[This blog is the first in a series of articles which will examine the risks, rewards, innovative uses, and changing legal landscape of social media use by financial services institutions. Future blog articles will examine topics such as: monitoring and managing consumer complaints through social media, disgruntled employee use of social media, and control over content and message. These forthcoming articles will address the risks associated with these issues and provide practical solutions for mitigating those risks.]
Many of us use social media to connect with friends and family far and wide. Social media allows us to build on those personal relationships by sharing pictures and stories— including those self-promoting posts about our great vacation instead of the tantrum our 3-year-old is having. This dual connectivity and image branding has caught the eye of many companies, including innovative financial institutions which are creating new “fun” reputations by interacting with prospective and current customers through social media.
A recent American Bankers Association research study entitled “The State of Social Media in Banking” (ABA Social Media Study) highlights how banks are creating personable images and building their social capital. For example, Central National Bank in Waco, Texas, has created several YouTube video parodies, including one on why banks close for Columbus Day, which received over 4,000 views. Another bank, First Bank Financial Centre in Oconomowoc, Wisconsin, posts a picture of a bobblehead figure of the bank’s CEO somewhere in the world and encourages Facebook users to guess the location. The ABA Social Media Study examined how banks are taking advantage of social media by collecting survey data from nearly 800 banks of all sizes (from those less than $250 million to those over $10 billion). Of those surveyed, almost 75 percent of banks said they were somewhat or very active on social media. According to the data, this is a recent trend, with approximately 30 percent of banks surveyed indicating that they have been using social media for less than two years, while another 33 percent have been using social media for less than four years. Another 14 percent indicated that they do not currently use social media, but many of those plan to begin using social media in the next one to two years.
The creative use of social media allows financial institutions to create a personal connection with their customers. Put succinctly, the ABA Social Media Study stated, “Social media tweets and feeds are helping to transform bank personas from anonymous institutions into friendly and approachable members of the community.”
The ABA Social Media Study serves as evidence that social media utilization by financial institutions is only going to increase in the future and cannot be ignored as a means to promote an institution’s brand and grow business. As more financial institutions become active participants in all types of social media, including Facebook, YouTube, Twitter, LinkedIn and Instagram, careful consideration must be made about the institution’s goals, risk appetite, governance, and regulatory concerns, as well as consideration of practical issues about who posts and what is posted. There are, no doubt, many advantages to utilizing social media including: community engagement, deepening customer relationships, attracting new customers, customer service, recruiting and advertising. While each of these advantages comes with potential risks, those risks can be minimized by developing robust policies and procedures, oversight and governance, and conducting legal analysis prior to becoming active on social media. Once active, an institution must continue to provide oversight and governance; continually update policies and procedures; keep abreast of regulatory requirements and guidance, including new state and federal laws and legal precedent; and ensure feedback loops based on customer complaints or issues that may arise.
A starting point is the Federal Financial Institutions Examination Council’s (FFIEC) guidance titled “Social Media: Consumer Compliance Proposed Guidance” (FFIEC Guidance) which addresses the applicability of existing federal consumer protection and compliance laws, regulations, and policies for social media use by banks and non-bank entities alike. The FFIEC Guidance states that a financial institution should include the following components in a social media risk management program:
- A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution (for example, through increasing brand awareness, product advertising, or researching new customer bases) and establish controls and ongoing assessment of risk in social media activities;
- Policies and procedures (either stand-alone or incorporated into other policies and procedures) regarding the use and monitoring of social media and compliance with all applicable consumer protection laws and regulations, and incorporation of guidance as appropriate. Further, policies and procedures should incorporate methodologies to address risks from online postings, edits, replies, and retention;
- A risk management process for selecting and managing third-party relationships in connection with social media;
- An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities;
- An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;
- Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws and regulations, and incorporation of guidance as appropriate; and
- Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.
In addition to the above guidance, financial institutions must consider how social media interacts with deposit and lending products, advertising plans, payment systems, BSA/AML requirements, complaint procedures, employment policies, the Community Reinvestment Act, data privacy and breach notification laws. Similarly, cybersecurity policies should be reviewed to ensure that social media interactions do not subject the institution to cyber hacks or social engineering schemes. Once those policies and controls are in place, the financial institution must ensure that all employees are properly trained. It is imperative that the company work as a whole, with IT, compliance, HR, legal, and business units working seamlessly to ensure that the risks of using social media are minimized while the advantages are maximized.