Tuesday, April 28, 2009

Social Media Lowers Stress Over Stress Tests

On May 4, 2009, the government will publicly release a portion (very little portion) of the results of the stress tests conducted by regulators at the 19 largest U.S. banks. The 19 banks have already received the results and will have the opportunity to respond to the findings of the tests on May 4th.

According to Congressional testimony by Treasury Secretary Timothy Geithner,
"one of the major components of the Administration's Financial Stability Plan (FSP) is the Capital Assistance Program (CAP). The CAP is designed to ensure that individual banks have sufficient capital even in adverse circumstances. This strategy begins with the idea that in order to ensure our largest banks have adequate capital to weather a more severe economic scenario and continue to lend, we must first accurately diagnose their problems. Federal banking agencies will soon complete a forward looking assessment or "stress test" for the 19 largest banks. The stress tests will determine the capital needs of these banks by estimating losses that they might face if economic conditions were to deteriorate more than expected over the next two years, as well as the appropriate level for loss loan reserves at the end of the period. The analysis will take into account the likely path of earnings for individual banks over the same period. By focusing on individual banks, this approach allows the analysis to take into account the unique exposures that individual banks face as well their individual prospects for generating earnings."
While many believe that all 19 banks will "pass" the tests, there is still likely to be some adversity and the government will, regardless of the outcome, likely ask some or all of the 19 banks to beef up their capital levels.

The release of information will prompt the media and consumers to elevate discussion of the capital adequacy of ALL banks. As this occurs, more and more chat will take place relative to non-stress test banks and their capital adequacy. As such, it will be critical and a perfect opportunity for all banks to monitor conversations occurring on the Internet that specifically involve them as well as general consumer concerns regarding banks. We saw this happen in mid-2008, after the crash of IndyMac Bank. This is likely to spark a second round.

On April 10th I posted Banking Regulators Should Make Use of Social Media Mandatory. In this post I focused on the importance of utilizing social media for risk management purposes - particularly reputation risk. Now is the time for bankers to create a plan that listens in on conversations specific to their bank as well as concerns overall. Bankers should assign a "community manager" to track activity. Additionally, this person should either act as the mouthpiece for the organization or run "traffic" by making sure that the right people respond to the issues in a prompt and honest manner.

In 2008, federal regulators and banking associations encouraged banks to create a crisis response program. This was part of the industry's effort to calm consumer fears regarding bank failures. While the requirements did not specify the use of social media, the use of social media as part of a crisis management/risk management program can assist in keeping adverse effects to a minimum and will allow banks to turn around a generally negative environment by being received as informed, honest and transparent. When using social media as a corporate communication channel banks must be aware of the nuances and expectations of consumers. This information can be obtained from my Community Banker's Guide to Social Network Marketing,which is a free download at http://www.tinyurl.com/cbgsnm. In addition, bankers should be aware of any other regulatory disclosure requirements to the extent that those are applicable (e.g., SEC rules, consumer disclosure rules, etc.).

Forewarned is forearmed.

Monday, April 20, 2009

Bank Lawyer's Social Media Checklist

On April 17th, I published Social Media and Bank Compliance Requirements, where I provided, thanks to the ABA Banking Journal, a list of regulatory compliance-related items that should be considered by banks that are thinking of or have already implemented some form of social media within their organization.

In this post I leverage (and paraphrase) off of the work of Richard Best as contained in NZLawyer article titled, "Social media and legal code: A checklist of issues."

Mr. Best highlighted four distinct areas that require legal consideration:

  • Upfront governance and assessment;
  • Site design and set-up;
  • Content creation, moderation, and use; and,
  • Content distribution.

Upfront Governance and Assessment

Questions that should be addressed :

  1. Does the bank have a clear objective/rationale for creating a online presence with social media capability?
  2. Has management and the board considered the business case for the development of a social media component? Is the presentation and board decision clearly documented in the board minutes?
  3. Has bank management formed a steering committee with an appropriate mix of skills been set up to oversee the development and implementation of the site’s planning, policies, and procedures? At a minimum, members of this team should have a background in the nuances related to social media and Web 2.0.
  4. Has a review and approval process been developed relative to the process? Who has the final say? Executive management? Board of Directors?
  5. Has the bank developed the appropriate policies and procedures that address issues such as site usage policy, staff contribution guidelines, employee training (e.g., who is authorized) and ongoing assessment ?
  6. Has the bank revised its record retention policy and procedures to ensure that electronic records created comply with applicable disclosure and security requirements?

