The Federal Financial Institutions Examination Council (FFIEC) recently released proposed guidance on social media. The proposed guidance, titled Social Media: Consumer Compliance Risk Management Guidance, identifies risk management expectations that could surprise bank personnel who are not very familiar with the scope of social media. Generally, you perform a risk assessment for services you offer. But social media is a completely different monster of its own. I would categorize it more with tornados and floods. In other words, risk from social media is inevitable even if your bank specifically chooses not to use it. With inevitability in mind, it’s important to perform a risk assessment and establish controls for social media, regardless of your level of involvement.

We would like to think that we are in control of what happens to our bank at all times. The truth is: we can't control everything, which is why we do things such as perform risk assessments, assign policies, and accept some risk. We can't control the world around us, so we do our best to put up sufficient defenses, which we like to call controls. What defenses do we have in place for the virtual world? Just as a person can freely start up a conversation about anything they want, they can also start a virtual dialog about any topic. But a virtual dialog has the potential to go viral, and there is no erasing or going back from that. Anyone out there can bring your bank into the social media forefront without asking permission.

Banks choosing to engage in social media should have constant monitoring, yes, including weekends. Beneficially, constant monitoring affords prompt responses to comments, questions, and connection requests. But what if you are not using social media? You still have to monitor, but monitor what? Well, the entire internet of course. It sounds like an absurd concept, but it’s actually quite possible, even manageable. Specifically you’ll want to keep an eye on who’s talking about the bank. A customer could write about your service in their blog or in a forum. It could be positive feedback or negative, either way, you need to know about it because there are potential customers out there reading it. An employee could display their poor ethical choices on the Internet, while boldly being labeled as an employee of the bank. Unflattering moments await you.

Luckily, there are free tools available for monitoring your bank’s online reputation, one of which is Google Alerts. With the Google Alert system, you can choose specific words or phrases for which you would like to receive alerts. You can even specify how often you want to receive updates. Include the bank’s name, product names, slogans, and any personnel names in your list of items. Sniffing the internet for activities related to you will help you gauge your online image and respond to issues you would have otherwise missed. And if you respond through the Internet, I think it’s safe to say you have now officially engaged in social media.

For more information on the proposed guidance, visit