Whitepaper

IS REGULATORY COMPLIANCE ENOUGH?

Constantly, the U.S. federal government is seeking ways to ensure the financial institutions are better protected against online abuse, and in some cases, make them responsible for those losses. Increasingly though, regulatory bodies are attempting to address not only real but perceived or so-called “foreseeable” threats. For example, Section 501 (b) of the Gramm Leach Bliley Act mandates federal regulators to not only implement guidelines that financial institutions must safeguard the security and confidentiality of all customer records, but also protect against foreseeable threats to the security of customer records.

In other words, a financial institution may have to do more than protect its own data and records. Its concerns may also extend to the Internet, where for example, the potential exists for its images and logos to be abused. Over the last few years, the number of phishing attacks on community institutions has continued to escalate in both intensity with pharming and severity with malware.

Generally, the larger financial institutions are aware of the threats to their names and their brands. They have tens of billions of dollars invested in their brands and don’t want to be known as unsafe partners. But smaller institutions are less aware. It’s unlikely online reputation damage alone could put any institution out of business but negative publicity could cost in the form of lost customers, reduced market share or stock devaluation. It was too expensive years back to reproduce an annual report with adjusted numbers or issue a press release on earnings windfalls or shortfalls. Today, criminals use the Internet to sway opinion one way or the other, hedging markets with false information for personal gain.

But one thing is clear, when identity theft or fraud occurs, the consequences become apparent rather quickly and must be dealt with. And rest assured, there are hard costs involved. If infractions occur, all parties must be notified, a cease and desist order may need to be issued and possibly legal fees that must be taken into consideration. However, if the damage is to a reputation, these consequences become less clear and more difficult to measure. Further, if a customer or business partner is involved, there may be some expectation that the institution make good even though it is not at exact fault.

The costs that are not known are the soft ones: damage to reputation, loss of new or potential customers or declining market share. Institutions do a lot of things because they must, whether it’s for liability or regulatory reasons. But while there may not be a law or legal requirement to protect your brand, it could cost you business today and in the future.

APPLYING BEST PRACTICES

By some estimates, 90 per cent or more of financial institutions in the U.S. do not manage their online reputations. This may be due to the difficulty of protecting a brand in the electronic world. If an “imitation institution” is built somewhere in a downtown area complete with a sign with a well-known brand name, it would be shut down in a matter of days if not hours. However, if an “imitation institution” consists only of a Web site hosted in a foreign country, it could take much longer to shut down, or even worse, it could go completely undetected. One could decide to Google the name of the false institution but that could generate a list of millions of links that change each week.

There is no way of managing all of this without brand protection, an emerging category of software that helps organizations gain control over how they are represented online, both by uncovering threats and mitigating the risks to their reputation.

Brand protection is a technique that uses advanced technology, round-the-clock monitoring, proven best practices and exhaustive human analysis to scour millions of domains, Web pages and Internet links to uncover potential infractions, and categorize and rank these infractions according to severity.

1 | 2 | 3 | | 4 | Next