Social Media and Bank Compliance Requirements

The advantages of social media include the ability to better connect with customers, build the organization's reputation as being customer-focused and responsive, and set the organization apart from the competition. Many organizations have introduced social media components to their existing marketing strategy and more will follow in the near future as social media has surpassed everyone's expectations in terms of breadth of penetration and frequency.

Unfortunately, in their rush to implement such a strategy, some organizations may overlook the obvious...COMPLIANCE.

To assist bankers in ensuring ongoing regulatory compliance, the ABA Banking Journal released the following six social media compliance tips:

1. Conduct a social media risk assessment. Organizations should specifically identify the compliance requirements that apply to the proposed activity and evaluate the compliance risks associated with those requirements. Risks can originate from the statutory liability and regulatory penalties that are specified by law, or from reputational damage that could result from publicity of noncompliance (see the post on reputational risk as well as post on conducting social media risk assessments).
2. Establish policies and procedures. Organizations should establish written policies and procedures for the activity that clearly outline the details of offering and ongoing servicing. Every facet of the activity, from beginning to end, should be covered (see information on social media policies here.).
3. Establish controls to help address the risk identified in the compliance risk assessment. Controls may include a pre-publication review by compliance staff, assigning specific responsibility for specific functions associated with the activity, dual control, second review, and detailed checklists. One of the best controls is to include the compliance staff early in the planning process of the activity. The compliance staff can help build the process correctly from the beginning, rather than have to step in later to fix a compliance mess.
4. Set up a monitoring process. Establish an ongoing monitoring process to identify and correct errors before the examiners or the customers do.
5. Report to management. Management should be kept informed of compliance exceptions found through monitoring as well as regulatory developments affecting the activity.
6. Vendor management. Even if there are third party vendors involved in the activity, the bank should still follow its compliance management process. Risk assessment, policies and procedures, controls, ongoing monitoring, and management reporting are still applicable and just as important, because the bank is ultimately responsible.

Following these six tips should ensure that organizations remain compliant from beginning to end. Social media communications are no different from print, radio and television. As such, compliance officers need to ensure that they are in at the very beginning when talk of a social media strategy begins to emerge. Too often the Compliance Department is brought in after all the decisions are made and the money is spent. Getting a seat at the table where new initiatives are discussed will go a long way in preventing compliance related fiascos.