The Central Bank of Nigeria, CBN, has recently updated its Customer Due Diligence Regulations, making it compulsory for financial institutions to include customers’ social media handles in their Know Your Customer, KYC, procedures.
This innovation aims to augment the existing anti-money laundering, AML, and counter-terrorism financing, CFT, measures.
While a commitment to combat financial crimes is laudable, the initiative raises several substantial issues.
This analysis explores these concerns, drawing on case studies where similar initiatives have been attempted, to better understand the potential implications and consequences of such a policy.
Invasion of Privacy: An Infringement on Personal Rights?
KYC procedures have always drawn a line between an individual’s financial transactions and their public persona.
However, the inclusion of social media handles threatens to blur this boundary, potentially infringing on personal privacy rights.
People use social media to share aspects of their lives voluntarily, but they usually do not expect their social media presence to be subject to financial scrutiny.
In 2018, the Chinese government introduced a policy requiring online micro-lenders to access borrowers’ social media information as part of the loan approval process[1].
The policy led to a significant backlash, with many citizens feeling their privacy had been violated[1].
The incident serves as a stark reminder of the potential negative consequences when financial regulations encroach on personal privacy.
Data Protection and Security: Are More Risks Being Taken?
The collection of additional personal data, such as social media handles, heightens the potential attack surface for cybercriminals.
Globally, even sophisticated systems have experienced data breaches. The Equifax data breach in 2017, affecting approximately 147 million people, underscored the gravity of risks associated with the storage of extensive personal information.
As we strive to fortify our financial systems against money laundering and terrorism financing, it’s crucial not to overlook the cyber threats that could arise from the gathering of more personal data.
A significant data breach can irreparably damage a financial institution’s reputation and trust, key elements in the financial industry[2]
Effectiveness and Feasibility: Is the Benefit Worth the Cost?
There are substantial doubts about the effectiveness of using social media data for KYC purposes.
Social media platforms are designed for social interaction and often present an idealized, or at least curated, version of users’ lives.
A study by the University of Pennsylvania highlighted that people are more likely to share positive financial news on social media rather than negative, leading to a skewed perception of their financial reality[3].
As such, it is questionable whether social media data can accurately inform risk assessments or other serious financial decisions.
Moreover, the practicalities of verifying and analyzing the vast volumes of data generated on social media present another set of challenges.
Financial institutions could find themselves incurring significant costs to process this information, potentially passing these additional expenses onto consumers.
Potential Misuse: Opening Pandora’s Box?
Collecting and analysing social media data could open avenues for misuse. For instance, this data could be exploited for invasive data mining, discriminatory lending practices, or targeted marketing.
A case in point is the Cambridge Analytica scandal, where personal data from Facebook was exploited to influence voter behaviour.
The incident highlighted the potential for misuse when extensive personal data is available for analysis.
Potential Impact on Credit Risk Assessment: A Double-Edged Sword
In theory, access to social media data could provide financial institutions with additional insights into customers’ financial behaviour.
However, the reliability and accuracy of this information are dubious.
Overreliance on such data could lead to skewed credit risk assessments and unfair lending practices.
Additionally, as seen in the backlash against the Chinese government’s policy mentioned earlier, perceived invasion of privacy can lead to a loss of trust in financial institutions [1].
This could increase the likelihood of customers defaulting on their credit obligations, consequently elevating credit risk.
Furthermore, as shown by a study published in the Journal of Marketing Research, there’s an inherent risk in utilizing social media data for credit risk assessments.
The study found that companies using social media data for credit assessments ended up alienating customers and potential clients who viewed the practice as an invasion of privacy[2].
Data Protection and Security Risks
Further exacerbating the problem are the associated security risks that come with collecting and storing more personal data.
The infamous Equifax breach in 2017 is a case in point.
Here, cybercriminals exploited a vulnerability in the company’s website software, leading to the exposure of personal data, including social security numbers and addresses of 147 million people[3] This significant breach not only led to massive financial losses but also caused irreparable damage to Equifax’s reputation.
In conclusion, while the CBN’s intentions in enhancing AML and CFT compliance are commendable, the mandatory inclusion of social media handles in KYC requirements is fraught with numerous challenges.
Drawing parallels from similar initiatives across the globe, it’s clear that an equilibrium between combating financial crimes and maintaining individual rights to privacy and data protection needs to be established.
Technological advancements and evolving risks need to be addressed. Still, they shouldn’t come at the cost of potential privacy infringement, data protection threats, and potential misuse of collected data.
As we move into an increasingly digitized future, it’s crucial to reassess the balance between security and privacy continuously.
While advances in technology offer innovative tools for preventing and combating financial crime, they also pose significant risks to individual privacy and data security.
It’s essential for regulations to evolve with these changes, striking a balance that safeguards both national security and individual rights.
Ikwe Gideon, is an experienced professional in finance, data analysis, and risk management with with expertise in data science and business intelligence. He can be reached at HERE.
1. Luo, M., (2018). China Requires Online Micro-Lenders To Access Borrowers’ Social Media Information. China Banking News.
2. Aguirre, E., Mahr, D., Grewal, D., de Ruyter, K., & Wetzels, M. (2015). Unraveling the Personalization Paradox: The Effect of Information Collection and Trust-Building Strategies on Online Advertisement Effectiveness. Journal of Marketing Research, 52(1), 80-93.
3. Mearian, L., (2021). The biggest data breaches in the ASEAN region. CSO Online.
The opinions expressed in this article are solely those of the writer.
