IDRBT

Design and Development of Social Media Strategies

for Banking Under the Guidance of

Dr. Shakti Mishra

Submitted by:

Avinash Singh Bagri

IIT Delhi

7/16/2013

1

CERTIFICATE

This is to certify that Mr. Avinash Singh Bagri, pursuing Integrated

M.Tech course at Indian Institute Of Technology, Delhi in Mathematics

and Computing has undertaken a project as an intern at IDRBT,

Hyderabad from May 13, 2013 to July 17, 2013.

He was assigned the project “Design and Development of Social

Media Strategies for Banking” under my guidance.

I wish him all the best for all his future endeavours.

Dr. Shakti Mishra

(Project Guide)

Assistant Professor

IDRBT, Hyderabad

2

ACKNOWLEDGMENT

I express my deep sense of gratitude to my Guide Dr. Shakti Mishra, Assistant

Professor, IDRBT for giving me an opportunity to do this project in the

Institute for development and research in Banking Technology and providing

all the support and guidance needed which made me complete the project on

time.

I am thankful to my colleagues who constantly encouraged me for my project

work and guided me all along till the completion of my project work by

providing me all the necessary information.

I am also thankful to IIT Delhi for giving me this golden opportunity to work

in a high-end research institute like IDRBT.

Avinash Singh Bagri M.Tech (4th Year)

IIT Delhi

3

CONTENTS

Introduction 2 Social Media Definition 3

Social Media Tools 5

Applications of Social Media 7

Impact of Social Media 10

Social Media Wheel 11

Social Media Applications for Banks 15 Employee Training and Recruitment 15

Marketing and Sale 20

Consumer Protection 20

Customer Education 25

Transaction Processing 26

Risk Assessment and Security 31 Risk and Security Concerns 32

Risk Assessment 35

Risk Management 36

Legal Issues 37 IT Act 2000 37

The IT (Amendment) Act, 2008 40

Article 66A 41

Social Governance Frame Work 42 Social-Media Policy Development 42

Job of Social-Medial Governance 42

The Importance of Social Media ‘Audit’ 44

10 Essential Elements of Social Media Governance 44

Usage Guidelines 45 Social Media Guidelines laid by Government of India 45

FFIEC Proposes Social Media Guidelines 46

References 48

4

Chapter I

Introduction With the advent of internet the way the things are done have changed drastically in last decade. The growing accessibility of internet to all quarters of society is mirrored everywhere nowadays. It ranges from purchasing soap for domestic use to booking a ticket to travel overseas without even moving your feet. The growth of internet usage has been quite rapid if we compare it to other tools available to us at any point of time. This was not the case when the “Netscape” first introduced “www” to the world but with the entry of Google followed by various other big names like Yahoo, Facebook etc. the popularity of internet has increased drastically. Hence, it would not be wrong if we attribute this growth to the uprising of social media sites. Over the last decade social media has taken giant leaps forward and now has become a part of life of almost every person who puts his hands on computer. There are several type of social media sites like Facebook for connecting and sharing almost all kinds of data, Flickr for sharing photos, LinkedIn for professional connects, then there are many others serving different purposes to various sections of the society across the globe. The growing stature of social media is reflected everywhere in today’s world. The enormous increase in number of users in every facet of the social media has attracted every policy maker across the globe to have social media as one of the delivery channel. The power of social media can be seen by some of the figures show below1: 2/3rd of the global internet population use social networking.

Time spent on social networking is growing at 3X the overall internet rate,

amounting to approximately 10% of all internet time.

1 Nielsen, Global Faces and Networked Faces, 2009

5

Visiting social sites is now the 4th most popular online activity; ahead of the personal email.

There are over 13 million articles available on Wikipedia. 100 million is the number of videos viewed everyday on YouTube. As social media popularity among the people continues to grow, the interaction between clients and investors continues to grow as well. But many banks and financial institutions still struggle to incorporate social media within their organizations. Few banks have established social media strategies, and those that do tend to isolate social engagement to less than a handful of their employees. In the BFSI sector, there are not many banks who have made their presence in social media. In US there are a few banks who have started to interact with customers through such tools but still there are reservations in the think tank of the banks who are either worried about how public pages like Facebook will affect customer security or simply don’t know how to get started in the social media space. It’s not hard to empathize with banks that are struggling with this new form of customer relationship building, branding, and online marketing. Operating in such a highly regulated industry it’s no doubt that many banking executives are struggling with giving up some control over their public image and placing it in the hands of those they serve.

1.1 Social Media Definition Social media is generally termed as the means of interactions among people which allows them to converse, share and exchange information and ideas via internet in virtual communities and networks. Andreas Kaplan and Michael Haenlein define social media as “a group of Internet-based applications that build on the ideological and technological foundations of Web 2.0, and that allow the creation and exchange of user-generated content.” Furthermore, social media depends on mobile and web-based technologies to create highly interactive platforms through which individuals and communities share, co-create, discuss, and modify user-generated content. It introduces

6

substantial and pervasive changes to communication between organizations, communities and individuals. Geocities, created in 1994, was one of the first social media sites. The concept was for users to create their own websites, characterized by one of six "cities" that were known for certain characteristics. In order to understand social medial well, it can be referred as a group of various kinds of online media, which share or carry following attributes2: Participation: Social media allows contributions and feedbacks from every user

who is using the media. It blurs the line between media and audience. Openness: Most social media services are open to participation and feedback.

They feature sharing of information, comments, voting etc. There are hardly any restrictions on accessing and using the available content.

Conversation: In contrary to traditional media which was about "broadcasting"

only, social media is about receiving as well i.e. it’s a two-way conversation media.

Community: An integral feature of the social media is the gradual formation of

communities of like-minded people i.e. an online group of persons having something in common be it their likes, college, company or interests. It allows them to communicate quickly and effectively.

Connectedness: Most types of social media have exploited this phenomenon of

connectedness quite extensively. It is putting links of other social media tools on one page which direct people to other relevant pages but might belong to different social media tool than the existing one. One such typical example becoming extremely popular these days is putting buttons of like which reflects user’s activity on Facebook or Twitter.

2 Antony Mayfield, what is social media?

7

1.2 Social Media Tools

Figure 1 Social Media Tools

Social Media technologies make presence in various forms like magazines, Internet forums, weblogs, microblogging, social blogs, social networking sites, podcasts, wikis, picture sharing platforms etc. Depending upon the wide range of such websites Kaplan and Haenlein distributed social media into six different types:

1.2.1 Social Networks These are the sites which enable people to build personal pages or popularly known as "profiles" and then connect with other people to communicate and share content. It provides its users a platform to build social networks or social relations among people who, for example, share interests, activities, backgrounds, or real-life connections. The biggest names in this type of social media are Facebook, Orkut, MySpace, LinkedIn etc.

Social Media

Tools

Social Network

Blogging and

Micro-blogging Collaborative

Projects

Content

Communities

Virtual World

Podcasts

8

1.2.2 Blogging and Micro-blogging Blogging is another very popular form of social media, a resort of creative minds to pen down their thought in rather sophisticated manner. Blogs are sort of online journals with entries sorted by the date of creation. Examples for such platforms are Blogger, Wordpress etc. Microblogging is a cocktail of social networking with bite-sized blogging where small amounts of content are published online. Twitter is the first name comes up in the mind while referring to microblogging sites.

1.2.3 Collaborative Projects (Wikis) These particular websites are generally informative ones. These websites allow people to add or edit the content about some particular topic and thus providing the information to everyone using the internet. This is pretty much like a shared database with access given to almost everyone. There are many such sites but the most famous one is Wikipedia which is also known as the online encyclopedia and has more than 2 million English language articles to date.

1.2.4 Podcasts A podcast is a type of digital media having a series of video, ePub, PDF or audio radio files that are available through subscription or being downloaded through web syndication or streamed online to a computer or mobile device. The word is a coinage derived from words "broadcast" and "pod" from the success of the iPod, as audio podcasts are often listened to on portable media players.

