Financial Roundtable Issues Useful Advice for Banks on Coping with Social Media Risk

Even a couple of years after social networking sites became mainstream, banks are still trying to figure out the best ways to use the sites for marketing, service and recruitment. And more importantly, how to manage the risk and compliance issues connected to sites such as LinkedIn, Twitter and Facebook.

BITS, the tech arm of the Financial Services Roundtable, this week issued a white paper attempting to provide an assessment of the various risks, as well as some mitigation strategies.

The new white paper, a PDF download on the BITS landing page (http://www.bits.org), offers recommendations on how to communicate with consumers and employees. There’s a particular focus on making customers aware of the fact that privacy rules of social networking sites don’t match that of most banks, and to suggest that banks take steps to carefully vet the data aggregation that will result when or if the various social media sites merge in the future.

"Social media is evolving but is here to stay," says Susan Rivers, a vp at BNY Mellon and a member of BITS. "That poses some challenge for financial institutions. We’re in a defined regulatory environment and have things we can and cannot say. Social media is permanent and the ramifications of what you do on social media sites are great."

The white paper also suggests integrating social media governance policy with existing rules governing email use, ecommerce, AML, Sarbanes-Oxley, securities law, solicitation and distribution rules, and other policies. BITS says policies should state when these other policies apply to specific social media use cases, and policies should be clear on the consequences of policy violations.  

Other sections cover how labor regulations are impacted by social media use and programs, the FINRA regulations and archiving and information retention.

While social media risk affects banks differently, based on size and customer base, there are some universal concerns, particularly around security and compliance.

For example, data can be exposed much more readily as consumers and bank staff engage in conversations on social networks.  

"Information security is number one, protecting the confidential information that clients trust us with," says Rivers.

Social engineering, in which assailants get institutional staffers or consumers to share personal information through messages on social networking sites, can be a particular risk because of the more conversational/real time nature of sites such as Twitter and Facebook.

"Someone may try to trick someone into breaking down the protective firewall at a bank," Rivers says.