Join CoNetrix for a six-part webinar training series for Information Security Officers (ISOs).
Learn More

Virtual Life: Automatic Enrollment

Publication: The Colorado Banker, May/June 2013

The Federal Financial Institutions Examination Council (FFIEC) recently released proposed guidance on social media. The proposed guidance, titled Social Media: Consumer Compliance Risk Management Guidance, identifies risk management expectations that could surprise bank personnel who are not very familiar with the scope of social media. Generally, you perform a risk assessment for services you offer. But social media is a completely different monster of its own. I would categorize it more with tornados and floods. In other words, risk from social media is inevitable even if your bank specifically chooses not to use it. With inevitability in mind, it’s important to perform a risk assessment and establish controls for social media, regardless of your level of involvement.

We would like to think that we are in control of what happens to our bank at all times. The truth is: we can't control everything, which is why we do things such as perform risk assessments, assign policies, and accept some risk. We can't control the world around us, so we do our best to put up sufficient defenses, which we like to call controls. What defenses do we have in place for the virtual world? Just as a person can freely start up a conversation about anything they want, they can also start a virtual dialog about any topic. But a virtual dialog has the potential to go viral, and there is no erasing or going back from that. Anyone out there can bring your bank into the social media forefront without asking permission.

Banks choosing to engage in social media should have constant monitoring, yes, including weekends. Beneficially, constant monitoring affords prompt responses to comments, questions, and connection requests. But what if you are not using social media? You still have to monitor, but monitor what? Well, the entire internet of course. It sounds like an absurd concept, but it’s actually quite possible, even manageable. Specifically you’ll want to keep an eye on who’s talking about the bank. A customer could write about your service in their blog or in a forum. It could be positive feedback or negative, either way, you need to know about it because there are potential customers out there reading it. An employee could display their poor ethical choices on the Internet, while boldly being labeled as an employee of the bank. Unflattering moments await you.

Luckily, there are free tools available for monitoring your bank’s online reputation, one of which is Google Alerts. With the Google Alert system, you can choose specific words or phrases for which you would like to receive alerts. You can even specify how often you want to receive updates. Include the bank’s name, product names, slogans, and any personnel names in your list of items. Sniffing the internet for activities related to you will help you gauge your online image and respond to issues you would have otherwise missed. And if you respond through the Internet, I think it’s safe to say you have now officially engaged in social media.

For more information on the proposed guidance, visit

Written By
Leticia Saiid

Leticia was born with an urge to solve difficult problems which led to her earning a B.A. and M.A. in Mathematics, but her passion is to help others achieve their goals and become better versions of themselves.  She served at CoNetrix as the Tandem Software Support Manager for several years where she built and directed a team of support specialists, and she recently changed positions to Executive Assistant where she can put her skills and passions to work on corporate projects and employee care.  In her free time, she enjoys mentoring college students, teaching young children to read, and solving jigsaw puzzles.