1.2.5 Content communities Content communities are akin to social networks as one needs to register in a similar way, set up the home page etc. but unlike the social networking sites they are content specific. Within the specific content, there can be various groups focusing on areas of common interest. You can choose to share content with the entire community or just your family and friends. Most content communities are free to join and not specifically aimed at the business community. Those that do encourage business use offer additional benefits and may charge for them. Examples of such sites are YouTube, Dailymotion etc.

1.2.6 Virtual Worlds (Virtual Game World/ Virtual Social World) A virtual world is a social media tool that takes the form of a computer-based simulated environment through which users can interact with one another and use and create objects. As virtual world is quite a vague and inclusive term which generally is divided along a spectrum ranging from:

9

Massively multiplayer online role-playing games (MMORPGs), also called virtual game worlds, where the user playing a specific character is a main feature of the game (World of Warcraft for example).

Massively multiplayer online real-life games (MMORLGs), also called virtual social worlds, where the user can edit and alter their avatar at will, allowing them to play a more dynamic role, or multiple roles (e.g. Second Life).

1.3 Applications of Social Media3 1. Socializing

Easily the most common use of Social Networking sites, and the main reason for them existing in the first place, is for personal reasons. The majority of people using Facebook or Myspace keep to the “social” label. It is used for its original purpose – to keep in touch with friends. This may seem very personal but this can be very useful from banking and financial institutions’ point of view. The idea here which can be exploited by the banks here is the extensive sharing of the information form the users and publicizing their likes and dislikes. By learning these traits of the users the banks can strategise their move to put an impact on the targeted user by providing the application or scheme sharing similar likes as that of the user. This phenomenon has been used widely by big IT names like Google, Facebook and Microsoft. They all learn the likes and dislikes of the users by monitoring their activities and then follow up with the advertisements suited best to the targeted audience on the basis of those like and dislikes. 2. Business – Connecting with Customers

With the rise of Internet Marketing, social media is being embraced by businesses more and more. Innovative ways of utilising these tools by connecting directly with customers are being found. Companies are seeing that the best way to conduct themselves online is to speak to their customers directly using these social networking sites, Twitter being especially useful for this. It increases the reputation of the company, gets them positive reviews and shows that they really care about the customer. It also gives a human face to the large corporation, meaning that customers or potential customers will feel much more comfortable coming back. One such example is utilization of Twitter in assisting customers of Citi Bank following an online fraud. In June 2011, there were several online hacks including that of Citi Bank. Fraudsters hacked into Citibank’s computers, stealing customer’s

3 http://www.blogussion.com/general/uses-social-networking/

10

names, account numbers and contact information. But responding to the several tweets posted by the customers, Citi Bank quickly arrested the slide and assisted the aggrieved parties. This excerpt is from one of the aggrieved customers:4

“The fraudulent charges on my credit card were a result of this data breach. Like many other Citibank victims, I turned to Twitter to relieve some frustration. I composed a tweet about the fraudulent purchases on my credit card, and also mentioned my disappointment with Citibank’s fraud prevention efforts. Ten minutes later, I received a mention from @AskCiti, the official Twitter ID for Citi Customer Service: “@MeghanReilly314, Saw ur tweet re: fraud & I’d like to ensure everything is being handled. Pls DM ur ph# & best time to talk.””

3. Business – Networking

There is also the opportunity for business types to network and expand their business on the social networking platform. This can take many forms, and take bits of each of points 1 and 2. Social media allows consumer opinions to spread like wildfire. Although Twitter

messages must be composed in 140 characters or less, tweets are easily searchable.

Businesses can be followed on twitter by customers, potential customers and even

competitors. By actively monitoring Twitter mentions, brands can quickly respond

to negative comments and reverse their image into a positive one. Message

dispersion via social media can really enhance a brands image and turn unsatisfied

shoppers into loyal customers. Companies have the ability to change an unhappy

customer into a satisfied brand advocate – just like Citibank. Their effective crisis

control demonstrated the importance of businesses to actively monitor their

brand’s reputation via social media.

4. Marketing Another Twitter success story is Dell and their recent Internet Marketing strategy. Their outlet site sells refurbished PCs, and they post details about the newest ones on their Twitter feed. They also post special offers just for Twitter users, and they send information about sales, along with discount vouchers to their Twitter followers. The company has generated $6.5million in revenue from this venture. This shows the power of marketing on Twitter. This sort of strategy works well for e-commerce sites especially as they can market to an already targeted audience.

4 http://www.walkersands.com/Blog/how-brands-can-use-social-media-for-crisis-management/

11

People would not follow the company or Bank if they weren’t interested in what they have to say. It must be looked this way that the strategy works as an add-on to the normal everyday operations and not as a new or the sole manner of marketing for the bank, it should under no circumstances not be considered as a guaranteed winning formula and is probably more inclined towards established brands like Citi or RBS as they are more likely to get enough followers to make it effective in the first place. It would probably not work for the banks which are not as established as others like Rural Banks in India. Social Media Marketing is a trial and error business, so it would be advisable to put into place experiments and do a lot of research before putting all of your eggs into the social media basket. 5. Entertainment/Infotainment Going hand in hand with the ‘social’ element of Social Networking, people sometimes go on purely for entertainment purposes. Myspace is a prime example of this, as many famous artists have been discovered through these sites. Music is a big part but also videos, such as YouTube viral offerings, are easily spread on social networking sites. The newest craze is on Facebook, with all the game applications that have appeared over the last couple of years. The most popular of these is a game called Farmville which has managed to acquire 72.9 MILLION users per month. It is a very popular practice in such social networking sites. So, this is one aspect which can be exploited to benefit of the banks. This may seem little boring for grown-ups but putting some sort of game on such sites which not only entertains the user but also teaches him about the various aspects of the banking can be the boost needed by the banks in this sector. It will draw the interest of few users to begin with but everything on networking sites being contagious will lead to chain reaction and thus will definitely help the banks to find a ground among the internet users.

12

1.4 Impact of Social Media on Customers

Figure 2 Impact of Social Media on Customers

It is very important to know the different usage of Social Networking sites before implementing a Social Media strategy as the impact is very deep as seen in the figure. A wrong move targeting the wrong people could jeopardise an organisation’s online reputation as well as time, effort and money.

Bank Executive

Bank

Online Face to Face

Internet Users

13

1.5Social Media Wheel

Figure 3 Social Media Wheel (Source: Zesty)

In order to understand a Social Media Wheel, we first categorise the available material or tools (varying from general brand name to specific services) into several buckets (brackets) so that we can fit in those tools in these buckets. We do it to simplify the dynamics of social media and make it comprehensive to general users. After categorizing the tools into the buckets we can prioritise form the bucket which is most important to the least one. We need to do so as different companies have different demands and hence may have different set of buckets.

14

Figure 4 Explaining Social Media(Source: Social Media Blog)

Social Networks: In simple terms, social networks represent the systematisation of your network of contacts (be they business or personal). For an organization’s presence in Social networking sites Chase tops the list with 2.9 million. Amex is second with 2.4 million, followed by Barclays with over 930,000 in Facebook5.

Blogs: A blog is a website that contains content that visitors can then comment

on, or contribute to. Blogs are used to enhance the communication channels of an organisation and to humanise a corporate brand. Examples: popular blogging platforms include Wordpress, Blogger etc. As of now there exists no bank which has taken Blogging seriously and launched any sort of campaign through blogging.

Social Media Monitoring: Listening is still the most important activity for any company wanting to harness the social sphere. Social media monitoring has evolved from the useful Google Alerts service into professional tools that monitor an incredible array of information sources. Example: Radian6 and Scout Labs.

5 The Financial Brand

15

Social Bookmarks: Provide a use with the ability to track, share, and organise web based content. It may prove very useful for situations where user wants to recall or use external content. e.g. Del.icio.us and StumbleUpon.

Social Learning: This is a new area that I started researching last month. The

idea behind social learning is creating a learning environment that includes the various communities (internal and external). The core goal is to use technology to help capture informal learning’s/knowledge and then formalise this into the organisation. Examples: Mzinga.

