Many credit unions have jumped on the social media bandwagon to reach their members and potential members alike. Social media can provide instant access and exposure to members where they are, and it’s almost always free. Although social media might be a marketing director’s dream, it’s become a compliance officer’s nightmare. Recent guidelines released from the Federal Financial Institutions Examination Council have many credit unions wondering not only how to take part in the social media scene but also how to get it right.
When looking at social media in the wake of the FFIEC guidance, released in its final form in December 2013, credit unions first have to determine what encompasses social media and with what channels they actively participate. Is social media just Facebook or Twitter? The FFIEC defines social media with a much broader scope to include any type of communication conducted online that tends to be more interactive. This broad definition can include sites such as Yelp, YouTube, Flickr, and LinkedIn. Although emails and text messages don’t count as social media, laws and regulations that apply to these channels might overlap the FFIEC’s guidance.
Once you have determined what outlets your credit union is using, you need to assess the risks these channels pose to the credit union. According to the FFIEC, these risk areas can include “compliance and legal risk, operational risk, and reputation risk.” Mitigating factors can include a well-developed social media policy that encompasses not only external communications with members but also internal expectations for employee use both as a representative of the credit union and also as a personal social media user.
Your assessment of compliance and legal risk should encompass appropriate laws and regulations that would apply to traditional communication methods for any products or services offered or conducted via a social media channel. Reputational risks arise when dissatisfied members and negative publicity create negative public opinion. The loss of a brand identity and spoof sites can also harm the credit union’s reputation. Credit unions need to assess operational risks from both an internal and external perspective. It should also assess the operational risks associated with social media and the use of information technology in its IT risk assessment.
When the credit union has completed a risk assessment of social media activities, it should continue to monitor and update the assessment as necessary. Remember, the credit union should have a risk management program that is in line with its size and complexity that includes social media. Many credit unions are using an enterprise risk management program, and social media should play a part in the overall assessment of the credit union’s risk factors.
Is the compliance headache associated with social media too much to handle for your credit union in the wake of the many other compliance tasks on your to-do list? CURx can help.