Site Design and Set-Up

Questions that should be addressed :

  1. Has the bank chosen and researched the availablity of the Web site name and domain name name?
  2. Has the bank's Compliance or other Department completed a comprehensive risk assessment and have the results of the risk assessment been presented to executive management and the board of directors?
  3. Has the bank determined whether the site be designed in-house or outsourced? If outsourced, has the bank completed an appropriate vendor assessment according to the bank's vendor management policy?

Content Creation, Moderation, and Use

Questions that should be addressed:

  1. Has the bank's legal department developed a terms of use policy that complies with applicable laws, rules and regulations. Refer to Social Media, Banking and the Communications Decency Act post. Considerations should include:
  • Registration obligations;
  • Copyright and licensing disclosures;
  • Warranties on the part of site users contributing third-party copyright content that they have the right to use such material;
  • Indemnification of the bank against loss;
  • Ownership or licensing of users’ contributions;
  • Unacceptable use and the bank’s right to remove offending material;
  • Cooperation with authorities in the event that material breaching other parties’ rights, or that is otherwise unlawful, is posted to the site;
  • Moderation and banning of abusive commentators;
  • Disclaimers of liability (to the extent appropriate), and
  • Right to amend the terms of use.

Content Distribution

Questions that should be addressed:

  1. If the bank will be resyndicating content from other sites on the bank’s site (e.g., through RSS feeds available on other sites), the bank should ensure that the bank is licensed to resyndicate that content.

Mr. Best does a great job of noting key issues that must be considered. While this list is not exhaustive, consideration of each point noted here will go a very long way in protecting the bank from a legal perspective.

I recommend that bankers download a copy of my Community Banker's Guide to Social Network Marketing to educate management and the board on what it takes to develop and implement a sound social media strategy. The Guide can be downloaded at http://www.tinyurl.com/cbgsnm. Before a bank can reasonably approve such a measure, decision makers must be knowledgable. The Guide goes a long way in providing an education on social media and social networks.

Friday, April 17, 2009

Social Media and Bank Compliance Requirements

The advantages of social media include the ability to better connect with customers, build the organization's reputation as being customer-focused and responsive, and set the organization apart from the competition. Many organizations have introduced social media components to their existing marketing strategy and more will follow in the near future as social media has surpassed everyone's expectations in terms of breadth of penetration and frequency.


Unfortunately, in their rush to implement such a strategy, some organizations may overlook the obvious...COMPLIANCE.

To assist bankers in ensuring ongoing regulatory compliance, the ABA Banking Journal released the following six social media compliance tips:
  1. Conduct a social media risk assessment. Organizations should specifically identify the compliance requirements that apply to the proposed activity and evaluate the compliance risks associated with those requirements. Risks can originate from the statutory liability and regulatory penalties that are specified by law, or from reputational damage that could result from publicity of noncompliance (see the post on reputational risk as well as post on conducting social media risk assessments).
  2. Establish policies and procedures. Organizations should establish written policies and procedures for the activity that clearly outline the details of offering and ongoing servicing. Every facet of the activity, from beginning to end, should be covered (see information on social media policies here.).
  3. Establish controls to help address the risk identified in the compliance risk assessment. Controls may include a pre-publication review by compliance staff, assigning specific responsibility for specific functions associated with the activity, dual control, second review, and detailed checklists. One of the best controls is to include the compliance staff early in the planning process of the activity. The compliance staff can help build the process correctly from the beginning, rather than have to step in later to fix a compliance mess.
  4. Set up a monitoring process. Establish an ongoing monitoring process to identify and correct errors before the examiners or the customers do.
  5. Report to management. Management should be kept informed of compliance exceptions found through monitoring as well as regulatory developments affecting the activity.
  6. Vendor management. Even if there are third party vendors involved in the activity, the bank should still follow its compliance management process. Risk assessment, policies and procedures, controls, ongoing monitoring, and management reporting are still applicable and just as important, because the bank is ultimately responsible.
Following these six tips should ensure that organizations remain compliant from beginning to end. Social media communications are no different from print, radio and television. As such, compliance officers need to ensure that they are in at the very beginning when talk of a social media strategy begins to emerge. Too often the Compliance Department is brought in after all the decisions are made and the money is spent. Getting a seat at the table where new initiatives are discussed will go a long way in preventing compliance related fiascos.