Multi-Media Sharing: This is a bit of a catch-all and refers to services like YouTube, Flickr, iStockPhoto, Google Maps, etc. These services can be used to put content out there for the public to find and consume. Example: YouTube, Google Maps, Flickr etc.

Ratings and User Reviews: A lot of community sites now allow users to rate content or add reviews. A powerful way to tap into the feedback loop. Example: Digg.

Wiki’s: They are the user-friendly tools that allow users to collaborate around

content that might be business processes, project documents, procedures, or sales/marketing content. Examples: Wikipedia.

Live Chat and Micro-Blogging: Live chat has been around for a while and is still highly valued. Micro-blogging is the new black with Twitter dominating much of the public discussion on social media. Examples: Yahoo Chat, Windows Live (both now have video calling), and Twitter. Following are some figures which reflect the presence of banks in Twitter and what kind of response they have gotten so far6: Banks with less than 200 followers: 188 (47%) Banks with more than 1,000 followers: 40 (19.8%) Banks with more than 5,000 followers: 27 (6.8%) Number of people following banks on Twitter: 713,744 (246,334 or 35% of

which are attributed to AmEx, arguably not a retail bank) Average number of followers per bank: 1,784 Mean number of followers: 222 American Express has the most number of followers followed by BofA and Chase.

6 The Financial Brand

16

Social Community: represents the holy grail of social media and social business design. Social communities involve the coordinated use of the other 9 categories of social media. Social communities are a key way to develop sustainable competitive advantage. Examples: Awareness Networks, Ingage, Jive etc.

1.5.1 Using the information: The goal behind creating these buckets is to understand the likes and needs of the user and prioritise how and where the business should be focused.

The first step is to help them understand that whatever product, tool or service they hear about, it will fit into one of these buckets.

The second step is to then work with the industry to understand each bucket

and the relevance of this bucket to their business

The third step is to use those buckets that are identified as most relevant to start building a social media strategy.

17

Chapter II

Social Media Applications for Banks

2.1 Employee Training and Recruitment Employment exchanges, recruitment consultancies and classified advertisements have become things of the past now. The majority of HR managers today look towards the internet believing that social media platform is more effective recruitment tool with a more direct and focused approach in contemporary technologically-advanced era. Recruitment and subsequent employee training through social media is becoming an effective way to make direct connections to savvy individuals and attract employees that fit with the required company culture and core values. It is often referred as Social Recruiting. Social recruiting is a contested term which refers to the intersection of recruitment and the embryonic field of social media. There are several other terms used frequently, signifying the same, like social hiring, social recruitment and social media recruitment. The most popular Social Media sites used for recruiting are LinkedIn, Facebook, Twitter, Viadeo, XING, Google+ and BranchOut. Networking sites are affecting the way that organizations manage their talent in several ways:

Firstly, organizations today are able to reach out prospective employees and communicate to them in better and easier way, while building their employer branding.

Secondly, they are also able to create a linkage with their own employees.

Thirdly, networking sites have become channels to observe and listen what others are saying about the organization.

Lastly, it is also helping organizations to manage their alumni networks more

efficiently. Following are the excerpts of few HRs from reputed firms on how social media has helped and enhanced the process of recruiting7: Avadhesh Dixit, head HR, CMC Ltd, says, “We are targeting 20%-25% hiring through various internet-based platforms, which include professional networks like LinkedIn, the career page on our website etc.”

7 Companies now hiring through social media

18

Subrat Chakravarty, head HR, business services, HCL Technologies says, “Social media, comprising Facebook, Twitter, LinkedIn, etc. is the fastest growing communication platform in the world. It has become a way of life for millions of youth across the globe who want to remain connected to things that matter irrespective of location.” Job portals like naukri.com, monster.com in India have brought about a revolution in the recruitment process. The difference between a networking site and a job portal is fundamentally the following8:

The intent for people to register to these sites is different from the intent to register in a job portal. A person that registers in a job portal is looking for a job versus a person that registers in a professional networking site might or might not be interested in changing jobs.

Because of policies of privacy and anti-spam the access to individual information is limited. Companies cannot access a mass audience in one go, limiting the scope of recruitment through professional networking sites.

Thirdly, the pricing to access to individual information is also very different.

The consequences of these differences are that the recruiter using professional networking sites has no control over who would or would not be interested to hear about a job opening. Productivity and control of the process is lower and it is more expensive.

2.1.1 Do’s9 and Don’t’s

Targeting the Right Social Sites The social media space is vast, with new platforms, like Pinterest or Highlight, launching regularly. For companies willing to engage, just being present is not enough. It is imperative to think as a unique employer brand. Instead of simply latching on to the rise of Facebook, LinkedIn, Twitter or YouTube, a little target marketing is required. Regularly published figures on social network traffic are a good place to start. For instance, LinkedIn is the best site to reach executives experienced in international business; while for a younger and less highly-qualified target group, as well as localized recruiting in distribution or industry, Facebook would be a better option. We can find the statistical distribution among various sites in following table.

8 Role of networking sites in recruitment and talent management 9 Recruiting Through Social Media

19

Figure 5 Table representing most used sites for recruitment

The table shows the statistical figures of social networking sites used by various organizations to recruit employees. One of the best ways to connect with candidates with specific skills is to tap into “interest groups” or professional communities. Whether as a group within a big social network, or completely independent, they bring together experts with experience in a certain sector or with specific know-how. These represent ‘niche’ social networks. In the United States, they exist for a wide range of career groups, from federal employees to healthcare workers. Similarly, certain niches are geographical, for example Viadeo in France, Xing in Germany, Orkut in Brazil.

Developing Own Community Depending upon capabilities, skillset, job market, existing interest groups are limited sources of quality candidates. But banks can attract target potential employees by developing their own communities. A specialized blog, a collaborative forum or a job information site can offer an authentic place to exchange opinions and share experience. To be visible online, these community forums must make it easy for interested visitors to find them: optimizing search engine visibility, using relevant keywords, and creating links from the corporate site and career websites and the company’s page on Facebook, Twitter or LinkedIn. The point is not to advertise vacancies. It is all about being proactive, engaging potential candidates in dialog early on and forming a talent pool with an eye on positions that might not even exist yet.

20

Employees Get Social Methods to enhance a company’s image online are gradually emerging. Activities do not need to rely on recruitment experts or HR departments alone, but can also engage existing employees to create momentum on social sites. Employees with access to social networks are in an ideal position to act as ambassadors for their company. It may even be in their own professional interests. Terry Terhark, a recruitment industry expert at The RightThing®, an ADP company, often tells clients that one of the best ways to start engaging employees as company ambassadors is to “identify key individuals that get the objective of the brand, are socially savvy and can provide the passion and personality that can help enhance your employment image.” As Terry notes, “Keep in mind that there is no standard method for finding the right people, and look across all departments and positions to maximize results.” It’s also important to create a firm set of guidelines to help employees keep the message consistent, factually accurate, and appropriate. Ensure employees are properly trained before giving them the official “green light” to represent the company and track and monitor activity. From there, establish an on-going dialogue to help feed key messages and gather feedback on a regular basis.

New HR roles The employer brand is everyone’s business. Clearly, using social media pushes boundaries and creates new roles for HR teams. In particular, it is up to them to choose which social media platforms they want to use and to create optimal conditions for a sustained, dynamic online representation of the company and its employer brand. Naturally, the results of a company’s “digital” strategy must be measured. Consultants agree on the need to take time to set it up and make minor readjustments before rushing into using indicators. Yet once a strategy has been in place for a while, the number of spontaneous applications sent in by people who have discovered the employer’s brand online or were attracted by it, is a sure sign of social recruitment success.

