Financial Institutions in the United States have a new “friend” to contend with in their social media circle.
Given the exponential increase in the influence social media has had upon the financial institution landscape in recent years, compliance professionals could have anticipated the recent Federal Register notice. On January 23, 2013 the Federal Financial Institutions Examination Council (FFIEC), composed of the OCC, the Federal Reserve Board of Governors, the FDIC, the NCUA, the CFPB and the State Liaison Committee (“the Agencies”) jointly issued proposed guidance for public comments to be received by March 25, 2013.
This broad-based guidance proposes to address the applicability of federal consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks, savings associations, and credit unions, as well as by nonbank entities supervised by the Consumer Financial Protection Bureau.1 Viewed in the broader context of enterprise risk management, the Agencies are seeking to ensure that all supervised financial institutions are effectively assessing and managing risks associated with activities conducted via social media. Specifically, the financial institutions will be expected to incorporate consumer compliance and legal risks, as well as reputation and operational risks associated with social media activities into their governance structure.
The FFIEC’s entry into social media regulation will likely be met with mixed reviews by financial industry compliance professionals. While many organizations have sought to craft policies and procedures to address this multifaceted communication phenomenon, other organizations have struggled with developing a consensus around how to approach social media governance. For organizations that have yet to create or adequately revise social media policies and procedures to encompass its growing importance to commerce, the FFIEC action may provide the impetus that Chief Compliance Officers can leverage to guide corporate boards and C-suite executives to create a social media governance structure.
I read the proposed guidance with great interest. I had expected the FFIEC to provide guidance regarding a financial institution’s active use of social media in its business and by its employees, both in their capacity as employees as well as off-duty. The proposed guidance directly addresses the Compliance and Legal Risks posed by social media with regard to deposit and lending products, payment systems, anti-money laundering and financial privacy. The regulation of an active social media presence clearly reflects the consumer protection best practices that an organization would apply to its other outbound channels, including print, television, and radio marketing, as well as authorized corporate communications.
The portion of the proposed guidance that I found even more insightful was the Reputation Risk topics the FFIEC chose to explicitly consider. Some executives offer the opinion that if their organizations don’t actively foster a social media identity, then the need for social media governance is eliminated. The FFIEC instead acknowledges that even an organization that chooses to forgo promoting an active social media presence is subject to the risks that can be thrust upon an organization by the public. Noting that reputation risk is the risk arising from negative public opinion, the proposed guidance delves into the realm of dissatisfied consumers and negative publicity that can cause significant harm to a law-abiding financial institution. In addition to Fraud and Brand Identity and Third Party Concerns, the FFIEC directly addresses a financial institution’s affirmative obligation to monitor Consumer Complaints and Inquiries initiated via social media.
In an economy overflowing with consumers clamoring to ensure that “there’s an app for that,” financial institutions have worked actively to develop social media channels to harness consumer demand to varying degrees. Additionally, those same consumers who routinely update their social networks (both personal and professional) from their smartphones while waiting for the train or purchasing a latte’, will also launch a Twitter rant or a scathing and aptly-named blog post about your organization before they’ve left your premises. This proposed guidance, which will likely receive many comments before being issued in its final form, is going to eventually become part of your prudential regulator’s examination process.
I would propose that now is the time to address your organization’s social media governance process. Working with your board of directors and your senior leadership colleagues, you can assess the current status of your policies and procedures; identify and address perceived gaps; and provide appropriate guidance to employees within your organization before the regulators arrive to test your practices. Action now will likely ensure that your regulator hits the “Like” button later.
No comments:
Post a Comment