Thursday, April 16, 2009

Why Twitter Makes Bank Customer Service Better

By now most everyone has heard the word Twitter. In fact, if some one walked up to me and told me they had not heard the name I would call them a liar...to their face! Knowing the name and knowing what the name means, however, is an entirely different matter.

According to the Twitter Web site, Twitter is a privately funded startup with offices in San Francisco, CA. Twitter started as a side project in March of 2006 and has grown into a real-time short messaging service that works over multiple networks and devices.

Twitter is a tool that allows users to send short messages of no more than 140 characters to people that have signed on as "followers." A user signs up for a Twitter account and then asks others to become followers. Followers also may find a user without being specifically asked to follow. Once a user has a following, that user can send out short messages to broadcast anything and everything...so long as its no longer than 140 characters long! Messages can include anything from personal thoughts to Web sites.



What Good Are 140 Character-Long Messages

Most bankers' first response to Twitter is "so what!" Why should I, as a banker, care about Twitter? What is all the fuss about?

According to Matt Dickman, VP of Digital Marketing at Fleishman-Hillard, “Twitter is the ultimate customer service tool. It’s live, instantaneous, community driven, open, two-way and multi-way, unfiltered and predictive.“

Imagine this scenario...a bank customer is traveling in a foreign country and attempts to withdraw funds from an ATM. The time back home is the middle of the night and the ATM system is down for maintenance. The ATM message states that the transaction was denied - nothing else.

Scenario 1): The bank customer becomes infuriated that he could not withdraw funds. He eventually gets money out at a later time but is steamed his entire trip. Because this customer is of the Generation Y, the first thing he does, if he hasn't already done so, is let all of his acquantances know of the horrible service. The customer reaches out to his friends on Twitter, Facebook, MySpace and blogs. The result is a permanent record of his experience on the Internet for others to see. A digital black eye on the face of the bank. Once he finishes venting, he goes online, transfers all his money to another bank (which he opened online) and sends a message to close his account.

Scenario 2): The bank customer realizes that something is wrong since he has plenty of funds in his account. He gets on his iPod and sends a Twitter message (known as a "tweet") to the bank's call center. The assigned call center operator sees the message and sends back a quick message indicating that the ATM network is down for the next 20 minutes (you may have offline limits in place but probably don't want to broadcast these). The customer walks around the corner for a cup of coffee and returns 20 minutes later. Tada! Money. The customer enjoys the rest of his vacation and returns home. When asked about his trip he states that it was great. He mentions that along the way he had an ATM problem but that the bank's customer service department told him exactly what he needed to know when he sent a tweet. His friends are shocked that banks can actually be so responsive and customer focused. The Twitter tale gets passed on from one friend to another. Eventually, when it is time to open an account, some of the customer's friends decide to open an account at the bank because of the Twitter tale.

So who would go to all the trouble? Well, banks that "get it." That's who.

A good example of a bank that gets it is Bank of America. In January 2009, BofA launched its Twitter presence using the user ID BofA_help.



According to Holly Hastings on BofA's Future Banking Blog, "with the advent of social networking sites and blogs, companies have the opportunity to listen and learn from their consumers in ways that were not possible before. Companies can gain powerful knowledge on everything from product enhancements, customer service interactions and unresolved problems–but only if they listen. Social networking sites like Twitter enable that listening in real time." Other tweeters include UMB and Wachovia.

In a Februay 2009 ABA Banking Journal article, Pete Fields, Wachovia's senior vice-president and e-business director for corporate services and Web 2.0 said, “in August we started with Twitter because we wanted to develop a corporate competency in this type of social media. Our ‘followers’ have been very supportive about our presence on the platform. I believe they see it as a validation.” In the same article, Pamela K. Blase, senior vice-president and director of corporate communications, UMB Financial Corp., Kansas City, said that her bank started using Twitter to share information about the unfolding financial crisis.

