Information Technology Responsibility for Social Media

Blair_headshotGuest Contributor: Blair Rugh, Chief Compliance Officer, Temenos

Social media and other forms of electronic communication are becoming the principal advertising and marketing tools of many financial institutions. First, they are inexpensive. Second, they can be targeted as narrowly or broadly as the bank wishes. Finally, the readership percentage is pretty high compared to print advertising. Almost every bank has a website. Because bankers like to be liked, many banks have a Facebook page. Some also use Twitter to get their marketing messages out. While advertising and marketing are generally the responsibility of the institution’s advertising department, the information technology department has responsibilities as well.

First, who has the authority to make changes to the bankʼs website or to post information on the bankʼs Facebook page or send a tweet? We strongly recommend that each bank should have a procedure, whereby regardless of who initiates the communication, it should be approved first by the bankʼs advertising department, then by the bankʼs compliance officer and then it should be executed by the information technology department. We recommend that there be signed check-offs at each stage of the process.

Second, because whatever the bank publishes is advertising, there are record retention requirements. It should be the responsibility of the IT department to make and retain screen shots of each page of a bankʼs website and whenever a change is made to it, a screenshot of the change noted with the date the change was made. Likewise, there should be a screenshot of anything posted on the bankʼs website along with the date it was posted and the same for any tweet. Most bankʼs do not use mass emails for marketing, but if your bank does, a copy of each email together with the date and list of recipients must be retained. The retention period for all advertising is two years.

By allowing only the IT department to post or change information, it has a record of everything that was done and everything that must be retained.

The final problem is the bankʼs employees, particularly those pesky loan officers. If any employee of the bank is using social media to advertise, his or her services or bank products, that is likewise advertising for the bank. It falls under all of the advertising rules as well as the record retention requirements. If bank employees are using social media, again there should be a procedure for the approval of what they are posting.
Also, someone needs to check periodically to make sure that they are following the rules. The IT department should have a list of all employees that have a Facebook page, and they should periodically check to see that nothing is being posted that is inappropriate and that records are being maintained of anything that applies to the bank. Likewise, if employees are sending tweets those need to be reviewed and retained. The best way to accomplish all of this is to make the IT department the pointy end of the funnel through which everything must pass.

 

Learn more from Temenos at SMAC New York, FTF’s annual social media and compliance conference on September 18th. Temenos will be joining a panel on the social media platforms and related technologies that are on the horizon, new regulations that may be on the way, and the major trends for the next year.

This entry was posted in Compliance, Guest Blog, Social Media and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s