The pitfalls and challenges Fake profiles, spammed inboxes and legal complications are cons of social media recruitment. The biggest challenge is constant monitoring and evaluation of responses and feedback from the customers, fans and followers. It needs the bank to be little pro-active and respond to any query or comments in real time. Social media is a long-term commitment and new HR managers are expected to have the requisite technical competence. Its little difficult but they need to launch targeted campaigns and keep the candidates engaged. The main challenge lies in finding the

21

authentic and best out of the vast information present on social networks which could be helpful for the bank/organization. On similar tracks social media channels can be very effective as well. While talking about social media and employee training in the same sentence we must keep one thing in mind, it’s not only training employees via social media but training employees to behave in social media while representing the firm. So it becomes increasingly important for the organizations, banks in our case to have social media policy which would lay down some guidelines for the employees to behave in a certain manner online. Apart from this banks can use tools like content communities which include YouTube, Dailymotion etc. to train their employees. These days availability of space is becoming an issue for the industries so they tend to minimize the usage of such infrastructure which could hamper their growth in other ways. Hence, it’s the need of the hour to switch to such solutions to tackle the space and infrastructure issues. Setting up a workspace for certain number of employees is one thing but with every passing day he number is going to expand, so to train them and make them more efficient in the way the firm wants them e-learning or e-training is one solution. It could be done using Skype or giving lectures via uploading videos on YouTube.

Source: D.K. Neely

22

2.2 Marketing and Sale Marketing is the process of communicating the value of a product or service to customers, for the purpose of selling the product or service. It is a critical business function for attracting customers. From a societal point of view, marketing is the link between a society’s material requirements and its economic patterns of response. Marketing satisfies these needs and wants through exchange processes and building long term relationships. It is the process of communicating the value of a product or service through positioning to customers. Marketing can be looked at as an organizational function and a set of processes for creating, delivering and communicating value to customers, and managing customer relationships in ways that also benefit the organisation and its shareholders. Marketing is the science of choosing target markets through market analysis and market segmentation, as well as understanding consumer buying behavior and providing superior customer value.

2.3 Consumer Protection 10Considering that the vast majority of consumers simply click through the legal agreements to get to the applications on a website, there is no real downside to companies spending a little time and money to ensure that their privacy policy, terms of use and other legal agreements reflect their current practices. Similarly, updating these agreements should be a routine part of changing how the company is collecting and using information from its users. It should be coordinated between marketing, IT and legal with each checking off on the updates being accurate. And, finally, the website should clearly indicate that the privacy policy and/or agreements have been updated so users have the option to review any changes. If experience is any indicator, virtually all users will continue to visit the website notwithstanding the updated policy or agreements.

2.3.1 Do’s and Don’t’s Ensure that the published policies on their websites for terms of use and

privacy reflect what information the businesses are collecting from consumers, and that the disclosures are clearly stated without unnecessary and lengthy legalese;

Examine how the businesses are using personal information or anticipate using it, and that these uses are being fully disclosed to consumers;

Take reasonable measures to safeguard consumer information. Because of the risks of cyber-hacking, it is also worthwhile to conduct an audit on how

10 Social Media Law Blog

23

consumer information is being safeguarded, and what information is being stored and for how long a period. The FTC settled a complaint against Twitter for its alleged failure to take reasonable safeguards to protect users' accounts against hackers.

Apps should not ask for the more information then what actually they

require.

Since, banks carry high reputation and work on the confidence of the customer only hence the apps shall not breach the code they agree to abide by with the customer. For example if in Facebook they tell users that they could restrict sharing of data to limited audiences – for example, with "Friends Only" then it should not allow their information being shared with the third-party applications their friends used.

Banks must not share customer’s personal information with advertisers.

2.3.2 Cross Selling Cross-selling is simply selling additional banking services to existing customers. Cross-selling is really cross-helping. It gives the customer-contact employees the satisfaction of recognizing customers' needs and meeting those needs with a useful product or service. Research statistics demonstrate that the average customer uses less than two services from any one depository institution. That same customer may use anywhere from two to six different financial institutions in the same community. Seventy percent of all customers share their banking needs with more than one financial institution. These customers may not be using more than one or two products or services from same financial institution simply because no one has asked them. The odds of keeping a customer with same financial institution increase in direct proportion to the number of the services from same institution they use.

2.3.2.1 Why cross-selling is so critical It’s cheaper than acquisition. It’s 8-10 times more costly to acquire new customers than to sell additional products to ones you already have. Plus, cross-selling is also a safe and stable way to generate core deposits, compared to more expensive liquidity options.

It improves retention: On average, a customer with just one product at a bank will stay with the institution for about 18 months. By adding just one more product, it may be extended to four years. At three products, that relationship will last an average of 6.8 years.

24

It increases wallet share: Community banks typically hold 35-50 percent of a customer’s wallet share. That’s how much of the customer’s assets; including checking, savings, money-market accounts, and such are held at the same institution. Cross-selling may increase the investment and thereby increase the share for the banks.

It broadens the profit base: A significant feat, since only 1-2 percent of a

bank’s customers usually account for almost all its profitability. Clearly, a lot of customers add very little to bank’s bottom line. Cross-selling can bring diversity and strength to the group you rely on the most

2.3.2.2 Steps to Effective Cross-selling Know what current customers are like: using household segmentation Measure what they’ve already bought: so the bank can quantify it’s prospects Determine best targets: identifying opportunities at each branch Set realistic sales goals for each branch: based on averages for the franchise

as a whole Go for the gold: leveraging the right resources to meet expected $ return

2.3.3 KYC Usage KYC is an acronym for “Know your Customer”, a term used for customer identification process. It involves making reasonable efforts to determine true identity and beneficial ownership of accounts, source of funds, the nature of customer’s business, reasonableness of operations in the account in relation to the customer’s business, etc which in turn helps the banks to manage their risks prudently. The objective of the KYC guidelines is to prevent banks being used, intentionally or unintentionally by criminal elements for money laundering. KYC has two components - Identity and Address. While identity remains the same, the address may change and hence the banks are required to periodically update their records. Know your customer policies are becoming increasingly important globally to prevent identity theft, financial fraud, money laundering and terrorist financing. Related procedures also enable banks to know or understand their customers, and their financial dealings better. This helps them manage their risks prudently. Banks usually frame their KYC policies incorporating the following four key elements:

Customer Acceptance Policy Customer Identification Procedures Monitoring of Transactions Risk management

25

Figure 6 How to Pass KYC Hurdle (Source: Mint Research)

2.3.4 Cards Most Bank Cards are Chip and PIN Cards. To use them you will need the correct PIN. Each card has a different PIN - a secret number just for the customer. If one finds it difficult to use or remember a PIN, he can ask his Bank for a Chip and Signature Card instead.

2.3.4.1 Different Types of Bank Card Cash Card If one has a Cash Card, he can only take out money from a cash machine, and only as much as he has in his Bank Account.

Debit Card With a Debit Card one can take out money from a cash machine, can use it to pay for things such as online shopping or ticket booking etc. He can use the amount available in his account only.

26

Credit Card A Credit Card is a Bank Card with which one can purchase items without actually paying for them at that moment. It’s like owing money to the bank which is to be paid back to the bank by the user within some specified time period.

2.3.4 Loans The act of giving money, property or other material goods to another party in exchange for future repayment of the principal amount along with interest or other finance charges. A loan may be for a specific, one-time amount or can be available as open-ended credit up to a specified ceiling amount. The terms of a standardized loan are formally presented (usually in writing) to each party in the transaction before any money or property changes hands. If a lender requires any collateral, this will be stipulated in the loan documents as well. Most loans also have legal stipulations regarding the maximum amount of interest that can be charged, as well as other covenants such as the length of time before repayment is required. Loans can come from individuals, corporations, financial institutions and governments. They are a way to grow the overall money supply in an economy as well as open up competition, introduce new products and expand business operations. Loans are a primary source of revenue for many financial institutions such as banks, as well as some retailers through the use of credit facilities.