According to the ABA Banking Journal, "the broader world of corporate Twitter users has also adopted the tool to stay in sync with their customers—and ease any daily tensions that are bound to erupt." As illustrated in the example above, a customer service strategy that utilizes Twitter (or a similar technology) can prevent every day issues from escalating into reputation damaging episodes. And the beauty of it is that Twitter communications are efficient at a maximum of 140 characters per tweet.

According to Carol Forsloff, despite the benefits of social media and Twitter, in particular, some businesses are afraid of having negative information posted - even if it is just 140 characters worth of griping. Ms. Forsloff, reminds businesses that criticism provides an opportunity to defend their business and explain their position. In the example above, the tweet allowed the bank to describe the issue not as a breakdown in the system but a scheduled outage for the purpose of maintaining the network.

So who should care about Twitter? Any bank that truly is interested in improving the customer experience. By leveraging this technology and incorporating it into an existing customer service infrastructure, banks can create considerable goodwill by demonstrating that they "get it" and are committed to dealing with customers on their terms.

Wednesday, April 15, 2009

Social Media, Banking and the Communications Decency Act

Social media is dependent upon communal participation. Members of a social media community such as Facebook, MySpace, Twitter, etc, share everything from names, professions and scholastic and corporate affiliations to names and photos of family and friends as well as up-to-the-minute updates on current events. Little is too personal on social media, and the greater the extent of the sharing the greater the reward for all involved. That's why it's called "social" media.

As in the non-Internet world, users of social media often do and say things that are not always appropriate - whether intentional or not. Examples include the posting of a piece of confidential or inappropriate information about oneself, one's company or an acquaintance (have you seen the latest Domino's video?). Such communication can take the form of a written comment, photo, video or other form of communication. These actions can result in claims of defamation, incorrect statements of fact, harassment, etc. And in Domino's case, a temporary loss of revenue and a ding on the company's brand.

Unfortunately for social media operators, including banks that host their own social media platforms (e.g., Bank of America's Small Business Online Community), those adversely affected tend to include social media operators (in the context of this article, banks that host a social media site). Fortunately for social media operators operating in the U.S., there exists some form of protection against these claims.


COMMUNICATIONS DECENCY ACT

Section 230 of the Communications Decency Act ("CDA") of 1996 is a landmark piece of Internet legislation. Section 230(c)(1) of the CDA provides immunity from liability to providers and users of an "interactive computer service" that publishes information provided by others (user-generated content). Courts generally apply the following three-prong test to determine whether a defendant is subject to the protections afforded by Section 230.
  1. The defendant must be a "provider or user" of an "interactive computer service;"

  2. The cause of action asserted by the plaintiff must treat the defendant as a "publisher or speaker" of the harmful information at issue; and,
  3. The information must be "provided by another information content provider," (i.e., the defendant must not be the information content provider of the harmful information at issue).

This section of the CDA was enacted to enhance free speech by making it unnecessary for Internet service providers and other service providers to unduly restrict customers' actions for fear of being found legally liable for customers' conduct. This law effectively protects social media operators since it covers computer services that involve user-generated content.

As a result of its effective protections, Section 230 is considered quite controversial because courts have interpreted Section 230 as providing complete immunity to Internet service providers and other service providers with regard to torts committed by their users. Critics of Section 230 are primarily concerned with its effectiveness at leaving victims with no hope of relief in instances where the true tortfeasors cannot be identified or are judgment proof.

Courts have upheld Section 230 in a variety of factual contexts and on numerous legal theories, including posting of:

  • Defamatory information;
  • Opinions;
  • Private information;
  • False information;
  • Pornographic information;
  • Harassing commentary; and,
  • Discriminatory and/or illegal advertising.

Section 230, however, is not absolute protection. For example, plaintiffs have successfully argued in a handful of cases that an "interactive computer service" was not entitled to Section 230 immunity because the person or entity in question was an "information content provider" with respect to the information at issue, thereby failing the third test noted above.

