Social Media Is a Tricky Business for a Tiny Bank

For a smaller banks such as the $409 million-asset The Bank of Georgia, figuring out how to use social media safely and legally isn't easy.

But to The Bank of Georgia, which lacks the compliance and legal resources a larger institution has, having a social media presence is worth the hazards.

"There are benefits to using social media that we didn't want to give up," says Tammy Cash, a vice president of electronic banking at the Peachtree City-based institution.

The Bank of Georgia uses Facebook to carry on basic conversations with consumers about rudimentary information such as weather-related bank closings. It's interested in broadening how it uses social networks to make customer engagement less formal and take on less of the appearance of a traditional ad or marketing campaign.

Social media "gives customers another point of access to us," Cash says. "We are a community bank and that access goes hand in hand."

The use of social media as an alternative to marketing or advertising isn't just a stylistic difference. There is actually a point at which a social network communication from a bank actually crosses a line into advertising — most of the laws and regulations that govern that line aren't necessarily written for social media.

To stay compliant, The Bank of Georgia has purchased a service from ProfitStars called the Gladiator Social Media Compliance Services. This is a guide that provides customized policies based on the bank's goals and rules for communication, a risk assessment matrix and documents related to best practices and industry standards for social media communication.

"Our concerns for mitigating social media risk is keeping non public information secure and having controls at the bank … [addressing] how to use social media," Cash says.

The bank's policies govern issues such as determining when a bank representative should move a Facebook conversation to a secure channel.

"We're educating our employees on what they can and can't say," Cash says. "You can talk about the bank, but you have to be careful when talking about products."

Gladiator is based on IT and information security protocols published by the Federal Financial Institutions Examination Council, says Jackie Marshall, director of IT regulatory compliance for ProfitStars.

These protocols govern a wide range of risk management for web content, privacy and security.

"Because the FFIEC guidance provides standards for all types of tech-focused products and services, it's a natural extension to consider social media, because it's based on the use of technology by internal personnel and by the public to establish the presence of the financial institution," Marshall says.

There aren't a lot of laws or regulations that directly address social media activities by banks. FINRA, for example, has published guidance that mostly addresses how social network communications made by securities professionals meld with internet advertising and email archiving laws.

Many of the existing laws address treat the Web as an marketing channel that would also cover social media sites.

The American Bankers Association has published suggestions on social media compliance, including assessments and requirements tied to proposed activities, establishment of policies and procedures that outline the details of social media activity, controls and monitoring.

Frost Brown Todd, a Charleston, WV-based law firm that represents Fortune 500 firms and includes U.S. Bank among its clients has produced a list of ten tips that banks should consider before embarking on a social media program-including ensuring privacy in line with Gramm Leach Bliley, required advertising disclosures, rules regarding loan communications and securities laws.