Like the other regulated industries, retail banks are interested in using social media to provide a personal touch to their customers.
In response to the banking industry’s requests for guidance on the appropriate use of this new media, Federal Financial Institutions Examinations Council (FFIEC) issued “Social Media: Consumer Compliance Risk Management Guidance” in late 2013.
Unique Regulatory Challenges
The FFIEC acknowledges that banks face unique challenges when allowing their employees to use social media to communicate with prospective and existing customers due to its interactive and more informal nature. Like FINRA, the SEC and IIROC, this guidance from the FFIEC does not create any new rules and regulations, but seeks to help banks interpret existing advertising, supervisory and other requirements. Unlike guidance from other regulators however, the FFIEC also focuses on risk management and encourages financial institutions to identify and put processes in place to mitigate risks such harm to consumers; violations of compliance and legal responsibilities; operational risk, and importantly, reputation risk.
4 Takeaways For Compliance
When we look through the extensive list of existing banking rules, there are four main areas that impact social media:
- Supervision: A common theme that runs through banking regulations is the need for institutions to supervise communications. These activities range from prohibiting employees from collecting personal information from anyone under the age of 13, to ensuring that employees do not improperly collect or use personal information such as religion or ethnicity to make decisions on lending products, to making sure that private customer information is not inadvertently or purposely disclosed. Best Practices: When allowing social media, many firms adapt written supervisory procedures already in place. Rather than block the use of social media, firms are increasingly taking the approach of enabling its compliant use. Firms adapt existing workflow approvals to include pre-approval of static content to be used on social media. Principle-based employee social media polices that are enforceable, demonstrate a thoughtful approach to the regulators. Firms also limit access to social media unless associated persons are supervised and trained in advance.
- Safeguarding customer information: Institutions need to ensure that information retained on customers from bank account details, to data that personally identifies customers and messages sent and received from customers are kept securely and remain private. Best practices: Aside from providing training to staff, institutions can also deploy technology to automatically detect and ‘hold’ any messages from being sent until a supervisor is able to review.
- Content Standards: There are well established content standards that now may be applied to social media. Communications with the public must be accurate, fair, balanced and not misleading. Factors that would impact investment decisions must be disclosed, this could be in the form of a hyperlink to a webpage that contains the full disclosure of risk and terms and conditions. Best practices: Institutions need to consider the medium used, and provide relevant links to risk and other additional information if this cannot be covered in the original message, for instance, when using Twitter with its character limitations.
- Recordkeeping: In order to prevent money laundering, and to fulfill existing obligations for retaining comments made by the public, institutions need to consider how they will capture and preserve social media communications. Best practices: Institutions should consider on of the vendors offering technology to capture, archive and enable social media communications to be retrieved.
The post 4 Best Practices: Compliant Use of Social Media In The Banking Industry appeared first on Actiance.