Notwithstanding certain plaintiff successes, generally the social media operator is protected against liability for postings made by others so long as the operator does not contribute in whole or in part, in the creation or development of the content and provides a mechanism for detecting objectionable content.

As such, in order for social media operators (e.g., banks) to obtain the maximum protection under Section 230 of the CDA, the operator should strictly adhere to the following:

  • Do not alter any contribution of user-generated content. To the extent that user-generated content is repackaged - no matter how insignificantly, the social media operator potentially voids one of the three tests and risks exposure. Competent legal counsel should opine on the risk to the social media operator to the extent that any user-generated content is repackaged or reformatted.
  • Maintain the ability for users to alert the operator of questionable content. Users should at all times be provided with the ability to report user-generated content that violates the terms of use or is generally considered offensive or specifically offensive. Additionally, users should be provided with the ability to promptly delete user-generated content that is directly posted to their profiles or personal space within the social media platform.
  • Maintain formal policies and procedures for addressing complaints of questionable content. The policies should include both external terms of use policies and internal policies and procedures for the timely management of complaints. Periodic audits and compliance with recommended corrective actions should be performed and well documented to serve as support in the event of legal action.
  • The Terms of Use should explicitly state that the user is fully responsible and liable for any legal action attributed to their user generated content and the TOU should include indemnification language that contractually indemnifies the social media operator as a result of user-generated content. Any subsequent changes to the TOU should require the user to accept the changes prior to permitting the user access to the social media platform.

With more and more banks considering the addition of social media capabilities, such as product review and ratings, banks need to ensure that they implement a set of policies and procedures that ensures ongoing compliance with the CDA. Compliance is not difficult but nonetheless, it must be addressed as part of any implementation process.

Be wary of social media consultants that are not able to connect the dots between the practical implementation and legal compliance with the CDA. Consultants, whether in-house or external, should provide a product that is compliant as well as a set of end user terms that maximize protection.

[This blog is not to be considered legal advice. ]

Sunday, April 12, 2009

Should The Internet Be The New Resume?

Over the weekend I came across a very thought provoking article at Law.com titled Bank Nixes Use of Social Networking Sites in Hiring Process. This article, written by Jenny B. Davis, addressed a recent policy implemented by Amegy Bank of Texas, an $11 billion Houston-based bank.

The article speaks to the bank's decision to block all access to social media sites in an effort to prevent the bank's human resources personnel from accessing the personal profiles of job applicants. The article states that the bank's outside counsel recommended the policy in an effort to prevent unnecessary employment-based litigation. The article used the Pregnancy Discrimination Act as a key motivator, since it is plausible that an applicant's social media profile(s) may contain mention of a pending pregnancy or of other information that employers are not permitted to request. The danger is that upon discovery of such information, the bank's human resources personnel may be "perceived" as having acted on such information if an applicant is not hired. As such, if the bank's policy does not permit access to such sites, the bank has a strong defense against any such complaints.

While at first blush that bank's position may seem a bit severe and short sited, given that that almost 40% of employers have used Facebook and other social networking sites to gather information on job candidates and more than 80% of employers consider that negative information discovered when making hiring decisions, this was not an entirely bad decision. Further, during tough economic times people may be more apt to file frivolous compliants.

A related blog article at gNeil, titled Dangers of Using Social Networking Sites to Screen Applicants, stated that when a company uses the Internet to research job candidates and even current employees, there are some very important legal issues to keep in mind such as:

  • Invasion of privacy. Some social networking sites state specifically in their terms of service that is is illegal to use users’ profile information for commercial purposes.
  • State protected privacy. California and New York have laws preventing employers from interfering in employees’ private lives outside of the workplace.

  • Discrimination. Even if you stumbled across an applicant’s personal information unintentionally, it is unlawful to deny employment based on protected categories such as age, race or gender.

  • False information. It’s probably not surprising, but users on social networking sites don’t always post information that is entirely true. It’s best to rely on information that the applicant directly gives you.

  • Fair Credit Reporting Act (FCRA). If you’re using an outside agency to conduct background checks on job candidates, you must comply with the FCRA and receive the applicant’s consent before starting the background screening process.

