Article
PodcastSocial Media Risks for Banks
In recent years, business use of social media has exploded. Many companies, including banks, are using Facebook, Twitter, LinkedIn and other social media platforms to interact with customers and prospects and to market their products and services. For banks, the opportunities these platforms provide also come with significant risks.
Whether or not your bank has embraced social media, you can bet that many of your employees and customers are using it. So it’s critical to develop a plan for managing these risks.
What are the risks?
The Federal Financial Institutions Examination Council (FFIEC) issued proposed guidance on managing social media risk. The guidance outlines several areas of potential risk, including:
Compliance and legal risks. If your bank uses social media to market or originate deposit or lending products, it’s critical to ensure that social media activities comply with applicable laws and regulations.
For example, the Truth in Savings Act requires certain disclosures in connection with ads that use terms such as “bonus” or “APY” (annual percentage yield). A social media posting that includes such terms without making these disclosures (for example, by including a link to the required information) may violate the law. The Truth in Lending Act imposes similar disclosure requirements.
Social media also may pose a risk of violating fair lending laws. For example, the Equal Credit Opportunity Act and regulations generally prohibit lenders from requesting information about a borrower’s race, color, religion, national origin or sex. But social media sites often collect this information. Banks that use these sites should take steps to ensure that they don’t improperly request, collect or use this information or give the appearance of doing so.
Careless social media posts also may violate laws that prohibit unfair or deceptive advertising.
Reputation risk. Even if your bank isn’t actively using social media as a business tool, social media activity can have a negative impact on your bank’s reputation. Dissatisfied customers or other consumers may post negative comments about your bank or accuse it of deceptive marketing or other unlawful practices. Employees may make inappropriate statements. Disgruntled employees and other fraudsters posing as bank officials may portray the bank in a negative light.
It’s critical for banks to have policies and procedures in place to monitor these activities and address any negative publicity.
Operational risk. Like other information technology systems and processes, social media presents certain operational risks, including those associated with malware, viruses, data breaches and other dangers that may threaten the security of sensitive customer or bank information.
A related issue is employee use of online file-sharing applications, which can create significant data security vulnerabilities if not controlled.
What should you do?
The FFIEC recommends that banks develop risk management programs designed to identify, measure, monitor and control social media risks. These programs should include the following components:
- A governance structure with clear roles and responsibilities for the board and senior management to direct social media strategy and use,
- Policies and procedures for the use and monitoring of social media and compliance with consumer protection laws,
- A due diligence process for selecting and managing third-party providers of social media services,
- Employee training on the bank’s policies and procedures regarding work-related use of social media, and
- An oversight process for monitoring information posted to social media sites.
In addition, banks should establish audit and compliance functions to ensure ongoing compliance and prepare periodic reports to the board and senior management on the social media program’s effectiveness.
Assess your risk
The complexity of a bank’s risk management program depends on its level of involvement in social media. To define the scope of your bank’s program, a risk assessment is a good place to start.
Copyright © 2013 Thomson Reuters / BizActions.