Pub 2 2013 Issue 7

September 2013 25 l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s Using Tablets in the Cloud By Nathan Dahlstromof CoNetrix T he Federal Financial Institutions Exam- ination Council (FFIEC) recently released proposed guidance on social media. The proposed guidance, titled Social Media: Consumer Compliance Risk Manage- ment Guidance, doesn’t express any new obligations for banks, but instead is intended to help financial institutions understand the risks associated with social media and risk management expecta- tions. The key stages of managing the overall risk of social media presented in the proposed guidance are suspiciously similar to the risk manage- ment of other information systems. Basically, it suggests integrating knowledge from multiple departments by consulting with on-staff technology, legal, and marketing experts to: 1. Identify the landscape and measure risks and benefits in volved with engaging your bank in social media. 2. Determine necessary controls that should be effective in reducing risk. 3. Monitor your social media environment. 4. Test your controls on a regular basis. 5. Report all of this data to senior management to prove the effectiveness of your program. Most community banks limit their social media activity to basic communication. If this describes you, your social media risk manage- ment plan should be quite manageable. If your bank has chosen not to participate in social media, you may find it surprising to know you still need a risk management plan. The proposed guidance addresses a separate topic that applies to all banks, regardless of your social media interaction choice: Reputational Risk. Once you have determined how your bank will engage in social media, your focus should be on monitoring and managing your bank’s online accounts. Your proactivity is the best formula for reducing reputational risk. Reputational risk is the risk arising from negative public opinion. As we all know, public opinion can change on a dime. Your reputation has a substantial hold on the type and size of your customer base. While a social media presence boasts reputational benefits, such as humanization of the bank and brand name recognition; it also involves reputational risks. While you strive to protect that intangible asset of brand name and company value, your social media presence could be a wide-open vulnerability. The way your bank uses social media is very important. Everything done online matters because everything done online is permanent. To make the best online impression and minimize reputational risk, there are a few rules you can follow. Be Relevant Think about your social media target audience. A special focus should be made on being relevant. Sometimes over caution and lack of under- stand- ing can lead to a boring social media pres- ence. Consider livening it up with YouTube videos or charity events. Don’t go overboard with excessive updates and thoughtless posts. One or two a day should be fine. The best way to achieve relevance through social media is to be transparent and honest. Customers and prospects will appreciate when you listen to them intelligently and respond truthfully, answering their questions directly. Be Responsive You may take the weekend off, but customers don’t. Be sure to have someone available to monitor your social media pages almost constantly. It’s important to promptly respond to comments, questions, and connection requests. Make sure there is a checks and balances system in place for every post and comment made by the bank. Everyone makes mistakes, but it’s best to keep those permanent mistakes to a minimum. If you can’t handle the focus required for responsiveness, it may be time to consider reducing your social media interaction to a manageable level. Be Ready In a single instant, your reputation could be damaged. Someone could tag your bank in an inappropriate photo. Someone could create a profile similar to yours, impersonate your bank, and smear your brand identity. The personal lives of your employees can bleed over, associating the bank with poor choices and unprofessionalism. Events like these can even harm banks that choose not to participate in social media. You can’t control the outside world, no matter what your pol- icies say. So keep a tight hold over the things you can control. Make, and enforce, a strong policy about permissible use of the bank’s social media accounts. Include what kind of behavior warrants an employee being disassociated with the bank. Train your staff. Be familiar with your third party’s system logic and limitations, and don’t be afraid to use system settings to your benefit. Just remember, when it comes to social media, there is always someone watching you. Monitor, monitor, monitor. For more information on the proposed guidance, visit http://www.ffiec.gov/ press/pr012213.htm. Leticia Saiid is a tandem Software Support Specialist for CoNetrix. CoNetrix is a provider of information security consulting, IT/GLBA audits and security testing, and tandem – a security and compliance software suite designed to help financial institutions create and maintain their Information Security Program. Visit our website at www.conetrix.com . Reputation Risk: A Look at Social media By Leticia Saiid, Security+ CoNetrix