So, while it has been said that the Internet is the new resume, banks should carefully craft thier background check procedures - especially those that utilize social networks. For example, use of LinkedIn would likely be acceptable since it is primarily used for professional purposes. However, other platforms such as Facebook and MySpace may be undesirable. While the use of these sites may provide helpful information relative to the character of the candidate, certain information may expose the bank to litigation.

According the the gNeil blog, "to avoid potential discrimination lawsuits, develop a uniform procedure for using social networking sites in the hiring process. Train everyone involved in the hiring process to treat every applicant consistently to avoid trouble and document each step you take. With the rate at which new technology emerges, it’s almost impossible for the law to keep up the pace. When you use social networking sites to research applicants, you may be taking uncertain legal risks with every search you make."

Amegy's CEO was quoted as saying, "good hiring decisions are among the top two or three decisions here, because it is where a lot of risks are managed." This is definitely true. And social media applications may help to reduce risk by identifying potential hazards. Unfortunately, human resource law is not Web 2.0 compliant and as such, taking advantage of these tools as part of the human resource process will require careful consideration, strong policies and procedures and an increased appetite for potential litigation.

Friday, April 10, 2009

Banking Regulators Should Make Use of Social Media Mandatory

Back on May 6, 2005, then Acting Comptroller of the Currency Julie L. Williams, delivered a press release titled, "Acting Comptroller Williams Discusses Management and Supervision of Reputation Risk In Large Banking Organizations; Stresses Important Role of Ethics and Corporate Values."

Ms. Williams, through her press release, stated that there is no more elusive, difficult to manage, and feared risk than reputation risk. Ms. Williams stressed the importance of establishing within a bank's overall risk management program, a defense against reputation risk that ensures that banks are grounded in a sound corporate culture and value system. This statement was released in 2005, years before the social media boom that we find ourselves in today.

Since Mr. Williams' release, the banking industry has undergone significant stress. These stresses have resulted in a significant outlash against banks by consumers, regulators and lawmakers. Events triggered by IndyMac, AIG, Bear Stearns, et al, have resulted in significant criticism at the macro and micro levels. And social media platforms such as Facebook, Twitter and LinkedIn have acted as the conduits for many of these disgruntled messages.

Therefore, if we believe Ms. Williams and agree that reputation risk has been historically difficult to manage, then the banking community should agree that one method of effective management is through the deployment of a social media strategy that includes as an objective, the use of social media to track and timely respond to events that affect the reputation of financial institutions.

EXAMPLE 1

In 2008, Johnson & Johnson released a marketing campaign targeted at mothers with newborns that use slings for carry their children. The campaign that utilized a web commercial that suggested that mothers used such slings for trendy reasons. The campaign asked mothers to use Motrin for relief from back, shoulder and neck pain associated with the use of the slings.

For some reason mothers were disgusted at the suggestion that these slings were merely trendy baby accessories. The result was a Twitter-based protest that snowballed and attracted significant attention. The protest attacked Johnson & Johnson and its Motrin brand on the basis of "not getting it" relative to why mothers use the slings. Eventually the protest reached Johnson & Johnson's ad agency and an apology and retraction of the ad campaign took place.

This social experiment created a reputational issue for Johnson & Johnson and resulted in a significant waste of money and a muddy face for some ad agency and Johnson and Johnson folks associated with the campaign.


EXAMPLE 2

In 2007, HSBC Bank was the target of a Facebook campaign against the Bank's decision to charge a 9.9% interest rate on certain student overdrafts. The virtual "Stop the Great HSBC Graduate Rip-Off" protest was organised by the National Union of Students, which had called for a boycott of Britain’s largest bank. The campaign attracted nearly 5,000 members on the Facebook site.

As with Johnson and Johnson, the event became widely publicized and became a black eye to the global banking giant.

Social Media as a Reputation Risk Tool

According to the Office of the Comptroller of the Currency, reputation risk is the risk to earnings or capital arising from negative public opinion. This affects a bank's ability to establish new relationships or services, or continue servicing existing relationships. This risk can expose the bank to litigation, financial loss, or damage to its reputation.

