The Financial Conduct Authority has made a huge effort to shrug off the image of its predecessor, and its latest guidance on social media and customer communications is another case in point. The FCA goes to far greater lengths than the FSA to understand the activities that it's regulating, and it has properly recognised the benefits to firms using the social media, not just the risks. There are some big concerns in here. But overall it's a helpful steer on how to market financial services in the social media, rather than just another regulatory minefield.
Now, about those 'big concerns'...
The word "consent" does not appear in this document. Nor do the words "data protection". The word "privacy" appears once, however, in a footnote which helpfully refers to the Information Commissioner's guidance on Direct Marketing. That's really the only nod to the many other requirements that application developers need to consider when producing financial services - something we've been focusing on intently at the Society for Computers and Law, for example. That's a particular concern, when section 1.8 of the guidance recommends "the use of software that enables advertisers to target particular groups very precisely" without so much as a footnote. If this is a tip to use Big Data tools, cookies and so on to engage in behavioural targeting of advertising, then firms will need a lot more help if they are to expected to do so appropriately.
Of equal concern is the FCA's decision to 'gold-plate' its guidance to the level of compliance required by the European directives on consumer credit and mortgages - another example of the European "regulatory creep" that blights the UK's landscape and is the source of so much talk of a "Brexit":
"The same constraints do not exist in other areas, but we think it is important to adopt a common approach across all the sectors we regulate, and across all media. To do otherwise would create a more complex and less certain regime, which would impose additional costs and which firms and consumers would find more difficult to navigate."
The problem with this approach is that not only do UK officials have a tendency to over-comply in this fashion, but they also take a literal approach to the interpretation of European law, rather than the purposive approach that European law itself dictates. So the UK invariably implements European edicts far more restrictively than, say, Greece or even France (historically the country most sued for failing to implement European laws, but here's the league table).
Another problematic area is the guidance on using an image to convey a risk warning where a character limit would make it impossible to include it as text. While appearing to recommend this approach, the FCA then points out (on page 8) that Twitter settings, for example, allow users to ensure that images appear as a link, rather than being automatically displayed. So, risk warnings or other required information cannot appear solely as an image where such user features are present. This is explained a little more in section 7 of the Annex, which also mentions that some social media services limit the amount of text in images or crop them in unpredictable ways... In other words, images are not really much of a solution, even though they feature heavily throughout the FCA's examples.
Retweets and other sharing of financial promotions by customers and employees is another area for firms to consider a bit more carefully. There is some discussion of that (under "Other regulatory issues" on page 11), but it's obviously at the core of why firms would use the social media over traditional advertising channels. Basically, you can't rely on your employees to do the dirty work for you, at least not in the course of their employment (a slippery slope); and just because they or your customers are prepared to make a claim, doesn't mean that the firm can share it with impunity.
While it's refreshing that the FCA does not consider a tweet, for example, to be a real-time promotion, it doesn't mention the use of instant messaging features, or direct messaging. Although the guidance does mention that a customer 'following' a firm's account or 'liking' its material does not amount to an express request to receive real-time promotions to get around the ban on 'cold-calling'.
Finally, record-keeping is a key concern here. As the FCA points out (on page 14), you can't rely on the social media platforms to retain a copy of your promotional material. So firms need to have their own records of tweets etc., and the related compliance sign-offs.
No doubt the FCA's guidance will evolve in the light of these concerns over time - not to mention the guidance from the Information Commissioner!