Smart businesses have always recognized that they need to be where their customers expect to find them. When it was clear that social media was here to stay, many mortgage companies created a social media brand presence for their customers. These companies also realized that their retail offices
and originators needed to have their own social media points of presence to connect with their local markets. Generally, this meant that many companies viewed social media as the domain of their marketing team.
These businesses recognized, however, that with social media came risk. In that regard, this past December marked a sea change in how mortgage companies should manage their social media when the Financial Institutions Examination Council (FFIEC) released its final Social Media
Up until the FFIEC provided guidance, mortgage companies varied widely in how they approached social media. Many took the conservative stance and tried to limit it to just corporate brand messaging or, in some cases, even declared a policy prohibiting the use of social media. Some, however, resigned themselves to a
more laissez-faire philosophy, believing that the social media genie was out of the bottle and was unmanageable.
Still, neither approach really addressed the risk issue. Risk to brand and reputation was ranked as one of the chief corporate risk concerns by Aon plc in its 2013 “Global Risk Management Survey,” by Deloitte in its most recent “Exploring Strategic Risk” release and by PricewaterhouseCoopers in its release,
“Fit For the Future: Capitalising on Global Trends.” All of these studies cite social media as a key reason why brand risk has been elevated in the eyes of many companies’ executive management. Risk to reputation is only one risk that must be managed, however; risk to intellectual property and compliance also top
the list, with the latter being especially pertinent to regulated industries like the mortgage arena.
Many of the chief executive officers surveyed in the previously mentioned PricewaterhouseCoopers study stated that the No. 1 trend that will transform business in the next five years is technological advances such as the digital economy, social media, mobile computing and big data. So,
you can rest assured that the trend of businesses seeing social media as both a transformative opportunity and a risk is going to be a topic of discussion for some time to come.
That is why getting a handle on your social media governance now will help you manage corporate risk in the future. The good news? The FFIEC’s guidance is all about managing corporate risk. By developing a social media governance plan, you will be able
to comply with the FFIEC and the Consumer Financial Protection Bureau (CFPB), mitigate corporate risk, help build your brand equity, and be able to scale your social media business practices from your company’s management all the way down to its frontline employees.
The key members of the FFIEC — the Office of the Comptroller of the Currency, the Federal Reserve, the Federal Deposit Insurance Corp., the National Credit Union Administration and the CFPB — will be diligently watching social media compliance in the financial sector. The State
Liaison Committee also is encouraging state regulatory agencies to adopt the FFIEC’s guidance, and several states (such as Washington, Texas, California and Arizona) have taken the lead in regulatory oversight.
The FFIEC expects every company to implement a risk-management program to assess and manage social media risks. This program must include:
- Clear roles and responsibilities for board members and senior management to direct corporate objectives, establish controls and define an ongoing assessment of risks for using social media.
- Policies and procedures regarding the use and monitoring of social media and compliance with all applicable consumer protection laws and regulations, and incorporation of guidance as appropriate. Policies and procedures should incorporate methodologies to address risks, including
fraudulent use of a company’s brand.
- A risk-management process for selecting and managing third-party relationships.
- An employee-training program that incorporates the policies and procedures regarding work-related use of social media and, potentially, for other uses of social media, as well.
- An oversight process for monitoring social media sites.
- Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws and regulations, and incorporation of guidance as appropriate.
- Parameters for evaluating the achievement of the objectivesset out by a company’s board of directors and senior management.
If you believe that your organization has these compliance criteria under control, you may need to reconsider. In a recent social media study of the mortgage industry, less than 20 percent of the social media sites of top mortgage lenders were compliant to even the most basic requirements.
Your governance plan
There are two main aspects of social media governance: social content governance and social presence governance. Until recently, many companies’ focus on social media had been on their content exclusively, so governance has largely focused on content, as well. The primary governance tool to date has been a corporation’s social media
policy, which covers how employees may or may not interact with people on social media and what they are able to say.
