Handling risk around Web 2.0 apps is nothing to be taken lightly. As banks begin to adopt technologies such as blogs, wikis and other social networking applications, they are also starting to understand that they have a duty to monitor these seemingly freewheeling applications.
Kailash Ambwani, president and CEO of FaceTime Communications a Belmont, Calif.-based company that provides products and services around risk management and compliance for enterprisewide unified communications, says that in this time of crisis and scandal, the industry's attitudes toward Web 2.0 technology is changing. According to Ambwani, the bulk of FaceTime's clients are in financial services. One such client, a multinational investment bank, surveyed its employees and found that 50 percent said they had a profile on Facebook. "If all these people are using Facebook, what are they saying on it [about the company]?" poses Ambwani.
This is a relevant question for financial institutions, which, he notes, have heavy compliance requirements around archiving the content their employees use. Some companies even prohibit certain business units from interacting with each other. However, many employees might not realize that blogging with people from these off-limits divisions of the company may constitute a violation of policy, he explains.
"If you look at the trading floor of a large investment banks, you'll see screens with 10 or 12 instant message windows open at once. They're doing trades in IM," Ambwani relates. "If you look on Facebook, you'll see thousands of big name companies on there with thousands of employees as members. They want to see how they can leverage all this internally for creating knowledge centers," he explains. "So these technologies are mission critical to banks."
While banks need to communicate quickly, they must also adhere to regulations. Ambwani notes that if Societe General hadn't archived its emails and instant messages, it might not have ever been able to prove that Jerome Kerviel was a rogue trader. "The financial industry is all about fast communication along with very stringent compliance requirements," he says. "And even though these firms operate in highly regulated environments, their employees feel these Web 2.0 channels are largely unmonitored."
It is becoming even more important for banks to evaluate their policies around Web 2.0 technology as the scope of what must be archived expands, Ambwani comments. Expect logs from Twitter and Facebook to show up during litigation down the road, he predicts. "The forms of communications have exploded and companies now realize they can no longer just worry about email."
He says the knee-jerk reaction by some companies would be to simply block the use of these applications. "This is counterproductive," he asserts. "The kids entering the workforce today grew up with this technology. And the benefits of it to production outweigh any negative effects."
The market for technologies that can help banks keep track of the use of Web 2.0 tools by employees is just emerging, explains Ambwani, but has huge potential. "The general market here is growing fast because of the pace at which unified communication is growing at companies," he says.
Ambwani says it is crucial for banks to implement technology that will help them keep track of web traffic at a deeper level that shows administrators what applications are being used. However, all technology must be backed by strong policy. Policy should be set by application, business user and group. It should also govern when and how they can be used. A third element to help banks manage their Web 2.0 risk is to have technology that logs all this information so it can be determined whether confidential information is leaving the company's boundaries.
"Companies are starting to recognize the importance of doing this in light of the financial crisis as more focus is being placed on visibility and transparency," Ambwani notes.