-1.svg "Close Icon (3)-1")
.svg "Close Icon (3)")
- Share
-
The latest US guidance on online reputation management for banks highlights a critical reality: even financial services organisations that don’t engage in social media themselves have a responsibility to risk manage for potential issues arising from its use by others.
On January 23 this year, the US Federal Financial Institutions Examinations Council (FFIEC) – the body responsible for the Dodd Frank regulations – issued draft guidance on the use of social media by banks (you can read full draft guidance here).
The guidance, meant to address how federal consumer protection laws may apply to the social media activities of financial institutions, serves as an excellent roadmap for how to mitigate the risks involved with social media.
For Australian financial institutions, this US guidance is a fairly good predictor of what is to come for government oversight of social media activity. It highlights some of the key compliance issues that a company could encounter when using social media.
According to the guidance, “institutions will be expected to use the guidance in their efforts to ensure that their risk management practices adequately address the consumer compliance and legal risks, as well as related risks, such as reputation and operational risks, raised by activities conducted via social media”.
But wait, there’s more: “A financial institution that has chosen not to use social media should still be prepared to address the negative comments or complaints that may arise within the many social media platforms described above and provide guidance for employee use of social media”.
In other words, financial institutions must have a risk management program that allows it to “identify, measure, monitor and control the risk associated related to social media” whether or not the organisation is actively using social media as a business.
Components of a risk management program should include the following:
- Input from specialists incompliance, technology, information security, legal, human resources and marketing;
- A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how social media contributes to the strategic goals of the institution;
- A oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;
- An employee training program;
- Appropriate policies addressing the fact that employees might use personal social media accounts in a way that could implicate the financial institution.
The draft guidance also warns of the reputational risk of failing to respond to customer complaints via social media in a ‘timely or appropriate manner’ and highlights the need for companies to monitor social media for potential fraudsters, masquerading under their brand.
Though such regulations may be a year or two off for us here in Australia, recent court rulings on companies’ (and employees’) use of social media indicates that it’s only a matter of time before these risk and compliance issues reach this level. Indeed, last year’s Advertising Standards Board’s ruling placed the onus on companies to ensure that posts on their brand’s pages (even by third parties) comply with industry self-regulatory codes and consumer protection laws.
Financial institutions would be well advised then to take the US FFIEC’s draft guidance to heart and evaluate how effectively their current risk management practices address the use of social media.
For how to get started, check out BlueChip’s Online Reputation Risk Checklist (email us for a copy).
