Unfortunately, in their rush to implement such a strategy, some organizations may overlook the obvious...COMPLIANCE.
To assist bankers in ensuring ongoing regulatory compliance, the ABA Banking Journal released the following six social media compliance tips:
- Conduct a social media risk assessment. Organizations should specifically identify the compliance requirements that apply to the proposed activity and evaluate the compliance risks associated with those requirements. Risks can originate from the statutory liability and regulatory penalties that are specified by law, or from reputational damage that could result from publicity of noncompliance (see the post on reputational risk as well as post on conducting social media risk assessments).
- Establish policies and procedures. Organizations should establish written policies and procedures for the activity that clearly outline the details of offering and ongoing servicing. Every facet of the activity, from beginning to end, should be covered (see information on social media policies here.).
- Establish controls to help address the risk identified in the compliance risk assessment. Controls may include a pre-publication review by compliance staff, assigning specific responsibility for specific functions associated with the activity, dual control, second review, and detailed checklists. One of the best controls is to include the compliance staff early in the planning process of the activity. The compliance staff can help build the process correctly from the beginning, rather than have to step in later to fix a compliance mess.
- Set up a monitoring process. Establish an ongoing monitoring process to identify and correct errors before the examiners or the customers do.
- Report to management. Management should be kept informed of compliance exceptions found through monitoring as well as regulatory developments affecting the activity.
- Vendor management. Even if there are third party vendors involved in the activity, the bank should still follow its compliance management process. Risk assessment, policies and procedures, controls, ongoing monitoring, and management reporting are still applicable and just as important, because the bank is ultimately responsible.