marketing Competition.

 

Wake now! what light through FCC window breaks?
It is Ajit Pai, and broadband is the sun.
Arise, investors, this buffets the FAM* guns,
Who are already sick and pale with grief,
That Pai has made FCC Privacy more fair than FTC:
Be not so quick consumers to judge this win,
Our choice on personal data to 3rd Parties is a sin.
But on a comparison of valued added by data capture,
AT&T, Verizon, and Comcast delivers rapture.
Any investor should immediate consider in the latter,
And none but fools do wait, or else end up sadder.

* FAM = Facebook, Alphabet, Microsoft

 

Reference

McKinnon, John. “Privacy Provision Eases for Telecom” Wall Street Journal, 29 March 2017.

Fintech Eagles Soar with Consumer and Small Business Data

Article Topics:

How is data driving innovation and fueling the Fintech space?

What Risk Managers and Board Directors should worry about?

 

Blog Author Email: bphelan@riskdirector.com

LinkedIn Profile: http://www.linkedin.com/in/bob-phelan

Date: March 5, 2017

 

How is data driving innovation and fueling the Fintech space?

  • The regulatory requirements for financial institutions requires a strict 3rd party control environment for Privacy, Information Security, Compliance Disclosures, and Fair Credit Reporting (Federal Reserve). The Fintech control standard is generally weaker and usually relies upon a customer granting authority to the Fintech company to have access to their bank account data. The Payment Services Directive version 2 (PSD2) in the European Union as well as Dodd-Frank Section 1033 in the USA – allow consumers to access and convey rights to 3rd parties to access their personal and business financial records. Therefore, checking account and other bank financial data can be transferred to Fintech companies to run surveillance and analysis of customer financial data, enabling Automated Clearing House payments, marketing, and credit decisions, which is fueling innovation.
  • Why are the large data sets captured by Fintech companies stirring the strong interest of investors and financial institutions? Simply said, Fintech companies know how to use the social networks, bank, credit bureau, and other 3rd party data better than traditional financial institutions. They have designed improved credit processes delivered through mobile, social networks, and cloud-services using BigData and machine-learning models.
  • What are some examples of outcomes? Fintech has found a way to tap the finite pool of credit-worthy customers with accounts at banks, acquire them cheaply, and offer them a product that is either emotionally or rationally superior. No small feat given that the banks have been doing this for 50+ years. Please see the excerpt below from a letter written by Benjamin Franklin to his daughter that defines behavior of our national symbol, the Bald Eagle, that could be analogous to outcomes mentioned above by Fintech Lending companies. However, there are many other Fintech successes ranging from customer friendly mobile apps and wallets, crowd-sourced funding, peer-to-peer marketplace, and blockchain technology for digital authentication.

 

 

Excerpt from Benjamin Franklin’s Letter to His Daughter

 

“For my own part I wish the Bald Eagle had not been chosen the Representative of our Country. He is a Bird of bad moral Character. He does not get his Living honestly. You may have seen him perched on some dead Tree near the River, where, too lazy to fish for himself, he watches the Labor of the Fishing Hawk; and when that diligent Bird has at length taken a Fish, and is bearing it to his Nest for the Support of his Mate and young Ones, the Bald Eagle pursues him and takes it from him.”

 

“For the Truth, the Turkey is in Comparison a much more respectable Bird, and withal a true original Native of America . . . He is besides, though a little vain & silly, a Bird of Courage, and would not hesitate to attack a Grenadier of the British Guards who should presume to invade his Farm Yard with a red Coat on.”

 

What Risk Managers and Board Directors should worry about?

  • I know that these days it seems that everyone wants less regulation. However, there are core regulatory practices in financial institutions that protect consumers and small businesses as well as the liquidity and sustainable credit worthiness of financial institutions. Financial institutions have built complete acquisition, underwriting, servicing, and collection systems, mostly on legacy platforms, but tested and refined through numerous macroeconomic conditions. They also have MIS that provides evidence of regulatory adherence for compliance, credit, and operational risk. Risk managers should evaluate risks when integrating a Fintech product with their systems. As part of oversight and due diligence, risk assessments should consider relevant risk exposures given the narrow specialization of most Fintech companies. Areas to consider include money laundering, fraud, payment and collection practices, disparate credit treatment/fair lending, truth in lending disclosures, 3rd party management, privacy choices and data sharing, information security, and other operational risks.