2.3.4.1 Types of Loans 2.3.4.1.1 Open-Ended and Closed-Ended Loans

Open-ended loans are loans that you can borrow over and over. Credit cards and lines of credit are the most common types of open-ended loans. With both of these loans, one gets a credit limit that he can purchase against. Each time he makes a purchase, his available credit decreases. As he makes payments, his available increases allowing him to use the same credit over and over. Closed-ended loans cannot be borrowed once they’ve been repaid. As you make payments on closed-ended loans, the balance of the loan goes down. However, you don’t have any available credit you can use on closed-ended loans. Instead, if you need to borrow more money, you’d have to apply for another loan. Common types of closed-ended loans include mortgage loans, auto loans, and student loans.

2.3.4.1.2 Secured and Unsecured Loans

Secured loans are loans that rely on an asset as collateral for the loan. In the event of loan default, the lender can take possession of the asset and use it to cover the loan. Interests’ rates for secured loans may be lower than those for

27

unsecured loans. The asset may need to be appraised before you can borrow a secured loan. Unsecured loans don’t have asset for collateral. These loans may be more difficult to get and have higher interest rates. Unsecured loans rely solely on your credit history and your income to qualify you for the loan. If you default on an unsecured loan, the lender has to exhaust collection options including debt collectors and lawsuit to recover the loan.

2.3.4.1.3 Conventional Loans

When it comes to mortgage loans, another term “conventional loan” is often used. Conventional loans are those that aren’t insured by a government agency like the Federal Housing Administration (FHA), Rural Housing Service (RHS), or the Veterans Administration (VA). Conventional loans may be conforming, meaning they follow the guidelines set forth by Fannie Mae and Freddie Mac. Non-conforming loans don’t meet Fannie and Freddie qualifications.

2.4 Customer Education As talked earlier, social media is different from the traditional media because unlike later it has many dimensions. Social Media works both ways, sending and receiving. So far we have been talking about what Banks and other financial institutions can take from Social Media but in the form of customer education they can give something to customers which will ultimately help their own growth. These days attacks on websites, attempts to hack them, bombard the customers with phishing mails, posting infected links in disguise are increasing rapidly, hence it has become very important to keep customers on their toes to avoid such kind of attacks. With the social media not only we can keep them informed and updated about the latest attacks and tricks but we can impart more knowledge. Banks having a presence on social media can easily teach them about the products and services of their institutions. Everybody is not aware of the services banks provide, which vary with banks, but using social media channels banks can publicize the services and also educate customers thus encourage them to subscribe those services. There are various social media tools; blogs, microblogs like Twiter, content communities like YouTube where banks can put up the information in detail and make it more convenient for the public. They can convey their thoughts and required pre-requisites through these channels and make customer feel comfortable which will eventually help in increasing the business by significant margin.

28

2.5 Transaction Processing The use of social media is not the only Internet business evolution, online financial transactions have revolutionized the way companies collect money and pay bills. Long gone are the days of hoarding checks until you have enough to warrant a trip to your local bank. Transactions through social media are becoming more and more common gradually. Customers can now pay for just about anything online or on a mobile device. The payments made through social media channels are commonly referred as Social Payments. In perhaps the biggest step in this direction in Indian Banking ICICI announced that it is working towards allowing its customers to make transactions through social networking site Facebook. Third largest lender ICICI Bank on Monday said it is working towards allowing its customers to make transactions through social networking site Facebook. In a report11 published in DNA in September 2012, bank’s CTO Mr. MK Jain was quoted saying, "It would be premature to say anything on this now. But we are working on that (allowing transactions through Facebook). Over a period of time, say next few months or so, you will hear some news about it." Apart from that PayPal has unveiled a Facebook app that lets you send money to friends. The app, simply titled SendMoney, is just as straightforward as its name. You have the choice to send either an e-card with money or just money with no card. You select a card, choose a friend to send it to and then select how much money to send.

Figure 7 Paypal's fb app (Source: Mashable)

11 DNA

29

Transaction Processing engulfs online transactions; it could be online payment for some sort of shopping or ticket booking or may be fund transfers and complaints on public fora and their remedies.

2.5.1 Complaint Handling Social media can amplify the bank's message. It can also do the same for the customers when they have some issue with the bank. Ivar Kroghrud, CEO of the social customer relationship management (CRM) firm Questback, in an interview said "Social media can be used for many things, and one of them is customer complaints or negative feedback about your company."12

2.5.1.1 Do’s & Don’t’s13 Do not delete negative comments

It will only aggravate the commenter, or move the conversation elsewhere. Deleting things on the internet is an illusion anyway, and will bring into question the bank’s integrity to not only the complainer, but all other followers. Do block users who abuse the site, and remove inappropriate comments (i.e., racist, derogatory, pornographic, etc.), ones that are too far off-topic, or just trying to use the page to sell a product or service.

Decide Who You're Going To Respond To--And Who You Can Ignore As part of that plan, lay out the approach for the types of people and messages which can be addressed online. Then determine the criteria for queries to be ignored. Trying to chase down every single bit of chatter is probably not an efficient strategy; the ignorance-is-bliss approach won't work out well, either. Some companies use Klout or other tools to assess what kind of online influence the unsatisfied consumer wields before responding. Some use sentiment analysis and other metrics to guide their decision-making.

Respond to each complaint in the public stream The culture of social media demands that you are addressing the issue. That doesn’t mean you have to discuss every detail in public. So tweet or comment back and say something like “please e-mail me more info” or “looking forward to helping you. Can you DM/message me more?” Also when it’s resolved, tweet that back as well. Try “Thanks so much for letting us know. I hope the issue has been resolved for you?” Follow up is the key here. If it’s on Facebook, make sure the reply is on the original stream where the complaint was written.

12 International Week SMB 13 Pennstate College

30

Don’t delay Word travels swiftly on social networks, so respond quickly, particularly during a crisis. A slow response can damage a company’s reputation. Delay here means keep ignoring or not replying to complain for some considerable amount of hours. An aggrieved person expects swift reply even if the solution cannot be delivered instantaneously but mere confidence of thing will be taken care of quickly does a lot of good to the bank’s reputation.

Deal delicately with People While replying to complaints online one must keep one thing in mind that they are still dealing with a person. The confrontation may not be usual like a telephonic call or face to face but it still deserves same kind of attention.

Move Irate Customers To A Different Channel The public nature of many social platforms adds pressure to negative social interactions. The official pages of organizations themselves only complicate the matter. Consider offering particularly upset customers the chance to address their issues in a different forum, such as a phone call, email, or feedback survey. Just don't make it inconvenient or difficult to do so. Otherwise, one might be making a tough situation worse.

Consider another avenue for complaints Chances are the customer is not seeking to defame the organization on the social sites. They just want to vent out their frustration and ultimately seek the organization’s attention towards the issue. So it’s important for the organizations to make sure they publicize other options for customers to converse. Then follow through and get back to the customer quickly.

2.5.2 Funds Transfer

2.5.2.3 Case Studies:

Alior Bank

Alior Bank14 launched Alior Sync, Poland’s first digital bank and branch complete with virtual branches, mobile apps, Facebook payments, personal finance management tools and an ‘entertainment area’. Following the footsteps of New Zealand’s ASB Bank, which has a virtual branch on Facebook, the digital branch is targeting a younger, digitally-savvy generation. The advantages of such branch are:

Available anytime, anywhere

14 Sales Force Marketing Cloud

31

The site enables customers to engage and carry-out transactions with employees through video, audio or text chat. In addition to regular banking features, Android and iOS mobile apps have also been developed for Alior Sync to enable customers to check their finances, transfer funds and pay bills using their handsets’ cameras.

Transfer money through Facebook Alior Sync also enables customers to transfer money directly to friends through Facebook photos without having to leave the page. The transactions are authorized using one-time codes, and PayPal payments can also be made via e-mails and four billion zloty in deposits within four years. The only requirement of the transaction is that the recipient has to use the same application, and then money can be transferred to any bank account in Poland. The safety of the Facebook money transfer is protected by captcha and a one-time transaction signing SMS password.

Innovative social media campaigns Alior Sync has an entertainment area where customers can watch films, listen to music and play games. Users can also get discount deals, and free movie tickets by recommending the bank on Facebook.

