More community banks and credit unions are embracing the marketing opportunities of social media. With increased activity comes an increased urgency for regulatory bodies to ensure that financial institutions are keeping themselves and their consumers safe. This means that every institution should be prepared to undergo a social media compliance audit.
We lack a single comprehensive guide
Depending on the scope of your institution's services, several different governmental agencies will regulate your social media presence:
While each of these agencies provides some guidance, the rapid evolution of channels, media types, and consumer expectations creates a gap of coverage between guidance and today's common social media practices.
Social media risks are real
Social media risks exist whether your institution is advertising on social media or not. Possible risks include:
-
Employees might social media inappropriately.
-
Consumers might talk about your brand online.
-
Malicious entities might try and spoof your brand and deceive your consumers.
What do you need for a Social Media Compliance Audit?
The documents you need will vary depending on the scope of your social media activities. Here is a list of documents and policies that most financial institutions should have:
- An Employee Social Media Policy
- Documented Listening Strategy
- Documented Content Strategy
- Social Media Playbook
- Social Media IT Document
- Social Media Crisis Response Grid
- Social Media Risk Assessment
- Social Media Privacy Policy
- An Accessible Archive of Past Engagement
Prepare by holding regular fire drills to practice how your institution will use the documents to resolve a social media emergency.
You should create these documents with a group of stakeholders; the marketing department, legal department, compliance, IT, and HR are good starting points.
Details on recommended documents
Employee Social Media Policy: A social media policy should cover an employee training program, training schedule, and rules of engagement. You should include Do's and Don'ts; this is mandated by the NLRB guidance. Here are some suggestions for creating your social media employee policy.
Documented Listening Strategy: At a minimum, your strategy should include listening for mentions of your brand across the most popular social media channels; Facebook, Twitter, Yelp, and Google+. Check out this post on listening to the web if you need help constructing your social media listening strategy.
Documented Content Strategy: A content strategy is the use of published materials to help solve our customer's problems and educate them about your products and services. Your documentation should include the goal of your strategy, what topics you will address, and the mediums you will use to distribute your content.
Social Media Playbook: Your playbook is where you should house the day-to-day operational instructions. It will house your social media brand guidelines, including your voice on different channels, how you respond to complaints, and your design style. You should also outline your content approval process and which metrics you will be tracking and reporting on. At Kasasa, we house our social media best practices and the results of internal experiments. It allows for continuity across personnel in addition to keeping record of our activities for compliance.
Social Media IT Document: Employees pose significant risks for social engineering. Social media is a favorite channel for hackers who are looking to exploit vulnerabilities. As such, your IT department should document how intends to manage and secure devices, audit any 3rd party tools you'll be using, and how you will train employees against the risks of social engineering.
Social Media Crisis Response Grid: A crisis is an inevitability. Your only option is to anticipate and prepare for them. A social media crisis response grid is a tool to help assess the severity of a crisis and activate an appropriate response plan.
Social Media Risk Assessment: A risk assessment is a listing of every potential threat and an evaluation of its likelihood, the impact, and if you have items in place to help mitigate the risk. If you need help, check out this guide to creating a social media risk assessment along with some other sample policies.
Social Media Privacy Policy: You have a responsibility to protect your consumers and the Social Media Privacy Policy is a way to help inform customers how to stay safe on your social media properties. It should make transparent your rules (no hate speech), recommendations (never share personal data), and how you use any digital data (remarketing). You can see an example of our two-tiered approach on our Facebook page's about section.
An Accessible Archive of Past Engagement: Most institutions use 3rd party tools to ease the burden of recording all social media engagement. However, most platforms give you an option to export your data upon request.
