Nowadays  social media is being used by financial institutions for advertising and marketing, product research, facilitating applications for new accounts, providing incentives, inviting feedback from the public and engaging with existing and potential customers, for example by resolving customer  complaints  or providing loan pricing.

As the number of social media platforms grows, so does the presence of social media in consumers’ daily lives.

Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions like harm to consumers, compliance and legal risks, operational risks, reputation risks etc. Due to the probable impact of social media on financial institutions, Federal Financial Institutions Examination Council (FFIEC) has proposed guidance to financial institutions called “Social Media: Consumer Compliance Risk Management Guidance” vide docket no. FFIEC-2013-0001 on 17th January 2013, with the objective to ensure that all financial institutions effectively manage risk associated with social media usage and access.

In this white paper, we will look at the probable risk/impact of social media activities on financial institutions and how technology could play an effective role in managing such risk.

1.  Introduction

Organizations have started using social media platform for integrating social activities within the employee lifecycle to encourage ongoing learning, increasing market share and revenue through improved customer relationships, enabling interaction and iteration to foster collaboration and innovation.

Social media technology is turning out to be a force for businesses to reckon with a breathtaking speed considering its far reaching effects across the entire range of business activity, from product development to marketing and sales to customer support.

The change social media has created, is happening so fast and at such large scale that it is posing unique challenges and risks to financial institutions including the potential for employees involved in social media to inadvertently leak sensitive company information, criminal hackers’ ability to “re-engineer” confidential information — log-ins and passwords, for example — based on information obtained from employee posts, employee misuse of social applications while at work, damage to a brand or company reputation from negative employee or customer posts — or even from well-intentioned posts with unintended consequences, loss of customers, revenue or market share from any of the above

In order to ensure effective management of risks associated with usage of social media by financial institutions, the Federal Financial Institutions Examination Council (FFIEC) has proposed a guideline for financial institutions vide docket no. FFIEC-2013-0001 dated 17th January 2013, requiring financial institutions to have an adequate risk management program in place for identification, measurement, monitoring and control of the risks associated with social media activities.

In this white paper, we will look at the probable risk/impact of social media activities on financial institutions and how technology can be helpful in managing such risk.

2.  Social Media platforms and their usage by financial institutions

Social Media is continuing to evolve and so thus its definition. Some recent definitions and various social media platforms in usage are as under

 social media

  Top 20 Performers in social media such as Face book, Twitter and YouTube

Country Face book
1 Chase USA 3,843,994 22,395 112,020 2,621
2 Capital One USA 2,926,147 68,263 3,386,539 2,364
3 ICICI Bank India 1,874,808 7,326 766,769 1,763
4 E*TRADE Bank USA 51,614 11,845 14,898,145 1,578
5 BofA USA 843,498 121,865 1,194,317 940
6 Axis India 983,576 1,241 1,066,934 843
7 GT Bank Nigeria 1,045,292 41,171 226,005 841
8 Wells Fargo USA 495,175 36,718 4,741,294 759
9 Citi USA 675,841 29,406 1,797,126 677
10 Commonwealth Australia 359,812 18,438 1,529,065 476
11 FNB South Africa 336,669 22,202 626,026 441
12 Navy FCU USA 520,621 6,795 347,779 434
13 Bank of Nova Scotia Canada 168,625 13,592 3,926,160 421
14 NAB Australia 94,611 15,219 3,843,812 385
15 TD Canada Canada 197,609 19,134 468,896 244
16 Barclays UK 101,282 10,435 1,825,145 237
17 Ally Bank USA 79,295 11,837 1,087,401 191
18 RBC Canada 124,368 3,308 189,176 186
19 PNC USA 112,390 7,374 1,189,666 178
20 Goldman Sachs USA 24,844 38,164 435,369 167

Source: Introducing the Social Media Power 100 Rankings for Banks and Credit Unions dated 8th April 2013 in The Financial Brand. Link: http://thefinancialbrand.com/28643/social-media-power-100-banking-launch/

3.  Risks emanating from usage of Social media

The influence of social media cannot be denied as they provide a huge opportunity to financial institutions from product development to marketing and sales to customer support.

However poor due diligence, oversight or lack of control leads to risks as usage of social media to attract and interact with customers can impact a financial institution’s risk profile in number of ways such as:

Social media risks Impact area Examples
  • Compliance & Legal risk
  • Reputation risk
  • Operational risk


Data Unauthorized disclosures, Leakage of intellectual property
Technology Virus, Worms, Trojans, impact on network availability
Employee HR policy violations, social engineering/impersonation, loss of productivity
Financial institution Copyright issue, lack of situational awareness, privacy risk, loss of control over content, trademark infringement
Public Unsatisfied constituents, negative publicity, false impression/misguidance

 3.1   Compliance and Legal Risks

Failure to address possibility of infringement or non-compliance with laws, rules, regulations, polices, procedures, ethical values applicable to social media use, emanates following types of compliance and legal risks

  • Defamation or libel risk
  • Infringement of copyright laws
  • Unauthorized disclosure of confidential information
  • Intellectual property rights leakage
  • Enforcement actions and/or civil lawsuits for non-compliance with industry regulations etc

3.2   Reputational risk

Negative public opinion, privacy or transparency issues and consumer protection concerns may inflate reputation risks such as

3.2.1    Fraud and brand identity risks

Protecting the brand identity in a social media context can be challenging. Risk may arise in many ways, such as through

  1. negative comments made by other social media users,
  2. Spoofs and fraudsters,
  3. Posting unfavorable or confidential information on a public site.