Reputation risk exposure is present throughout the organization and is why banks have the responsibility to exercise an abundance of caution in dealing with their customers and community. The assessment of reputation risk recognizes the potential impact of the public's opinion on a bank's franchise value. This risk is inherent in all bank activities. Banks which actively associate their name with products and services are more likely to have higher reputation risk exposure. As the bank's vulnerability to public reaction increases, its ability to offer competitive products and services may be affected.

As noted, with Johnson and Johnson and HSBC, an enterprise need not do anything "wrong" to end up with a battered reputation. Further, banks have an affirmative responsibility to manage reputational risk from wherever it may arise.

Enter social media. As the two examples above demonstrate, consumers in the Web 2.0 era no longer write letters - at least most do not. Instead, the disgruntled seek to unite with others who are similarly disgruntled. They band together and utilize the effective word of mouth capabilities built into social media applications such as Twitter and Facebook. The result can be quick and devasting to a bank's image. As such, for a bank to effectively manage its reputation risk in the current environment it must fight fire with fire by itself utilizing the same tools that can be used against the bank.

Today, bank risk managers must work closely with those managing the bank's existing social media applications. To the extent that a bank does not currently have such capability, the risk manager should make the case for the establishment of some form for social media tool such as Twitter, in order to receive complaints and comments. Once received, such feedback must be promptly addressed by the appropriate parties.

Banks that do not make themselves available through social media platforms or that ignore negative feedback are the banks that will find themselves the victims of runaway social media smear campaigns that ultimately result in negative publicity, unnecessary expenses and other potential adverse affect on the bank's bottom line.

To the extent that a bank finds itself being attacked, the bank should rely on a set of incident reponse procedures that include social media attacks. The procedures should address minimizing the negative effect by addressing the issues in an open and direct manner and ensure transparency. The bank should also consult with a social media specialist to determine the most effective manner of quieting the campaign being targeted at the bank.

Social Media Primer for Bankers

Unfortunately, many bankers are not well versed in the uses of social media. As such, bankers should consult with professionals with experience in utilizing social media for risk management and crisis management purposes.

As a first step I would encourage all bankers to download The Community Bankers Guide to Social Network Marketing. It is a free ebook that I wrote to provide a primer to bankers on social media and social networks.

Next I would recommend that risk managers evaluate the processes they have in place to measure reputation risk. In most cases banks focus on the primary risks such as credit risk, liquidity risk, interest rate risk, etc., and do not actively address reputation risk which can have consequences just as severe as the other risks monitored. Risk managers should ensure that social media is incorporated as a measuring tool to ensure that the bank has the opportunity to respond to issues before they become disasters.

In most cases, managing a bank's reputation can be compared to watching the grass grow - it just isn't very exciting. Unfortunately, all it takes is one major event to ruin everyone's day. With a little planning and some knowledge of dealing with the Web 2.0 community, bankers should have a good shot at minimizing or preventing a public relations disaster.

Day One - Welcome to the Blog

Welcome to the first post of the Social Media and Banking blog. My name is Jesse Torres and I will be your tour guide as we discuss matters related to social media and banking.

As this is the first post, I figure a brief background is in order. I am a career banker with a major technology addiction. All through my career in banking (roughly 17 years), I have always favored technology as a way of improving the banking industry.

In my early days I was a bank examiner with the Treasury Department's Office of the Comptroller of the Currency and a senior consultant with KPMG Peat Marwick. In those roles I was always the tech guy who was called in when things went wrong in the field. It explains why I also hold CISA and CISSP certifications.

As I moved out of the field and into management, I continued to favor technology. Eventually, I came to oversee the IT departments of a couple banks I worked in and played a major role in technology acquisition and deployment.

Most recently I have played significant roles in marketing and developing brand identity for banks. This is where I became convinced that there are many benefits to be had in banking through social media.

In December 2008, I released an ebook called The Community Banker's Guide to Social Network Marketing. The Guide was released as a primer on social media and social networks targeted at community bankers. The goal was to raise bankers' awareness of the uses of social media. This project became quite a success, resulting in significant exposure for the Guide.

I established this blog after receiving considerable requests for an ongoing source of information related to banking and social media. I hope to address developments and stories to make the banking community better informed and more successful.

Thanks for joining me on this trip.

Jesse