Enough time has passed since the Federal Financial Institutions Examination Council guidance was published, so it’s inevitable that the next hurdle banks and credit unions face is the actual Social Media audit.
Are you ready? Do you understand the components of the Social Media: Consumer Compliance Risk Management Guidance the FFIEC has outlined? Do you have the manpower and technology to fully comply? Are you looking for a solution? We dive deep into each section, what it really means, and what you should consider in order to ensure a socially compliant program.
Banks and Credit Unions are realizing that participation in Social Media is a non-negotiable. There are lots of reasons for this “Ah-ha” moment, but one is the little blurb in the Official Guidance that says “However, in accordance with its own risk assessment, a financial institution that has chosen not to use social media should still consider the potential for negative comments or complaints that may arise within the many social media platforms and, when appropriate, evaluate what, if any action it will take to monitor for such comments and/or respond to them.” And with that being said, let’s dive in!
Banks and Credit Unions are realizing that participation in Social Media is a non-negotiable.
It all starts with a Governance Structure. You must determine who will be responsible for each area of your social media program. Who will serve as the Social Media Manager; the person responsible for managing your social media strategy and provide guidance, oversight and control of others involved in the program? Which individual will create and collaborate with others to curate engaging content and post to your proprietary sites? Is this the same person who will respond to questions, comments, and (heaven forbid) complaints posted to your sites? Who will have the final say on what content is approved for posting?
Now that you have the players in place, you must explain how the use of Social Media contributes to the strategic goals of your Financial Institution. For example, through increasing brand awareness, increasing sales through product advertisement, or researching new customer bases. Once you have determined the parameters of your program, you must now establish controls and ongoing risk assessment in all of your social media activities.
The next step is developing policies and procedures… yes, more policies to add to your arsenal! First of all, your employees will need to understand and agree to the acceptable use and impermissible activities when it comes to accessing and participating in social media. For those charged with managing your platforms, they will need procedures regarding posting to and monitoring of all information on proprietary sites to ensure compliance with all policies, as well as applicable consumer protection laws and regulations. Furthermore, don’t forget to establish methodologies for addressing risk from online postings.
An Employee Training Program should incorporate all of your policies that revolve around social media. Social platforms change quickly, so keep an eye on the evolution…or should we say revolution, be mindful of any needed policy updates, and include this program in your annual training curriculum.
You must have an oversight process to monitor information posted to your proprietary Social Media platforms. The purpose of this is to manage not only compliance and legal risks, but also reputation risk. If your institution has held off in participating in Social Media, this is likely the reason why. Monitoring is one of the most difficult pieces of your plan to manage since posting is real time, people are on social media 24/7 and oh, you have other job responsibilities that need to be done! We know it’s a challenge – hang in there!!
You must have an oversight process to monitor information posted to your proprietary Social Media platforms.
You know the regulations, consumer protection laws and of course your own bank policy, but now you must adopt steps to be taken in how to address risk in a live social environment. Bouncing every post against your established parameters to ensure compliance is a good best practice to implement. But what if a fan comments or posts to your site in a way that violates your policies? You will need to determine how you will remediate any non-compliant post made by others.
Archiving posts is a critical component of your plan. Those responsible for audit and compliance must ensure that your social platforms are operating in a compliant manner. This means they will need documented proof of compliant postings as well as remediation efforts made on the bank’s behalf to resolve any non-compliant issues.
In the end you will need to report to the powers that be, the effectiveness of your social media program and whether it is achieving its stated objectives (A.K.A. your Governance Structure). Remember archived posts and remediation efforts? You will want to be able to provide those in report format as well because whomever will be conducting your inevitable social media audit will likely ask for this!<
Whether you are just entering the social scene and want to start on the right foot, or you already have an active presence and need to firm up your program, we can help. Just download this free Social Media Compliance Assessment and determine exactly where you stand and what your next steps should be. If you are looking for an affordable comprehensive, turnkey Social Media Compliance solution, we can help with that too! BANK MONITOR addresses and fulfills all of the regulatory requirements we’ve discussed here, and maintains your program using technology to allow you to have a healthy and compliant “social” bank.