Monday, February 20, 2012

Thoughts on Using Social Media for Your Bank

By now, you are either actively involved in social media for your bank, or seriously considering it. Key social media channels today include your web site, Facebook, Twitter, and blogs. Following are three ideas to help you leverage social media, while protecting your bank from both a compliance and reputation risk perspective.

First, you have to be “all in.” Commit to the required ongoing effort to maintain timely and accurate postings across all of your media channels. Having a Twitter account, Facebook page, or web site that is only infrequently updated is as bad as a stale billboard. Doing so requires two main efforts – identifying and supporting a point person (I prefer “social media manager”) to manage the technology, and ensuring a steady flow of information from your various departments and locations that allow this individual to make frequently, pertinent posts via social media sites.

Second, address the matter of managing feedback that you receive. Unlike virtually all other forms of advertising, social media allows, even encourages, feedback. Your social media manager must have the skills, and a support group, to segregate responses into three categories. First, there are those responses that we like because they are positive toward the bank and its activities. Second, there are those that require discernment in handling . . . while the post may be negative, is it objective enough that we should deal with it from a customer relations standpoint? Some of the posts you receive may contain a specific complaint. If you can, without divulging personal data, publicly address and resolve the issue, this becomes a great opportunity to demonstrate your focus on customer service.

Finally, there will be posts that must be immediately removed, because they are obscene, offensive, or otherwise inappropriate. Examples of inappropriate posts may also include those where customers (in spite of your admonitions to the contrary) may reveal account information. Ensure that our social media manager is monitoring ALL activity, on a timely basis, by receiving email or text updates when posts are made to your sites.

As an executive, be sure that you are at least basically familiar with current and future social media channels, so that you can provide guidance and insight to your organization in these areas.

Thursday, February 2, 2012

Payment Processor Risks

Payment Processor Risks

On January 31, 2012, the FDIC issued FIL-3-2012 addressing the risks of providing services to third party payment processors. The document is available here

In general, the FDIC is concerned that banks may not be properly monitoring the activities of its customers who provide third-party payment services, in part because many of the third-party processor's customers may not be direct customers of the bank. Examples are varied, but include debt collection, on-line magazine subscriptions, and on-line gambling services. Included in the document are guidelines for creating a risk management document and a risk assessment relative to your relationships with such third-party processors. I will not restate those guidelines here, but instead offer the following key points:

  1. It is hard to overstate the importance of knowing your customer and their activities.

  2. Companies that aggressively pursue an account relationship with you, including those offering to keep large balances, or acquire an ownership stake in your institution, require additional scrutiny.

  3. This is another FDIC issuance that raises the spectre of your bank being charged under Section 5 of the Federal Trade Commission Act “Unfair and Deceptive Acts or Practices” if you are seen as contributing to such behavior on the part of your customer.

  4. As with any relationship whereby you allow customers to originate payments, constant oversight: establishing and monitoring daily limits, both dollar and transaction volume wise, monitoring and addressing high return rates on debit items, and “smell testing” (do these feel like legitimate business practices?) are all appropriate.

  5. As always, you should document your risk assessment, risk management practices, and your monitoring and oversight of customer activity.

If you in fact have such relationships now, they should be reviewed promptly in light of the new guidance. Any new business opportunities should be carefully evaluated along these same guidelines.  As always, let me know if I can assist you in any way.