 

  • In addition to the usual risks covered above, Consider the following scenarios:
    1. The next economic downturn may be driven by changes in fiscal policy, monetary policy, or regulatory changes creating an unexpected credit impact to certain segments. The following are some examples:
      1. Consider the impact of non-deductibility of interest expense for small businesses. The firms that have low margins and high debt will clearly be at risk. Resellers of wholesale goods are the largest users of short term credit and the most vulnerable to a loss of interest deductions as they already have low margins.  In addition, consider the risk if cash advances are billed as fees and could these fees be recharacterized as interest and non-deductible. Either way, truth in lending will be a focus by the regulators.
      2. Since consumers cannot deduct credit card or loan interest today, a tax law change here may be no impact to consumers. However, watch out as mortgage interest deductions may be cut massively.  I will bet that very few financial institutions or Fintech companies have modeled the scenario where wealthy small business owners with large residential or commercial mortgages may not have enough income to offset the loss of deductions by the forthcoming tax cut. Historical analysis shows that if the small business owner defaults on their mortgage or consumer debt, there is a 70%+ chance their small business will also default.
  • There may be certain segments seriously impacted by a border adjustment tax. There is so much financial uncertainty around retail given the threat from online and potential non-deductible imported cost-of-goods-sold. Can retail produce low margin goods and clothing in the US? Probably not.  And, there is no export offset as most retailers are generally NOT large exporters.
  1. Funding – watch what happens when default rates and interest rates rise at the same time. Funding may dry up for Fintech lending portfolios but not for financial institutions.

 

  1. Valuation of Fintech companies: The aggregate Fintech space consists of over 1000 companies with $105 Billion invested. The current estimated market valuation of the Fintech space is $867 Billion, which is larger than the combined market capitalization of Chase/JPM ($323B), Wells Fargo ($290B), and Bank of America($242B) on February 26, 2017 (Su).  Another interesting sign of potential Fintech exuberance is the success of the LendIt and Fintech Conference in NYC on March 6-7, where there are 20+ main speakers and over 200 speakers for the exhibitors. The number of sponsors of the conference is approximately 83 which is in addition to the exhibitors (LendIt USA 2017).

 

  • Customer engagement happens through good communication, trust, service, financial security, and transparency. The current environment is enamored with technology innovation as evidenced by the large valuation and success of the social networks and technology companies.  The sharing of data across the technology ecosystem can have negative implications in cybersecurity, fraud, and privacy. Certain lending customer segments prefer long-standing business relationships, while millennials and other younger segments prefer the latest mobile technology and instant model-driven decisions that Fintech and leading financial institutions are providing.

 

The amount of data being captured today fuels faster decisions and better targeting, but certain customer segments want more transparency and control of their data in the future of risk management.

Disclosures

This blog reflects personal views, opinions and positions associated with my role in RiskDirector, LLC. and those providing comments on this blog are theirs alone, and do not necessarily reflect the views, opinions or positions of the companies discussed, current or former employer companies, nor of the authors in the works cited. I make no representations as to accuracy, completeness, timeliness, suitability or validity of any information presented and/or commenters on my blogs and will not be liable for any errors, omissions, or delays in this information or any losses, injuries or damages arising from its display or use.

I reserve the right to delete, edit, or alter in any manner I see fit blog entries or comments that in my sole discretion, deem to be obscene, offensive, defamatory, threatening, in violation of trademark, copyright or other laws, of a commercial proprietary nature, or otherwise unacceptable.

 

References

Department of Commerce. 2016 Top Markets Report Financial Technology (n.d.): n. pag. 2016 Top Markets Report Financial Technology. U.S. Department of Commerce, 2016. Web. Feb. 2017. <http://trade.gov/topmarkets/pdf/Financial_Technology_Executive_Summary.pdf&gt;.

Federal Reserve. “Fair Credit Reporting Act.” Consumer Compliance Handbook (2016): FCRA, SourceMedia. Nov. 2016. Web. Feb. 2017. <https://www.federalreserve.gov/boarddocs/supmanual/cch/200611/fcra.pdf&gt;.

“FinTech Landscape.” VB Profiles. Spoke Intelligence, 2017. Web. Feb. 2017. <https://www.vbprofiles.com/markets/fintech-landscape-56fa295534d34989ae001be9&gt;.

Franklin, Benjamin. “Turkey Quotes – The Eagle, Ben Franklin, and the Turkey.” Quotes Famous Quotes – Famous Sayings. WordPress.com, 22 Nov. 2008. Web. Feb. 2017. <https://quotes.wordpress.com/2008/11/22/turkey-quotes-the-eagle-ben-franklin-and-the-turkey/&gt;.

“LendIt USA 2017.” LendIt USA 2017. Lendit Conference LLC, 2017. Web. 03 Mar. 2017. <http://www.lendit.com/usa/2017&gt;.

“Ranking the Top Fintech Companies.” The New York Times. The New York Times, 06 Apr. 2016. Web. Feb. 2017. <https://www.nytimes.com/interactive/2016/04/07/business/dealbook/The-Fintech-Power-Grab.html?_r=0&gt;.

Su, Jean Baptiste. “The Global Fintech Landscape Reaches Over 1000 Companies, $105B In Funding, $867B In Value: Report.” Forbes. Forbes Magazine, 28 Sept. 2016. Web. Feb. 2017. <https://www.forbes.com/sites/jeanbaptiste/2016/09/28/the-global-fintech-landscape-reaches-over-1000-companies-105b-in-funding-867b-in-value-report/#3013f07b26f3&gt;.