Social Media Risk Assessments for Banks and Credit Unions

When IndyMac and Washington Mutual failed in 2008, it took weeks of negative reporting before customers pulled their deposits. By comparison, SVB’s customers withdrew $42 billion within 24 hours following a flurry of social media posts about the bank’s inability to meet its obligations to depositors.

The social media-fueled run at SVB has bank boards rethinking the type and degree of risk these platforms pose.

Many experts in risk management now recognize that no financial institution, including community banks and credit unions, is safe from a run. If you allow online access to accounts, consumers can easily withdraw their money from your institution with a few keystrokes.

Your consumers may respond quickly to a rumor spread on Facebook or Twitter – whether or not this rumor has any basis in fact. The evolution of social media risk for community banks and credit unions, from compliance and reputational risk to liquidity risk, presents a new set of challenges for financial institutions.

Previously social media risk for financial institutions meant managing reputational and compliance risk: ensuring that one of your employees didn’t share private information about one of your consumers and that your advertising on these platforms complied with FHA, TILA, and UDAAP guidance.

But a seismic shift has occurred. Social media now poses operational, strategic, and existential risks to financial institutions. As we saw with SVB, social media posts can bring down an entire financial institution.

And the spillover effects can be enormous: if social media posts claim that a nearby bank or credit union is struggling, how can you minimize the impact this will have on your consumers? Will they suddenly begin to doubt the stability of your institution? 

Social media risk assessments for banks and credit unions are now more important than ever.

Related: Expert Q&A: How to Build a Risk Assessment

FFIEC Social Media Guidance for Community Banks and Credit Unions

When the Federal Financial Institutions Examination Council (FFIEC) released its Social Media Guidance nearly a decade ago, its member Agencies (the OCC, Federal Reserve, FDIC, NCUA, and CFPB) intended to assist financial institutions in addressing and managing compliance and legal risks, as well as the reputational and operational risks, associated with the use of social media.

For instance, ECOA prohibits any lender from making comments or statements in their marketing strategy that might deter certain basis groups from applying for credit, loans, or other financial products.

Since social media algorithms both explicitly and implicitly collect data about their users, such as their race, gender, ethnicity, etc., financial institutions must ensure that any communications or ads on these platforms comply with applicable fair lending laws.

The FFEIC’s Social Media Guidance also states that all social media communications must comply with federal, state, and local regulations concerning TILA, FHA, and UDAAP.

Some community banks and credit unions avoid advertising on social media to avoid legal and compliance issues. However, this avoidance strategy may undermine their marketing efforts and bottom line.

To attract a growing number of Millennial and Gen-Z banking consumers, banks and credit unions can leverage social media to their benefit. Financial institutions simply need to identify the risks associated with social media as part of their overall risk management strategy.

At the same time, the FFEIC Social Media Guidance clarifies that even financial institutions that choose not to advertise on social media still need to monitor platforms for negative comments and complaints.

In other words, your bank or credit union must conduct social media risk assessments even if you don’t actively use these platforms to advertise or communicate with potential or existing consumers.

Related: 5 Strategies for Any Financial Institution's Social Media Success

Educating Your Employees on How to Use Social Media

FFEIC Social Media Guidance also points out that financial institutions need to educate their employees on the proper uses of social media for both the FI and their personal accounts.

According to the guidance, financial institutions’ social media risk management programs should include “an employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities.”

Compliance with social media involves numerous aspects, including protecting sensitive information and ensuring accuracy in posts. If one of your employees shares controversial content on their social media accounts, it can damage your bank or credit union.

If they share a post of a friend applying for a mortgage or other consumer loan at your FI, this could introduce potential compliance and privacy issues from a legal and regulatory standpoint.

Related: Risk Management Master: Q&A with Ncontracts’ Mitch Klein

Reputational Risk

Social media risk assessments for banks aren’t just about legal and regulatory compliance. Your community bank or credit union needs to monitor negative comments on platforms, as these can quickly impact your institution’s reputation and standing.

If your financial institution serves a local community, one negative customer experience shared on Facebook can spread like wildfire. Managing your institution’s reputation poses unique challenges in our digital age. From damaging comments by your consumers to social bots that defame your FI by making malicious statements, you need social media risk assessments to protect your institution’s reputation.

The FFEIC’s Social Media Guidance points out that consumer complaints, typically viewed as a reputational risk, can also introduce compliance risk. “Compliance risk can arise when a customer uses social media to communicate issues or concerns directly with the financial institution, such as an error dispute under Regulation E, a billing error under Regulation Z, or a direct dispute about information furnished to a consumer reporting agency under FCRA.”

From Reputational and Compliance Risk to Existential Risk

In 2013, the FFEIC understood the risks of social media as they related to compliance and reputation. After the collapse of SVB, the entire calculus of the risks posed by social media changed overnight.

Many bank boards have been working feverishly to update their social media risk-management practices.

As Sumeet Chabria, the founder of an advisory firm that works with banks, explained in a recent article, the fall of SVB has been a “wake-up call for smaller lenders” to understand and mitigate the risks posed by social media.

As a community bank or credit union, you might be wondering what you can do to avoid the fate of SVB. While it’s unlikely that you’ll experience the same attention as a larger financial institution, you also likely have less room for error.

Do you have a plan if one malicious social bot spreads a rumor on Facebook about your institution’s solvency?

Social media risk management must be a part of your overall risk management strategy and governance. Below are some steps you can take to ensure that your FI doesn’t experience a run on deposits.

1. Actively Monitor Your Social Media Platforms – Your risk managers require the resources to monitor your social media presence. Possessing an overall risk management solution with a dedicated social media risk assessment template helps your team of risk managers assess and address potential threats. 
2. Proactively Address Complaints Against Your Institution – You must address any complaints made against your institution on social media promptly and thoughtfully. You can nip any complaints in the bud once you include social media risk management in your strategy. Preventing one poor review from spreading across social media enables you to contain a problem and shows other users that you care about your consumers. 
3. Identify Large Depositors and Ensure Them of Your Stability – All of your consumers need assurance regarding a false rumor spread about your bank or credit union across social. Still, you want to pay particular attention to large depositors. For instance, if a malicious social bot attacks your institution, time is of the essence. Promptly addressing the concerns of any large depositors first can go a long way in preventing a liquidity crisis at your financial institution. 
4. Consistently Evaluate Your Third-Party Vendors – Many smaller community banks and credit unions do not have the headcount and resources to manage their social media accounts effectively. If you outsource this activity to a third-party vendor, you must ensure they can quickly respond to any customer complaints or rumors that spread on these platforms.

Nrisk Delivers a Social Media Risk Assessment Template

As the best enterprise risk management solution, Nrisk offers a social media risk assessment template to help your financial institution develop a streamlined and efficient process for responding to customer complaints and preventing the spread of malicious rumors across your social media channels.

Don’t jeopardize your institution’s solvency. Discover the enterprise risk management solution that empowers your financial institution to measure and manage risk.