Azimo

Azimo15 is a new money transfer app that removes the need to physically queue at a bank or Western Union desk. It is also the first money transfer service that integrates social media, enabling you to transfer money directly to Facebook friends. Using Azimo to send money via Facebook works as follows: The sender invites their intended recipient to sign up to Azimo via an automatically sent Facebook message. The recipient then logs into Azimo’s Facebook app and fills out their details, including where they want the money sent to, which could be one of the 150,000 payout desks in the 125 countries supported, a mobile phone ‘top up’, or a bank account. And since the recipient fills out that crucial information, those details are kept hidden from the sender, while the company claims that less mistakes are likely, too.

15 Watch My Wallet

Source: TechChurch

32

Azimo at a Glance - The Money Saving Money Transfer App No commission fees Fewer middle men means lower admin fees of around 2 percent No bank account required Quicker than bank or wire transfer Social media integration 10 percent of Azimo profits go to charity Available 24 hours a day Minimum £50 transfer Transfer to over 150,000 global locations 128-bit encryption and physical security FSA registered

33

Chapter III

Risk Assessment and Security The use of social media brings many risks to the enterprise. One common attribute of Web 2.0 and the social media is the user generated content. Any website that allows a visitor to post content makes the organisation vulnerable to such risks. Although there are many social media sites and they have incorporated features to counter those risks but it’s still not foolproof. With the rapid increase in use of social media tools, the companies ought to be at par with tools to tackle the associated risks growing at even faster rate. According to a September 2011 survey, 63% respondents indicated “that employee use of social media puts their organization’s security at risk” while 29% “say they have the necessary security controls in place to mitigate or reduce the risk” (Ponemon Institute, 2011). In another study 49% of executives surveyed said that they feel that the use of social media could damage company reputation, yet in that study “only one in three companies addressed those concerns” (PRNewswire, 2009). These two studies indicate that social media poses a substantial risk to the organization but the risk itself is not being adequately addressed. For these types of risks the organization has less control because they do not own, manage or controlled the systems involved.

Figure 8 Risk Assessment Chart (Source: ISACA)

34

3.1 Risks and Security Concerns Many consultancies around the globe along with the FFIEC (Federal Financial Institutions Examination Council) have cautioned banks of the risks involved in engaging customers in social media. For example, if a bank uses social media to market products or originate new accounts, it must make sure all its communications are in accordance with existing laws. The risks which a bank or an organisation must take into consideration before entering into social media are categorised in three main forms16:

Reputational Risk Legal Risk Operational Risk

Figure 9 Types of RisksReputational Risk

16 Social Media: The Business Benefits May Be Enormous, But Can the Risks-- Reputational, Legal, Operational -- Be Mitigated?

35

3.1.1 Legal The legal risks associated with social media should be carefully considered prior to engaging in a social media strategy. The main risks include: employment, privacy, security, intellectual property and media risks. Business managers who want to implement a social media legal strategy should consult with inside and outside counsel who understand information technology law. While these legal risks can be significant, with forethought and planning, they can be managed. In this part of the paper, we will provide an overview of the key risks. The following are some common situations in which social media can be the occasion for legal action:

31.1.1 Employment Risks: Now-a-days companies have got accustomed to practice of investigating potential and existing employees through social media. According to The Allentown Morning Call, “Seventy percent of recruiters and hiring managers in the United States have rejected an applicant based on information they found online. In total, nearly one in five companies has disciplined or fired an employee for social media misdeeds.” There have been myriad instances where employment of a person has been affected by the information collected from his social networking. This kind of practice has been under legal scrutiny because of the adverse effects it carries and the risks associated with it are high at times.

3.1.1.2 Security Risks: Social media sites pose potentially increased security risks, and if a security breach arises from social media activities, the organization may face liability. Security breaches may occur because of malware downloaded onto an organization’s website through the use of social media. This can happen when an employee downloads an application, or is a victim of “phishing” or “click-jacking” 20 on a social media site while using a company computer. If the organization’s social media-related security policies, procedures, and technical safeguards are inadequate, it may be held liable for a breach arising from the surreptitiously acquired malware. In addition, social engineering within social media sites, as well as “spoofed” social media profiles or pages, provide other points of entry for attackers and pose more legal risks for organizations.

3.1.1.3 Intellectual Property and Media Risks: PR News warns, “Make sure your social media team understands what they can and can’t do with the intellectual property of others. If your employees post or re-post information [belonging to others] without permission, this can lead to infringement claims against your company.” It could also result in potential contractual breach claims, if the intellectual property belongs to an existing client. Companies may be held directly liable for hosting material on their website. Furthermore, employee discussions on social media sites could disclose third-party trade secrets that the company is legally required to protect, and that can lead to misappropriation and

36

other contractual and tort claims. Companies are generally legally responsible for any financial statements on social media sites made by them, or on their behalf, through the antifraud provisions of securities laws. Employees who praise or promote their organization’s products and services may create legal liability. It may be regarded, positive statements by employees (when their relationship to the company has not been revealed), as “improper advertising.”

3.1.1.4 Defamation Risks: Defamation is yet another common claim that may result from social media activities, and companies need to be aware that they face potential liability for defamatory statements made by their employees about competitors, and for defamatory statements made by the public on the companies’ third-party social networking pages.

3.1.1.5 Privacy Risks: Companies may have an obligation to protect the privacy of members of the public who join their social networking pages on third-party sites, or who provide personal information through social media sites – just as they do, in many cases, when the public provides personal information on the company’s own website. For example, not only do companies need to guard against violating the Children’s Online Privacy Protection Act (COPPA in US), they need to conform to the privacy regulations and terms of use of those third-party sites. Facebook, for instance, has stringent guidelines surrounding company promotions on their site. Finally, companies may run into legal trouble if their social media activities violate their own privacy policies. There are several ways in which social media activity might compromise or leak sensitive company information (or client information) that could have legal consequences.

3.1.2 Reputational Risks The reputational risks of social media are as much as the reputational benefits because of the vast reach of social media platforms which offer not only a vast frontier of promotional opportunity, but a vast uncharted “sinkhole” of risk. General “bad behavior” by employees, or the posting of embarrassing information, has the potential to reflect poorly on the company (especially when that behavior is exhibited in a “branded” social media location, for example on a company’s “Fan” page on Facebook).

3.1.3 Operational Risks When employees access social media platforms at Work, even those employees who are designated as social media spokespersons for the organization -- they risk endangering the organization’s networked computers by unknowingly acquiring malware, viruses, and spyware. Social networking sites, particularly Facebook and Twitter, are a favorite playground for those with bad intentions.

37

3.2 Risk Assessment Determine the threats that apply to the organization's social media environment. Determine the vulnerabilities (weaknesses) that can create an environment in

which the threats can manifest. In some cases a threat will have only one vulnerability associated with it. However, in the majority of cases there will be multiple vulnerabilities associated with each threat.

Once the threats and vulnerabilities have been identified it is time to determine

the internal controls that are in place. Internal controls are the practices and processes that will keep the vulnerability from turning the threat into a reality. There are some common controls related to these risks. It is not likely that every organization will have every control listed. The greater the number and breadth of controls in place, the less likely the threat will take place. Each control should be listed on the risk assessment.

Based upon the internal controls in place and the nature of the threat and

vulnerability, the organization must determine the likelihood that the threat will take place.

Next, the organization must determine the severity of the effect of the threat if it

were to manifest based upon the existing controls. Finally, the organization uses both the Likelihood of Occurrence and the Impact

of Severity to determine the Risk Level. After completing the social media risk assessment it should be reviewed.

Considerations in the review include a risk level that is too high relative to the organization's risk appetite. For example, it may be the policy that all "moderate" and "high" risk areas be reviewed with senior management to discuss further internal controls that can be implemented to reduce the risks.

