Here are four highlights from the FFIEC’s guidance on social media and how it affects banks and credit unions.
By Ben Pankonin, CEO and co-founder of Social Assurance
For many months now, financial marketers around the U.S. have been eagerly awaiting the FFIEC’s official guidance on social media. On December 10, they finally released “Social Media: Consumer Compliance Risk Management Guidance.”
The guidance encourages a level of social media oversight that affects more than just the marketing department. As the FFIEC puts it: “Your risk management program should be designed with participation from specialists in compliance, technology, information security, legal, human resources, and marketing.” That’s a lot of cooperation and meetings… that will probably need to be spearheaded by the head of marketing at your organization.
It is important to note that the guidance is not new law but helps to convey the applicability of existing laws, regulations and policies that pertain to financial institutions as they relate to social channels.
1. Social Media Governance and Operational Risk
FFIEC Guidance: “A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution.”
Outlining guidance structures for social media includes delegating social tasks, understanding the objectives for social (customer-acquisition, brand awareness, customer services, etc) and ensuring the institution and an employee training program. This enterprise view of social should help to focus the institution’s objectives in social as well as employee’s use — e.g., “establishing policies and training to address employee participation in social media representing the financial institution.”
2. Third Parties
There are several types of third-parties who participate in financial institutions’ social media projects, including the social networks themselves (Facebook, Twitter, LinkedIn, etc.). Here’s how some of those partners are impacted.
Social networks. Even if a social media site is owned and maintained by a third party, consumers using the financial institution’s part of that site may blame the financial institution for problems that occur on that site. Financial institutions rarely utilize third-parties that both own the data and do not provide a service-level agreement (SLA).
Consultants and agencies. “Working with third parties to provide social media services can expose financial institutions to substantial reputation risk.” Risks may be reduced through process and technology to allow FIs to oversee their agency relationship.
Social media technology providers. These firms provide software to help engagement within social networks (posting, replies). The FFIEC is asking financial institutions to consider what, if any, control the institution may have over the third party’s policies or actions. Mitigating risk through rules and role-based software to keep individuals, platforms and third-parties in-check, will continue to be critical.
3. Monitoring: Fraud & IT Security
FFIEC Guidance: “Financial institutions should consider the use of social media monitoring tools and techniques to identify heightened risk, and respond appropriately.”
These monitoring techniques and tools should also address fraudulent use of the financial institution’s brand. While many institutions focus on the fear of consumer complaints, the FFIEC’s guidelines take into account a much more comprehensive view of risk assessment, and asks financial institutions to focus on determining the appropriate approach to take regarding monitoring of and responding to such communications.
The guidelines recognize that these comments may occur in locations where the financial institution is not expecting them, and suggests that financial marketers consider “the risks — particularly the reputation risk — inherent in not responding to complaints and disputes received through other channels.” It may sound like the FFIEC is telling financial marketers they had better never miss any mentions of their brand, but this isn’t the case.
“This Guidance does not require financial institutions to monitor and respond to all internet communications,” the guidelines clearly state. But where do we draw the line? Filtering for relevant messages will require finely-tuned tools.
4. Existing regulations and their effect
FFIEC’s guidance mentions over a dozen individual regulations that are affected by this guidance, including Truth in Savings/Lending, GLBA, and others. What is important to note is that these regulations are not modified, but clarity is brought. For many marketers understanding where to place disclosure information and how to insure timeliness of responses is crucial. It will be increasingly important that social media managers are able to document response times in social media.
Read the Complete FFIEC Guidelines
You can read all 19 pages of the FFIEC guidelines on social media in banking on this page here, or by clicking the button below.