The Federal Financial Institutions Examination Council (FFIEC) recently released proposed guidance on social media. The proposed guidance, titled Social Media: Consumer Compliance Risk Management Guidance, doesn't express any new obligations for banks, but instead is intended to help financial institutions understand the risks associated with social media and the risk management expectations.
The key stages of managing the overall risk of social media presented in the proposed guidance are suspiciously similar to the risk management of other information systems. Basically, it suggests integrating knowledge from multiple departments by consulting with on-staff technology, legal, and marketing experts to:
- Identify the landscape and measure risks and benefits involved with engaging your bank in social media.
- Determine necessary controls that should be effective in reducing risk.
- Monitor your social media environment.
- Test your controls on a regular basis.
- Report all of this data to senior management to prove the effectiveness of your program.
Most community banks limit their social media activity to basic communication. If this describes you, your social media risk management plan should be quite manageable. If your bank has chosen to not participate in social media at all, you may find it surprising to know you still need a risk management plan.
The proposed guidance addresses a separate topic that applies to all banks, regardless of your social media interaction choice: Reputational Risk. Once you have determined how your bank will engage in social media, your focus should be on monitoring and managing your bank's online accounts. Your proactivity is the best formula for reducing reputational risk.
Reputational risk is the risk arising from negative public opinion. We all know, through personal or vicarious experience, public opinion can change on a dime. Reputation has a substantial hold on the size and type of your customer base. While there are reputational benefits of having a social media presence, like humanization of the bank and brand name recognition, there are also reputational risks. While you strive to protect that intangible asset of brand name and company value, your social media presence is a wide-open vulnerability.
You may have a false sense of control if you think the way your bank uses social media is negligible. Everything done online matters because everything done online is permanent. To fully equip your bank for supporting social media accounts, there are a few rules you can follow to make the best online impression and minimize reputational risk.
Your bank may not be run by the same crowd as your social media target audience. Because of this, there should be a special focus on being relevant. Sometimes over caution and lack of understanding can lead to a boring social media presence. Consider livening up with YouTube videos or charity events. But don't go overboard with excessive updates and thoughtless posts. One or two a day should be fine. The best way to achieve relevance through social media is to be transparent and honest. Customers and prospects will appreciate when you listen to them intelligently and respond truthfully, answering their questions directly.
You may take the weekend off, but customers don't. Be sure to have someone available to monitor your social media pages almost constantly. It's important to promptly respond to comments, questions, and connection requests. Make sure there is a checks and balances system in place for every post and comment made by the bank. Everyone makes mistakes, but it's best to keep those permanent mistakes to a minimum. If you can't handle the focus required for responsiveness, it may be time to consider reducing what can be done through social media to a manageable level.
In a single instant, your reputation could be damaged. Someone could tag your bank in an inappropriate photo. Someone could create a profile similar to yours and begin to impersonate your bank, smearing your brand identity. The personal lives of your employees can bleed over, associating the bank with poor choices and unprofessionalism. Events like these can even harm banks that choose not to participate in social media. You can't control the outside world, no matter what your policies say. So keep a tight hold over the things you can control. Make, and enforce, a strong policy about what is and is not permissible with the bank's social media accounts. Include what kind of behavior warrants an employee being disassociated with the bank. Train your staff. Be familiar with your third party's system logic and limitations, and don't be afraid to use system settings to your benefit. But most importantly, sleep with one eye open, so to speak. When it comes to social media, there is always someone watching you.
Monitor, monitor, monitor.
For more information on the proposed guidance, visit http://www.ffiec.gov/press/pr012213.htm.