Social Media Monitoring and Compliance for the Modern Financial Institution
In today’s ever-evolving, increasingly interconnected world, social media has become arguably the primary means through which information is transferred and communicated both to and amongst the masses on a daily basis. While recent social unrest and political tensions have in part exposed some of the negative aspects of these powerful platforms, the fact remains that sites such as Facebook, Instagram, Yelp and others remain havens through which individuals can gather with friends, strangers and companies alike to exchange ideas, voice their opinions, and grow their respective brands. The same holds true for businesses that are now able to engage with their customers at unprecedented levels – as evidenced during the COVID-19 pandemic – while adjusting their business models and daily workflows to better serve their client base. Given the growing societal reliance on new, potent technologies in seemingly every aspect of life in 2021, Jack Dorsey, the CEO of social media staple Twitter, has described social platforms as the new “public square” for the world. As such, the ability to harness the potential of, and manage the possible risks associated with, social media while maintaining compliance with regulatory responsibilities has developed into one of the top concerns for the modern financial and compliance professional. The trend towards social media monitoring across the financial sector has grown in prevalence accordingly.
Loosely defined as the process of identifying and analyzing information relevant to your business across social media platforms, social media monitoring can encompass a rather large scope of online engagement. This can include, but may not be limited to, mentions of your company/brand or that of your competitors and counterparts in the financial sector, identifying trends relevant to the industry, and even testing out varying marketing pitches with the purpose of collecting data and details to both gain a competitive edge and stay on top of compliance requirements. Regulations from government bodies such as the Financial Industry Regulatory Authority (FINRA), the Federal Communications Commission (FCC), and even the Securities and Exchange Commission (SEC) require financial service providers to be responsible for monitoring social media in various forms, including the publishing of both static and interactive content. Given that social media is a dynamic technology, this makes staying up to date with these requirements all the more challenging. And with the risks associated with social media usage for financial institutions encompassing the legal, reputational and operational realms, the consequences for non-compliance can have a significant impact on the future of an entire organization. As such, the Federal Financial Institutions Examination Council (FFIEC) in 2013 published guidelines to assist institutions in remaining compliant with respect to social media. Among the recommendations made by the FFIEC with respect to establishing a thorough risk management program for monitoring of social media are the creation of a clear governance structure specifically catered to meet these demands, having written policies and procedures in place that can be referred back to, enabling a third-party management process and oversight program for continuous monitoring, and reporting metrics made readily available to the appropriate executives. It also goes without saying that the greater an organization’s social media presence, the more comprehensive and detailed said risk management program must be to ensure that all bases are covered with respect to cybersecurity.
A company’s reputation is crucial to the strength of its brand. In today’s society, social media is one of the top ways that a business can create a lasting, positive perception of itself with the general public. If the perception/consumer sentiment surrounding a firm is negative (which can manifest in a number of ways), this can be evidenced in the form of negative engagement received online. From a reputational standpoint, companies must be aware of any negative publicity surrounding them (which is important to monitor at both small and large scales) and determine their relevancy. If proven legitimate, firms must then act as quickly as possible to mend these issues before significant harm is done – making the importance of ongoing monitoring all the more important. The same holds true with eliminating all relevant privacy concerns for consumers, as this too can have a negative impact on not only reputation, but the overall client experience. In addition to these matters, businesses are now paying closer attention to how their own employees – as well as potential hires – represent themselves (and potentially their institution) across their social media profiles. In fact, a 2018 survey from CareerBuilder found that 70% of employers use social media to screen candidates during the hiring process, and about 43% of employers use social media to check on current employees.1 Company’s are actively screening whether their employees, or those on their radar for hiring, are making inappropriate/contentious posts or speaking negatively about their company or those of others in the industry.
They are also examining whether or not these individuals are publicly discussing company business or sharing personal details about their clientele. Again, these are things that need consistent monitoring and subsequent remediation, especially if these individuals make reference to their employment with a specific institution in their respective profiles. Close watch must also be kept on those managing the company’s social media accounts and producing content for blogs, whitepapers and even the direct company webpages. There have been countless incidents where employees have abused their power as an online voice of the company and landed their firms in hot water, alienating portions of the customer base they worked so diligently to establish. There have also been cases where disgruntled employees have decided to publicly air their grievances against their employers and have used social media or their employed positions to purposefully damage their employer’s reputation. Companies need to be aware of these possibilities and have the appropriate systems in place to stay on top of these developments before significant reputational damage is done.
