According to FIL-56-2013, financial institutions are not required to monitor and respond to all Internet communications; however, each company is expected to determine their own appropriate approaches regarding the monitoring of social media.
Developing a policy (either stand-alone or incorporated into other policies and procedures) regarding the compliant use and monitoring of social media is a necessity in this electronic day and age. All applicable consumer protection laws, regulations, and guidance must be evaluated and incorporated as they evolve. Well-developed policies and procedures should clearly outline your company’s process for social media use while also addressing the potential risks from online postings, edits, replies, and retention.
Use and Monitoring
According to the FFIEC, a financial institution should have a risk management program that allows it to identify, measure, monitor, and control the risks related to social media. The size and complexity of the risk management program should match the extent of the financial institution’s involvement in social media. To create your policy, first identify all platforms where your brand exists, including individual employee business accounts. Search platforms you may not normally use for advertisements, such as Yelp and YouTube, to determine if any unknown accounts exist. Once platforms have been identified, create a list of active, approved accounts that you can continually update. If any fraudulent accounts are found, contact the platform to see about having the account removed.
While this may seem like a daunting task, ActiveComply offers web-scrubbing solutions that search social media platforms for you 24/7 and give you a searchable list of accounts.
Financial institutions are using social media more than ever as a tool to generate new business and interact with consumers. Social media, as any new communication technology, has the potential to improve market efficiency. However, these opportunities are not without risk. The use of social media to attract and interact with customers can impact your company’s risk profile, including risk of harm to consumers, compliance and legal risks, operational risks, and reputation risks. For example, if a member of the public posts confidential or sensitive information – like account numbers – on your company’s social media page or site, what are the procedures to address this risk?
A well-developed social media policy will outline the potential risks for important stakeholders, how to best mitigate those risks, and procedures to take if an incident occurs.