It is generally a good idea to summarize the risk assessment process and deliver a report to the organization's Audit Committee and possibly the Board of Directors. Along with the report may be recommendations or action items that will be taken to increase the number of internal controls to reduce the overall risk. Once such action items are completed the organization can again perform the risk assessment to determine if the internal controls have been effective in reducing the risk level.

38

3.3 Risk Management17 By combining new technologies and methods of engagement, social media can pose new risks to organizations and magnify existing ones. In addition to amplifying information technology risks such as viruses, malware, privacy, security and unauthorized applications, organizations must also manage brand, reputational and defamation risks and protect against the loss of intellectual property or inappropriate disclosures. Despite the many specific risks introduced by social media, organizations must also evaluate the growing risks of doing nothing – of not embracing social media. A prime example of the need for balance is human resources. While organizations initially worried about potential productivity losses, the new worry is that restricting social media access may deter candidates. Leading organizations are now using social media to identify, attract and engage potential employees.

3.3.1 Steps for Risk Management: Develop a social media strategy consistent with your organizational goals

and objectives Clearly establish roles and responsibilities with respect to social media Identify risks inherent in the organization’s social media strategy Determine key required risk management practices including the

communication of social media policies Implement a process to proactively monitor and respond to what is being

discussed online about your organization

17 Managing the risks of Social Media-Deloitte

39

Chapter IV

Legal Issues Information technology is one of the important law relating to Indian cyber laws. It had passed in Indian parliament in 2000. This act is helpful to promote business with the help of internet. It also set of rules and regulations which apply on any electronic business transaction. Due to increasing crime in cyber space, Govt. of India understood the problems of internet user and for safeguarding the interest of internet users, this act was made.

4.1 IT Act 2000 The Information Technology Act 2000 (also known as ITA- 2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on October 17, 2000. An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.

4.1.1 Provisions Information technology Act 2000 consisted of 94 sections segregated into 13 chapters. Four schedules form part of the Act. In the 2008 version of the Act, there are 124 sections (excluding 5 sections that have been omitted from the earlier version) and 14 chapters. Schedule I and II have been replaced. Schedules III and IV are deleted. Information Technology Act 2000 addressed the following issues: Legal Recognition of Electronic Documents Legal Recognition of Digital Signatures Offenses and Contraventions Justice Dispensation Systems for Cybercrimes

4.1.2 Objectives It is objective of I.T. Act 2000 to give legal recognition to any transaction which is

done by electronic way or use of internet.

40

To give legal recognition to digital signature for accepting any agreement via computer.

To provide facility of filling document online relating to school admission or registration in employment exchange.

According to I.T. Act 2000, any company can store their data in electronic

storage.

To stop computer crime and protect privacy of internet users.

To give legal recognition for keeping books of accounts by bankers and other companies in electronic form.

To make more power to IPO, RBI and Indian Evidence act for restricting

electronic crime.

4.1.3 Scope Every electronic information is under the scope of I.T. Act 2000 but following electronic transaction is not under I.T. Act 2000 Information technology act 2000 is not applicable on the attestation for creating

trust via electronic way. Physical attestation is must. I.T. Act 2000 is not applicable on the attestation for making will of any body.

Physical attestation by two witnesses is must. A contract of sale of any immovable property.

Attestation for giving power of attorney of property is not possible via electronic

record.

4.1.4 Highlights18

There are 13 chapters in law and all provision is included in this chapters:

Chapter II Any contract which is done by subscriber. If he signs the electronic agreement by digital signature, then it will be valid. In case bank, the verification of digital signature can be on the basis of key pair.

18 Business Education

41

Chapter III This chapter explains the detail that all electronic records of govt. are acceptable unless any other law has any rules regarding written or printed record.

Chapter IV This chapter deals with receipts or acknowledgement of any electronic record. Every electronic record has any proof that is called receipt and it should be in the hand who records electronic way.

Chapter V This chapter powers to organization for securing the electronic records and secure digital signature. They can secure by applying any new verification system.

Chapter VI This chapter states that govt. of India will appoint controller of certifying authorities and he will control all activities of certifying authorities. “Certifying authority is that authority who issues digital signature certificate.”

Chapter VII In this chapter powers and duties of certifying authority is given. Certifying authority will issue digital signature certification after getting Rs. 25000. If it is against public interest, then C.A. can suspend the digital signature certificate.

Chapter VIII This chapter tells about the duties of subscribers regarding digital signature Certificate. It is the duty of subscriber to accept that all information in digital signature certificate that is within his knowledge is true.

Chapter IX If anybody or group of body damages the computers, computer systems and computer networks by electronic hacking, then they are responsible to pay penalty up to Rs. 1 crore. Fore judgment this, govt. can appoint adjudicating officer.

Chapter X Under this chapter, cyber regulation appellate tribunal can be established. It will solve the cases relating to orders of adjudicating officers.

Chapter XI For controlling cyber Crime, Govt. can appoint cyber regulation advisory committee who will check all cyber-crime relating to publishing others information. If any fault is done by anybody, he will be responsible for paying Rs. 2 lakhs or he can get punishment of 3 years living in jail or both prison and penalty can be given to cyber-criminal.

42

Chapter XII Police officers have also power to investigate dangerous cyber-crime under IPC 1860, Indian Evidence Act 1872 and RBI Act 1934.

Advantages of I.T. Act 2000

Helpful to promote e-commerce Email is valid Digital signature is valid. Payment via credit card is valid. Online contract is valid

Enhance the corporate business

Filling online forms

High penalty for cyber-crime

4.2 The Information Technology (Amendment) Act, 2008 The Government of India has brought major amendments to ITA-2000 in form of the Information Technology Amendment Act, 2008. ITA A 2008 (Information Technology Amendment Act 2008) as the new version of Information Technology Act 2000 is often referred has provided additional focus on Information Security. It has added several new sections on offences including Cyber Terrorism and Data Protection. A set of Rules relating to Sensitive Personal Information and Reasonable Security Practices (mentioned in section 43A of the ITAA, 2008) was released in April 2011.

4.2.1 IT ACT 2008 Amendment (Sec 43A)19 It designates the responsibilities of a company handling personal data. It is an endeavour to safeguard the sensitive personal data from being stolen, modified without consent of owner, misused or sold in underground markets. For e.g. A bank deals with sensitive personal data of its customers in its computer networks/servers. It has customers’ names, account numbers, passwords, Date of birth, Sex, credit/Debit card details, etc. Therefore, to make sure the bank complies with Mandate of IT ACT, it needs to either get certified with ISO 27001 (world renowned standard for data protection) or it may develop its own security manual which describes full in depth details of its IT assets, the Life cycle of assets, the physical security measures (viz. CCTVs, Locks, vaults, fire prevention/detection, temperature controls in server rooms, security guard details and so on). It should

19 [Yearbook] Information and Technology Act: Salient Features and Provisions

43

also have a detailed Business Continuity plan (In case of any natural/manmade calamity the organization must have a detailed backup process so as to continue its business). Other applicable procedures of separation of duties of key personals, background checks of employees before employing, etc. Not only Banks, but the BPOs/KPOs, hospitals, and various other businesses which deals with sensitive personal data, need to comply with this act.

4.3 Article 66A 66A states “Punishment for sending offensive messages through communication service, etc.” i.e. any person who sends, by means of a computer resource or a communication device:

(a) any information that is grossly offensive or has menacing character

(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device

(c) any electronic mail or electronic mail message for the purpose of causing

annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages shall be punishable with imprisonment for a term which may extend to three years and with fine.

4.3.1 Explanation For the purposes of this section, terms "Electronic mail" and "Electronic Mail Message" means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.

4.3.2 New Guidelines No less than a police officer of a rank of DCP will be allowed to permit registration of a case under provisions of the Information Technology Act that deals with spreading hatred through electronic messages, following uproar over recent arrests under the controversial law. In the case of metropolitan cities, such an approval would have to come at the level of Inspector General of Police i.e. the concerned police officer or police station may not register any complaints (under Section 66 (A)) unless he has obtained prior approval at the level of an officer not below the DCP rank in urban and rural areas and IG level in metros.