Perhaps the most notable risks with respect to social media however are of the operational variety (i.e. hacking, internal/external fraud, etc.). As evidenced by the now-notorious SolarWinds hack led by Russian operatives that compromised local, state and federal agencies of the United States government, as well as major American tech companies, hacking schemes of increasing sophistication are becoming all the more common and doing more and more damage. Institutions small and large have become equally susceptible to hacking exploits and data breaches when failing to implement necessary safeguards for deterring cybercrime, with criminals searching for all available loopholes to capitalize at the expense of unsuspecting individuals and organizations. Several major social media platforms have experienced attacks affecting the integrity of accounts held by some of their most renowned users (i.e. the 2020 hacks of the Twitter accounts of notable names such as Elon Musk, Barack Obama and Joe Biden amongst countless others). With more and more companies turning to social media to attract and interact with potential clientele, these entities must ensure that their IT departments have the appropriate cybersecurity measures in place to safeguard confidential information. With consistent monitoring of their social media accounts, companies must also make certain that there is little-to-no sensitive data or information associated with said accounts in the event that their defenses are breached by bad actors.
While operational failures can have catastrophic effects on the bottom line for across entities operating across the entire financial spectrum, by no means should legal risks should be discounted. Privacy laws, copyright infringement, harassment, defamation, insider trading, and discrimination are just a few of the sticking points that face the modern financial institution with respect to social media activity. Aside from these issues, financial service providers need also take things a step further to stay compliant with government regulations. To combat shortcomings in this regard, a proactive approach to mitigating risk should be adopted by financial institutions of all sizes. Financial institutions are now required to mitigate risks posed by utilization of third-party vendors. As such, vendor data encryption policies must be fully operational with respect social media applications (as well as email services, direct messaging and chat apps, and video-conferencing services used) and should be consistently monitored as well.
More refined monitoring practices employed by financial institutions should also carry over with respect to managing customers both at the client onboarding phase and throughout the duration of the financial relationship. This helps to ensure that any individuals with active ties to the bank itself are not involved in any readily apparent illegal or high-risk activities that could lead to repercussions (including possible multi-million-dollar financial penalties and sanctions) against the firm itself down the road. While employing new, complex processes can often be a daunting (and costly) undertaking, certain software solutions such as those employed by Global RADAR allow for the automation of these often-overwhelming tasks. This allows firms to stay ahead of the curve with respect to the monitoring of relevant social media activity while staying within their respective budgets without cutting any corners with respect to compliance requirements.
With social media monitoring becoming a necessary element for effective and comprehensive due diligence with respect to customers, employees, and even company executives, many of America’s most prominent financial institutions are turning to outside sources to better meet these formidable requirements. One of the more prominent companies with respect to this space is ActiveComply, a firm that has aided some of the world’s most respected financial service providers in keeping track of all company affiliated profiles, meeting archival requirements, and ensuring that the online presence of these companies meets and exceeds the requirements set by the latest federal and state financial regulations. ActiveComply offers easily deployable cloud-based solutions for mortgage lenders, banks, and credit unions that allow these entities to engage with social media safely while allowing for the consistent monitoring of identified social media accounts on an ongoing basis — while cutting associated costs and manpower requirements extensively. Solutions such as these are among the most powerful tools available to both compliance and general financial executives in maintaining organizational compliance and overall security, with ActiveComply’s presence likely to become a key component in modern regulatory compliance for decades to come.
As the world continues to move towards widespread technological innovation, the role of maintaining proper due diligence with respect to social media monitoring cannot be understated and will likely prove a significant hurdle for the modern financial institution if steps are not taken to address this novel playing field in the months to come.
- CareerBuilder. “More Than Half of Employers Have Found Content on Social Media That Caused Them NOT to Hire a Candidate, According to Recent CareerBuilder Survey.”PR Newswire: News Distribution, Targeting and Monitoring, 9 Aug. 2018.