Now is a good time to update this policy as part of your guidance review. You also may have social media publishing tools to help your company and its originators select pre-approved content from a library and implement an archiving system to record your organization’s content stream. All of this is
part of good social media governance.
What many companies have been missing, however — and is now required — is governance of their social media presence. A solid governance plan now must include social presence governance to manage corporate risks and allow a company to scale its social
What is a presence and why should it be managed? Points of presence are the websites and social sites of a company and its employees that need to be inventoried in order to be monitored. It is critical to know where your brand and services are represented
on the Web before you can monitor them for compliance. By knowing your full inventory, you’ll be able to manage corporate risks, maintain compliance, strengthen brand equity and measure your social footprint. After all, you can’t measure what you don’t know.
To create your own social media governance plan, you’ll need to engage the stakeholders across your company to ensure that all risk aspects have been considered. This may include your chief compliance officer, general counsel, chief risk officer, chief market-
ing officer, chief information officer, president and the assigned board member in charge of social media.
A good governance plan includes a continual brand-presence management process across the Web and on social channels. Facebook, LinkedIn and Twitter are typically the most popular social media among mortgage companies and their employees, so priority should be given to those social
There are many other points of presence, however, including Instagram and Pinterest, so a thorough Web and social network audit is important. Regardless, four processes are necessary to ensure sound social presence governance so that you know you have
an accurate and compliant social footprint.
Discovery is the process of scouring the Web to find all of the pages and social sites that claim to be representing your brand. Be on the lookout for a strong relationship claim made in a site’s profile data, URL address or general identity. Customers who have
recently commented via blogs or social media that they have a new mortgage with your company are not sites that are representing themselves as your company, but originators who list your company name and logo in their profile are representing your organization.
The discovery process should also uncover any fraudulent site or brand infringements. Of course, these should be immediately sent to your legal department.
Once you’ve located every pertinent piece of online content, place each page and site in an inventory to be organized by category, discipline, concerns and requirements. The inventory should be a working document that all company stakeholders can access. Whether you use
spreadsheets, Sharepoint folders or a software-as-a-service (SaaS) brand-presence manager is up to you, but you should consider how the different stakeholders will access and record workflow in order to set up your inventory and documentation program.
Useful categories may include: corporate- owned (i.e., your company-branded points of presence); employees; VIPs (i.e., your CEO and other company thought leaders tweeting under their own names); partners; and advocates. If certain customers often talk about your company and begin to
associate themselves strongly with it over time, you may want to keep them in an inventory as advocates.
Once you have everything inventoried and categorized, you can then monitor these points of presence. The first order of governance is monitoring for corporate risks, including regulatory compliance, corporate policy compliance, profile changes for security and general health of the site.
You also may monitor for brand standards, social footprint growth and other objectives of your social media strategy. This helps you strengthen your brand on the Web so that customers are assured of a consistent experience. A consistent brand experience builds brand equity.
Finally, create a schedule to patrol the Web for new points of presence that appear to represent your brand. Your executive team should create a schedule that meets its risk-mitigation plan, and you should adhere to it.
The goal is to find anything new that appears to represent your brand. If a point of presence is in fact yours, it needs to be placed in your inventory and monitored. If it is not yours but looks like your company, it should be sent to your company’s legal group.
This may be tedious but it’s important. A point of presence can be created by anyone on any social network within a matter of minutes, so a frequent schedule to patrol the Web is critical to mitigating risk to your brand.
• • •
Social media is a powerful marketing, branding and relationship channel. To some, the FFIEC’s guidance may feel burdensome, but adhering to a solid social media governance plan is the first step to growing a strong social business. With its ground rules now in place, the mortgage
industry is primed to have significant growth in social media practices, and this will be growth with managed risks.
Now is the time to lay the foundation for managing your brand and protecting your enterprise with a social media governance plan. You will be ready to expand the reach of your employees and your brand, giving your customers the positive experience that they expect while also
minimizing the risk to your business. If and when the CFPB comes knocking, you’ll be ready.