Social Media: Every Bank Needs a Risk Management Plan


12-4-13-Crowe.pngWith each passing day, there seem to be more reasons for banks to ramp up their social media activity. It isn’t just the sheer number of people on platforms such as Facebook, Twitter and YouTube. Social media offers banks the potential to engage directly with their most important audiences.

Consider that younger generations, which represent the next wave of bank customers and employees, are the most active users of social media. In fact, a recent Gallup poll found that the average age of a banking social media user is 33 years old.

Connecting with young customers is just one example of the opportunity social media holds for banks. Amid the possibilities, banks’ social media strategies have evolved at widely varied paces. Some organizations have introduced cutting-edge tactics, such as allowing banking through social media sites. Other banks have a Facebook page to monitor and respond to customer comments. Still others are now just beginning to contemplate launching a social media presence.

Regardless of strategy, all banks have one thing in common: They face risks associated with social media.

Assess the Possible Pitfalls

Limiting or steering clear of social media does not provide protection against risk. Your institution might not be very active on social media, but your employees, customers and vendors are.

First, institutions need to know what the potential hazards are. A social media risk assessment is designed to help organizations understand the threats that exist and prioritize the most significant challenges.

This type of review could include a survey to understand how employees use social media for business and personal purposes. Input from across a bank’s departments also is critical to gain a broad understanding of current and desired use of social media.

What Are the Risks?

Typically, the potential risks associated with social media fall into five major categories.

Reputational: This hard-to-quantify risk is one that concerns many executives. Anyone can post negative comments online about an institution’s products, services or staff, and organizations can mitigate reputational risk with advance planning.

Financial: An employee could erroneously release nonpublic financial information, through either an institution’s social media account or the employee’s own personal account. On the other hand, there is a different kind of financial risk associated with missing out on the marketing and business development opportunities that social media can offer.

Information security: This risk can include anything from employees oversharing work-related details via social media to a staff member clicking on a malicious link that threatens the security of an institution’s entire network.

Legal and employment: Gray areas surrounding social media use in hiring and firing decisions should be carefully considered in an effort to avoid lawsuits.

Operational: Many organizations struggle with decreased productivity when employees have broad access to social media during the workday. Increased employee activity on Facebook and other social media websites can also negatively affect network bandwidth.

Mitigate Problems Before They Arise

After conducting a risk assessment, there are several steps that banks can take to diminish the potentially negative effects of social media.

Establish comprehensive policies. Banks should treat social media no different from any other type of communication and should document policies related to social media. At the very least, social media should be included in existing policies, such as acceptable use, marketing/communications, incident response, and information security policies. According to draft guidance from the Federal Financial Institutions Examination Council (FFIEC), financial institutions should have programs in place to identify, measure, monitor and control their risks related to social media.

Implement training. Employees need to understand social media policies and how they apply. Training should be done repeatedly to keep up-to-date information fresh in people’s minds.

Improve upon existing policies. Institutions should determine where there are gaps in social media strategy and should address those risks quickly and strategically.

Clarity Is Forthcoming

The FFIEC is expected to release final guidance on social media policy soon, providing a consistent framework for financial institutions to follow. In the meantime, banks should not wait to assess the risks they face and should take action to mitigate them.