With the recent release of draft guidance by the FFIEC regarding social media use, social media is now front and center.
Conversations with auditors and examiners is revealing an interesting audit and regulatory expectation - mandatory social media training for all employees and directors.
As social media matures and more and more senior managers and directors feel comfortable with the use of social media, auditors and regulators have begun to look more closely at social media use by organizations. Unfortunately, there still exists in many cases a lack of understanding on the part of internal auditors and examiners in terms of what exactly what and how social media works. This ALWAYS spells trouble for bankers.
As we move forward as an industry in terms of social media adoption financial institutions must focus on three primary areas:
- Social Media Risk Assessment
- Social Media Policy
- Social Media Training
Social Media Risk Assessment
I have previously covered and provided social media risk assessment tools. See my post "Social Media Risk Assessment Process - Part 5." This is one of the most visited posts - with good reason, auditors and regulators expect institutions to conduct a risk assessment before deploying social media.
Social Media Policy
I have also previously covered and provided a sample social media policy. See my post "Sample Social Media Policy for Banks." This is another one of my most visited posts. Even institutions that do not use social media are being required in some cases to have a policy confirming that fact!
Social Media Training
The final piece of the trifecta is Social Media Training. Due to the widespread use of social media within society, auditors and regulators are now treating social media like they do areas such as information security and the Bank Secrecy Act. Increasingly auditors and regulators want to see social media training for all new employees. The thinking is that social media can do some real damage if employees are not aware of the risks. As such, just like information security and money laundering, social media is equally risky. In addition to new employee training, there is an increasing expectation of annual training and director training. All this is new and sudden and many organizations have not been prepared.
In an effort to assist the banking industry, Pan American Bank made available on its YouTube channel a 30 minute social media training video. Pan American Bank does not guarantee that the video will meet auditor or regulator requirements but it is a good starting point for those that need to quickly ramp up their employee and director training relative to social media use.