A financial institution needs to consider the use of social media monitoring tools and techniques to identify and respond to the heightened risk appropriately. Further, an institution’s policies and procedures should include monitoring and procedures for timely addressing fraudulent use of the institution’s brand, such as through phishing or spoofing attacks.

3.2.2    Third-party risks

The proposed guidance states that use and monitoring of an institution’s social media site is a direct responsibility of a financial institution, even if the functions are delegated to a third party. Even if a social media site is maintained by a third party on behalf of a financial institution, a financial institution will not be free of responsibility with regard to social media compliance. As a result, the proposed guidance cautions financial institutions to consider their ability to control content on a third-party site before using a third party to conduct social media activities.

3.2.3    Privacy risks

There can be potential reaction by the public to any use of consumer information via social media. The proposed guidance requires that financial institution should have procedures in place to address risks from other social media users posting unfavorable or confidential or sensitive information (for example, account number) on a financial institution’s social media site or page.

3.2.4    Consumer complaints and inquiry risks

Financial institutions have started using social media to address customer complaints and questions but a reputation risks exist when the financial institution does not address consumer questions or complaints in a timely or appropriate manner. Reputation risk also arises when users post critical or inaccurate statements on a financial institution’s social media site or page. The proposed guidance requires that a financial institution should have monitoring procedures in place to address statements or complaints, any errors or dispute posted on social media sites to which the financial institution must respond under applicable law, such as errors under Regulation E or Regulation Z or disputes under the Fair Credit Reporting Act. Monitoring may pose a real challenge as financial institutions need to ensure that such inquiries, complaints, or comments are addressed in a timely and appropriate manner. Also financial institution needs to consider how and when to address disparaging comments made about the financial institution in the social media.

3.2.5    Employee use of social media risks

Employee’s communications can also subject the financial institution to compliance risk as well as reputation risk, for example; employee’s own personal social media accounts may be viewed by the public as reflecting the financial institution’s official policies or may otherwise reflect poorly on the financial institution, depending on the form and content of the communications. The proposed guidance requires that a financial institution should establish policies to address employee participation in social media that implicates the financial institution.

3.3   Operational risk

The proposed guidance describes operational risk as risk of loss from inadequate or failed processes, people or systems, which can arise from a financial institution’s use of information technology, including social media. Financial institutions are exposed to operational risks when they are on social media. The social media site could be hacked. The hacker could then use the social media site to distribute malware/ malicious software to customers of the financial institution. To minimize such risk, financial institutions needs to have appropriate security safeguards in place to protect systems from hackers and malware. More so, the financial institution could develop an incident-response protocol in the event of a security or data breach.

4.  Risk management expectations

The guidance provides that a financial institution must have a risk management program to identify measure, monitor and control the risks related to social media activities that is adequate in size and complexity to the level of the institution’s involvement in social media.

A good risk-management program should include a number of components such as:

social media 1

5.  Usage of Information Technology (IT) for complying with proposed social media rules

  • Monitoring Software: Helps in monitoring and tracking social media activity, software can help provide examples that illustrate for senior executives how social media can help the business. For example, on Face book, with the help of IT enabled tool for monitoring and tracking social media activity, financial institutions can find out a lot about customer’s’ life events, such as marriage anniversary, getting engaged, having children, buying a house/car, retiring and hospitalization etc. All of these major life events are opportunities to sell financial products.

Financial institutions needs to monitor the data/information posted to third party social media sites, and social media monitoring software/tool will be very helpful.

  • Due diligence tools : Automated due diligence process can be developed for managing third party vendor relationships related to social media, such as software contracts and marketing services.
  • Audit tool : By developing an automated auditing tool, financial institutions can monitoring all posts and block those violate a rule, for instance, by using the word “guarantee” or “recommend

6.  Conclusion

Financial institutions are using social media as a tool to generate new business and provide a dynamic environment to interact with consumers. As with any product channel, financial institutions must manage potential risks and consumers by ensuring that their risk management programs provide appropriate oversight and control to address the risk areas discussed within this guidance

About Author(s)

Dinesh Darak, a Chartered Accountant with certification in IFRS, has over 10 years of work experience spanning across financial and regulatory reporting, corporate banking operation & functional consultancy. Currently he is working as a functional consultant in Banking and Finance Industry Domain at M/s Tata Consultancy Services Limited. He can be reached at dinesh.darak@tcs.com.

More Under Finance

Posted Under

Category : Finance (3553)
Type : Articles (15329)
Tags : Software (90)

Leave a Reply

Your email address will not be published. Required fields are marked *