Why Financial Services Brands Aren’t Equipped for Social Media Risk and Compliance
By
Devin Redmond

No longer are financial brands and organizations able to focus solely on storefronts, email aliases and toll-free numbers for customer engagement and support. Nowadays, a brand must engage customers 24/7 in social media. However, as we have seen with the rise in social media spam, the increase in social fraud, the continuing social account hacks and the ever-increasing regulatory focus on social media, financial services’ social media programs bear the broadest set of risks and compliance challenges.

In fact, each of the specific financial services sub-verticals including retail banking, insurance, wealth management, credit cards, etc., all tend to have two to three major categories of social media programs including centralized brand programs, advisor / agent programs and social customer care programs. Unfortunately, they may only be partially equipped to handle risk and compliance for just one of their social programs.

Brand programs face regulations, but also tend to be exposed around fraudulent accounts, account hacks and social media spam. Social care programs have to worry about those same issues as well as regulated and sensitive data handling like PII and PCI on top of violations of FFIEC Regulation Z and DD or FINRA Customer Complaint Risks regulations.  Adviser and agent programs have to tackle industry regulations like FINRA, FFIEC, FTC and SEC, along with corporate standards such as using approved employee bio data, approved publishing tool workflow and keeping the agent or advisor account protected.

Here are several best practices to help financial services organizations address the broad set of risk and compliance challenges they face in social media:

  1. Define Organization Responsibilities & Policies: Establish a cross-departmental working group defining and executing on who is responsible for creating policies, enforcing them and responding to incidents across social programs.
  2. Learn Compliance Context: Social marketers, brokers or agents and IT teams are not inherently compliance experts. Therefore, they must be trained by internal and external compliance experts, so they are informed as to the context of the regulations.
  3. Protect Social Accounts: Maintain access control on social pages, profiles, and accounts by protecting passwords, restricting what tools can publish on the account and monitoring the account to detect and stop account hacks.
  4. Enforce approved tool use: Active monitoring, enforcement and reporting, which identify the right tool that was used to publish, should be in place as a key to establishing workflow, passing audits and demonstrating policy enforcement.
  5. Don’t rely on keyword detection: Less accurate keyword dictionaries and manual workflows don’t scale. Technology that understands the content and context should be used to automate detection, handling and improving retention and eDiscovery search for many compliance, legal and related content violations.

With financial services brands committing more and more resources to social media, the urgency to protect that investment grows with it each day. Without a serious plan and investment in this broader set of social risk and compliance areas, financial services organizations will struggle to efficiently, effectively and safely scale their social programs.


Devin Redmond is the CEO at Nexgate, a leading provider of social media security and compliance technology for enterprise brands.

More useful resources about compliance: