Years after social networking sites became mainstream, banks are still trying to figure out the best ways to use them – and in particular, how to manage the risk and compliance issues connected to sites such as LinkedIn, Twitter and Facebook.
BITS, the tech arm of the Financial Services Roundtable, this week issued a white paper attempting to provide an assessment of the various risks, as well as some mitigation strategies.
BITS placed a particular focus on making customers aware of the fact that privacy rules of social networking sites don’t match those of most banks. It suggested that banks take steps to carefully vet the data aggregation that will take place if social media sites eventually merge.
"Social media is evolving but is here to stay," says Susan Rivers, a vice president at BNY Mellon and a member of BITS. "That poses some challenge for financial institutions. We're in a defined regulatory environment and have things we can and cannot say. Social media is permanent and the ramifications of what you do on social media sites are great."
The paper also suggests integrating social media governance policy with existing rules governing email use, ecommerce, AML, Sarbanes-Oxley, securities law, solicitation and distribution rules, and other policies. BITS says policies should state when these other rules apply to specific social media use cases, and policies should be clear on the consequences of violations.
Other sections cover how labor regulations are impacted by social media use and programs, the FINRA regulations and archiving and information retention.
While social media risk affects banks differently, based on size and customer base, there are some universal concerns, particularly around security and compliance.
For example, data can be exposed much more readily as consumers and bank staff engage in conversations on social networks.
"Information security is No. 1, protecting the confidential information that clients trust us with," says Rivers.
Social engineering, in which assailants get institutional staffers or consumers to share personal information through messages on social networking sites, is a particular risk because of the more conversational/real-time nature of sites such as Twitter and Facebook.
"Someone may try to trick someone into breaking down the protective firewall at a bank," Rivers says.
