This week, the Federal Financial Institutions Examination Council (FFIEC) released “Social Media: Consumer Compliance Risk Management Guidance. The FFIEC is asking for comments within sixty days. You can download the 31-page document here.
Its release has created quite a stir within the banking industry. A comprehensive article appeared on TheFinancialBrand.com, “Regulatory Shocker on Social Media in Banking Coming Soon” that summarizes the guidance quite nicely.
But . . . what’s so shocking?
We’ve been having the same conversations in the securities industry for three years. And in those three years, firms have learned that there are three major areas of risk that need to be mitigated before deploying social media:
- Security: your IT department needs to prevent your firm’s proprietary and client information from being leaked out either inadvertently or maliciously from the enterprise. They also need to ramp up malware protection. That’s because social media users are susceptible to incoming threats as they view themselves as part of a tribe and tend to click on any link sent by a “friend.”
- Compliance and Governance: your legal and compliance departments already know that there are thousands of rules and regulations that govern the communications and advertising of publicly held corporations, firms in general, and bank specifically. Take the securities industry as an example – the banking regulators aren’t issuing new rules and regulations around social media. Social media is viewed as just another form of written communications. Your compliance department is therefore challenged to interpret existing rules as they apply to social media and to develop and enforce firm policies.
- Enablement: your executive team is concerned about productivity and the bottom line. Now that every employee can be the face of the business, you either have a powerful marketing tool or your worst nightmare. Employees will need to be trained on how to use social media effectively to meet the firm’s goals, such as nurturing existing clients, attracting new business, recruiting, and brand awareness.
However, during the last three years, we’ve learned that all these risks can be mitigated by strong corporate polices, backed up with technology and training.
So far, so good. Nothing new here. Or is there? In addition to what we’ve already seen from other regulators, the FFIEC specifically also calls for:
- Creation of policies to address negative feedback or customer complaints, even if a financial firm chooses not to actively engage in social media.
- Monitoring to protect the firm’s brand identity
- Due diligence and oversight for third-party vendors that firms may hire in connection with social media
And the one that I find most interesting:
- Processes and reporting to demonstrate how social media “contributes to the strategic goals of the institution.”
In other words, the FFIEC recommends that firms measure the ROI of social media.
It will be interesting to see the reaction that FFIEC gets from the industry. I just hope that the banking industry can use some of the key learnings from the securities industry to streamline the processes to reap the benefits of “getting social.”
For more details on how to deploy social media within retail banking, you can also check out Belbey Blogs: Upcoming Guidance for the Use of Social Media for Retail Banking from FFIEC.