Social networking in financial services has both good and bad connotations. The “good” is the engagement and collaboration that financial institutions can achieve with social networking -- both internally with their workers and externally with their clients. The “bad” is the potential for risk, specifically reputation risk, which can occur on the Web and in the blogosphere.
As social networking continues to make inroads with people of all ages and backgrounds, it’s important for financial institutions in particular to make sure their employees adhere to rules of conduct, both in the workplace and at home, where their online communications may also have an impact on the reputation and regulatory compliance of the company.
This last aspect is particularly important, as institutions within financial services -- i.e., banks, capital markets firms, and insurers -- are all highly regulated. It is therefore vital to these firms that all employee communications stay within regulatory guidelines, particularly during times such as these when it’s important to maintain both the regulators' and the public’s trust.
What’s the best way to ensure compliance and reduce risk? The answer is more than likely sitting right now in someone’s desk drawer or bookcase. It’s the institution’s existing policies and procedures document covering employee behavior. While it’s likely most companies already have a section that applies directly to online activity, it’s worth checking that the document also includes the following:
- Up-to-date information. Financial institutions should check the last time policy documents have been updated in order to ensure they cover current risks, behaviors, and regulations -- particularly on the interaction between employees and customers. The institution’s compliance officer should also be involved to validate that both internal polices and relevant external regulations are covered.
- Policies that reflect the culture of the company. With email, chat, and now social networks, there are a variety of ways employees interact with each other and customers. Therefore, beyond the required regulatory constraints, financial institutions should consider and define what is appropriate for their firm. There are many legitimate business reasons to use social-networking tools, from marketing to customer service. Understanding the risks (unauthorized transfer of data and information, unauthorized opinions which may be construed as the opinions of the financial institution rather than the employee, access to sites considered unacceptable to the institution, etc.) and spelling out clearly the behaviors and responsibilities financial institutions expect of their employees is key.
- A communication and follow-up plan. These policy documents are only effective if employees know they exist and know what is expected. That takes continual and consistent communication, which, in an environment of layoffs and job changes, cannot be taken for granted. Training and tracking must be ongoing.
Finally, while policies should be comprehensive, they should not be based on specific technologies (e.g., the Internet policy, the IM policy, the email policy, etc.). These technologies can and do change rapidly, and the best policies are those that speak to the “what” that is expected from employees, rather than the “how." In this way, financial institutions convey a consistent message and lessen the need to continually change policies based on the next new technology. Where technology can play a role, however, is in the communication of policies (e.g., online training) and in enforcing behavior (e.g., limiting access to certain URLs).
Concern and expectations around employee conduct and regulatory compliance is just one more in a long line of risks that financial institutions need to manage. No doubt many institutions will continue to ban all access and participation with social-networking sites altogether.
More forward-thinking institutions, however, will look for ways to utilize social networking to increase value and satisfaction to their customers and employees. The key for these institutions will be finding the right mix and balance of policies and procedures to make this value a reality.
— David Potterton is Vice President of Research for the Global Banking, Insurance, Capital Markets, and Risk Management practices at Financial Insights, an IDC company.