The Federal Financial Institutions Examination (FFIEC) Council’s guidance outlines seven components on social media compliance, each playing a vital role in an organization’s risk management program. Two of these elements – monitoring and auditing – may seem similar, but there are important distinctions. Financial institutions are instructed to develop programs that monitor information posted on social media sites, as well as create audit functions that to support ongoing compliance with internal and external policies.
Social media compliance monitoring has traditionally consisted of internal management processes designed to oversee corporate digital marketing, presence on social media platforms and related activities for compliance with internal policies. However, social media outlets and activities are expanding at an exponential rate, and coupled with increasing regulatory oversight, monitoring has quickly grown to encompass loan officers’ professional and personal social media use as well.
Monitoring can offer substantial benefits, allowing your institution and employees to promote activity that generates leads, develops business and extends your market reach – all while identifying risk. Proactive monitoring can help highlight risk, escalate issues and create valuable training opportunities. Additionally, monitoring for trigger terms and/or relevant keywords in real time can contribute to a robust social media compliance program and act as an effective way to quickly respond to and manage potential violations.
When backed by a detailed policy, and the support of senior management, social media monitoring can be effectively managed in adherence to the FFIEC’s guidance. Keeping a flexible approach and seeking ways to incorporate monitoring can also support process improvement.
Consider the following components of social media monitoring.
- Noncompliant Activity
The primary goal of monitoring is to have capabilities in place to recognize non-compliant social media activity, so it can be promptly addressed to mitigate future problems.
- Policy Changes
External regulations will continue to change and social media channels will continue to advance; internal policies must anticipate and address this evolution. These changes need to be understood, effectively communicated to employees, and monitored by management.
- Repeat Offenders
Social media mistakes are common and many employees experience occasional lapses in judgment, despite an organization’s policies and training. However, monitoring activities can assist management in identifying repeat offenders so that additional training and/or disciplinary action can be administered.
While similar to monitoring, auditing is a distinct process. Whether conducted in-house or by a third party, auditing is more specific in its capacity to track activity, collect data and recognize potential concerns. Thoughtful and careful analysis to identify what audit data is important to your corporate brand and compliance oversight will help to maximize results, as well as support consistency and accuracy.
It is important to perform audits regularly and findings should be detailed over the previous 12-month period. This historical perspective allows an organization to analyze trends and optimize information to identify issues, prevent re-occurrence and minimize potential violations. Audit data also helps determine where to focus training and what to look for when scheduling future audits.
It is highly recommended that financial institutions audit the activities of anyone who represents the company in any way, across any social media platform. In addition to employees, one should consider including the following groups in an oversight and auditing protocol:
- Branch locations
- Corporate marketing
- Third-party providers
For more information on monitoring best practices, download Black Knight’s white paper, Monitoring Your Employees’ Social Media Activity.