This week, the Federal Financial Institutions Examination Council (FFIEC) released “Social Media: Consumer Compliance Risk Management Guidance. The FFIEC is asking for comments within sixty days. You can download the 31-page document here.
Its release has created quite a stir within the banking industry. A comprehensive article appeared on TheFinancialBrand.com, “Regulatory Shocker on Social Media in Banking Coming Soon” that summarizes the guidance quite nicely.
But . . . what’s so shocking?
We’ve been having the same conversations in the securities industry for three years. And in those three years, firms have learned that there are three major areas of risk that need to be mitigated before deploying social media:
- Security: your IT department needs to prevent your firm’s proprietary and client information from being leaked out either inadvertently or maliciously from the enterprise. They also need to ramp up malware protection. That’s because social media users are susceptible to incoming threats as they view themselves as part of a tribe and tend to click on any link sent by a “friend.”
- Compliance and Governance: your legal and compliance departments already know that there are thousands of rules and regulations that govern the communications and advertising of publicly held corporations, firms in general, and bank specifically. Take the securities industry as an example – the banking regulators aren’t issuing new rules and regulations around social media. Social media is viewed as just another form of written communications. Your compliance department is therefore challenged to interpret existing rules as they apply to social media and to develop and enforce firm policies.
- Enablement: your executive team is concerned about productivity and the bottom line. Now that every employee can be the face of the business, you either have a powerful marketing tool or your worst nightmare. Employees will need to be trained on how to use social media effectively to meet the firm’s goals, such as nurturing existing clients, attracting new business, recruiting, and brand awareness.
However, during the last three years, we’ve learned that all these risks can be mitigated by strong corporate polices, backed up with technology and training.
So far, so good. Nothing new here. Or is there? In addition to what we’ve already seen from other regulators, the FFIEC specifically also calls for:
- Creation of policies to address negative feedback or customer complaints, even if a financial firm chooses not to actively engage in social media.
- Monitoring to protect the firm’s brand identity
- Due diligence and oversight for third-party vendors that firms may hire in connection with social media
And the one that I find most interesting:
- Processes and reporting to demonstrate how social media “contributes to the strategic goals of the institution.”
In other words, the FFIEC recommends that firms measure the ROI of social media.
It will be interesting to see the reaction that FFIEC gets from the industry. I just hope that the banking industry can use some of the key learnings from the securities industry to streamline the processes to reap the benefits of “getting social.”
For more details on how to deploy social media within retail banking, you can also check out Belbey Blogs: Upcoming Guidance for the Use of Social Media for Retail Banking from FFIEC.
Actiance 
#1 by The Financial Brand (@FinancialBrand) on January 26, 2013 - 6:48 am
The “shock” will come when the bulk of financial institutions that don’t have social media strategies, don’t have social media policies and don’t track social media ROI… will all of a sudden have to contend with all these things.
Banks and credit unions have skated through the social media world with their willy nilly approach for a long time. The FFIEC is telling them they need to approach social media with the same skills and discipline that they exercise in all other areas of business.
#2 by belbey on January 26, 2013 - 10:09 am
Agreed. For those banks who haven’t created a social media plan yet, a good first step is to form a working group. The group should include all the key stakeholders that are impacted by social media (marketing, communications, investor relations, sales, lines of business, IT, security, HR, legal and compliance, etc) and begin to work collaboratively. Identify and mitigate each risk, one by one. Develop use policies. Research third party vendors. Craft content strategies. Test. Pilot. Test some more. Train. And then slowly deploy. Measure ROI. It will take time and effort, but, banks will begin to reap rewards like securities firms are realizing now.