44

Chapter V

Social Governance Frame Work According to the Altimeter Group, “almost two-thirds of companies say that social media is a significant or critical risk to their brand reputation.” Forrester Research tells us that 64% of large companies “have no social media policy in place, or if they do, they lack tools to sufficiently enforce and support the policy.”

5.1 Social Media Policy Development Once the strategy and risks associated with bank’s usage of social media are assessed and understood, it important to establish a social media policy to guide employee behavior. Numerous other organizations already have framed policies varying from reactive policies which focus primarily on risk to proactive policies which focus on the vast potential of social media strategy execution. One of the most important elements of any social media policy is the direction that determines how to respond to user-generated content or comments anywhere on the social network or media i.e. should company employees ignore public complaints, address them publicly or address them privately? Social media policy also should include guidelines that govern employees’ general social behavior online while they are at work.

5.2 Job of Social Media Governance20 Effective social media governance results in social capabilities that are thoughtfully embedded throughout the organization.

Operating Strategy Companies must define and implement an enterprise-wide social operating strategy that (1) ensures consistent customer experiences across channels and (2) integrates with existing strategy and planning processes.

Business Process They should infuse social media into business processes in ways that maximize the lifetime value of customers while synthesizing the diverse perspectives of affected internal process owners.

20 Empowerment with Accountability- Accenture

45

Figure 10 Componentsof Social Media

Marketing Quality Ensure that marketing tactics in social and digital media are consistent with the company’s definition of quality marketing. Then, as social media accounts proliferate and as brands begin to empower their employees to represent the brand in social media, align accounts and content with audiences.

Solution Architecture Develop, deploy, and maintain an enterprise solution architecture that allows the company to optimize the technology costs required to achieve social business goals. In addition, some companies create more restrictive guidelines that apply when employees post comments about the company or its products, spelling out requirements such as protecting confidentiality, privacy and security. If the company runs its own social site, such as a blog, the company should also create acceptable use policies for external users who post comments. Although social media policies will vary somewhat depending on the type of company and industry, some common employee guidelines apply to most companies21:

Employees should always disclose that they are employees of the company when commenting on matters related to the company

Unless employees are company spokespeople, they should make it clear that

their opinions do not represent the company

21 Social Media Strategy, Policy and Governance, Ernst & Young

46

Employees should think before they post, knowing that once information is

published online it essentially becomes part of a permanent record, even if it is removed or deleted later

Employees should not comment on legal matters or the company’s financial

status Among corporate social media policies, IBM’s Social Computing Guidelines have been called “a valuable model for other companies” because they “break down potentially complex issues with strong, simple language that defines clearly — yet encouragingly — what is and is not expected of IBM employees in social networks.” 11 IBM posts its employee guidelines on its public website.

5.3 The Importance of a Social Media ‘Audit’ Importantly, whether a company has just begun to develop its social media strategy or already is executing, social media audits are paramount. After all, regardless of where your organization is in its social media planning, some percentage of your employees and customers are likely to already have a social media presence. Social media audits can offer a company a clear understanding of those social media activities, sanctioned or not. For companies that have social media policies in place, audits can assess compliance with that policy. And for companies with established social media strategies and objectives, audits can assess the effectiveness of their execution and recommend ways to improve. Given the speed with which social media has hit business agendas, a social media audit may be the most important first step leading to an immediate assessment of corporate exposure, as well as long-term social media strategy and policy development. And, on an ongoing basis, social media audits can help optimize the effectiveness of strategies and policies.

5.4 10 essential elements of social media governance22: 1. Rules to flag unacceptable content 2. A process for approving content 3. Involvement from the legal team in setting down content guidelines 4. An established procedure for handling escalation 5. The means to track incidents until they’re resolved 6. A procedure for handling any “rogue” social media accounts 7. Single-point password control that goes across the entire enterprise 8. Rules that limit the sharing of passwords 9. Standards for managing access 10. A set of social media guidelines

22 Jeremy Epstein, vice president of marketing at Sprinklr

47

Chapter VI

Usage Guidelines As discussed in previous chapter due to the risks associated with social media a proper framework and guidelines are required to direct the organisation to make apt use of social media. As cited by Government of India while discussing the policy regarding social media that many apprehensions including, but not limited to issues related to authorisation to speak on behalf of department/agency, technologies and platform to be used for communication, scope of engagement, creating synergies between different channels of communication, compliance with existing legislations etc. It was therefore felt that Guidelines for use of Social Media were required which would enable project owners/implementers to effectively use these platforms.

6.1 Social Media Guidelines laid by Government of India The Social Media Framework and Guidelines for the Government of India has been created to enable government agencies to use these platforms more effectively and reach out to their stakeholders and understand their concerns and hear their voices. It comprises of the following elements23:

Figure 11 Social Media Framework and Guidelines

23 Framework and Guidelines for Use of Social Media for Government

48

Objective: Why an agency needs to use social media Platform: Which platform/s to use for interaction Governance: What are rules of engagement Communication Strategy: How to interact Pilot: How to create and sustain a community Engagement Analysis: Who is talking about what, where and what are the main

points of conversations Institutionalisation: How to embed social media in organisation structure

6.2 FFIEC Proposes Social Media Guidelines24:

While social media can be an effective way for such organizations to engage customers, it also poses new security risks. In light of this, the Federal Financial Institutions Examination Council (FFIEC) released a draft of new guidelines for social media, which it defines as “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.” The proposed rules would apply to banks, savings associations, and credit unions, as well as nonbank entities supervised by the Consumer Financial Protection Bureau and state regulators. The final version is expected to be published later this year. The proposed regulations would require that organizations have a documented social media policy in place, enforcement, and employee training. Moreover, financial institutions would need to conduct due diligence when using third party services to ensure they understood the regulations and policies that financial institutions must follow.

Strategy and Governance A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how social media usage contributes to the strategic goals of the institution (for example, through increasing brand awareness, product advertising, or researching new customer bases) and establishes controls and ongoing assessment of risk in social media activities;

Policies and procedures Policies and procedures (either stand-alone or incorporated into other policies and procedures) regarding the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations, and guidance. Policies and procedures should incorporate methodologies to address risks from online postings, edits, replies, and retention;

24 Social Media: Consumer Compliance Risk Management Guidance

49

Vendor Management A due diligence process for selecting and managing third-party service provider relationships in connection with social media;

Training An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities;

Monitoring An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;

Compliance Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance; and

Reporting Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that periodically evaluate the effectiveness of the social media program and whether it is achieving its stated objectives.

50

Chapter VII

References

Social Media and Banking Reputational Risks – Deloitte Shwayri, R. N. ,The Risks Associated with Financial Institutions’ Use of Social

Media Merill T., Latham K., Santalesa R., Navetta D., Social Media: The Business

Benefits May Be Enormous, But Can the Risks-- Reputational, Legal, Operational -- Be Mitigated?

A practical guide to risk assessment* - PwC SANS Institute- Risk Assessment of Social Media ISACA- Social Media RIsk and Mitigation Guide Yurcan B., The Compliance Risk of Social Media The Financial Brand DNA IBNLive Wikipedia.org FFIEC.org CGI, Implementing social network analysis for fraud prevention Accenture, Empowerment with Accountability Social Media: Consumer Compliance Risk Management Guidance Framework and Guidelines for Use of Social Media for Government Jeremy Epstein, vice president of marketing at Sprinklr Social Media Strategy, Policy and Governance, Ernst & Young [Yearbook] Information and Technology Act: Salient Features and Provisions Managing the risks of Social Media-Deloitte Business Education Watch My Wallet Sales Force Marketing Cloud International Week SMB Pennstate College Social Media Law Blog Companies now hiring through social media Role of networking sites in recruitment and talent management Recruiting Through Social Media http://www.walkersands.com/Blog/how-brands-can-use-social-media-for-

crisis-management/ http://www.blogussion.com/general/uses-social-networking/ Antony Mayfield, what is social media? Nielsen, Global Faces and Networked Faces, 2009

51