Do You Know Your Social Media Risks?
As a mortgage lender, to some varying degree, the use of social media is in your toolkit to engage customers, connect with potential new ones through marketing, and others. Whether its sharing mortgage topics or getting your brand out there, risks are inevitable. While this FFIEC guidance has been out for a while for consumer compliance, the information is useful and transferable to the mortgage industry.
The guidance provides details of the various risks involved and the controls needed to mitigate these risks. But the guidance also speaks to managing your entity’s social media presence by maintaining an appropriate social media program based on risk. Has your entity identified, measured, monitored, and controlled social media risks? Your use of social media will direct the type of program you should have in place. Bring together employees from compliance, technology, information security, legal, human resources, and marketing in order to manage this program with the appropriate expertise for your entity.
Similar to other areas with your organization, this program should contain the following elements:
- Governance structure
- Policies and procedures
- Third-party relationship oversight and management
- Employee training
- Oversight of information posted on social media
- Audit and compliance to ensure ongoing compliance
- Reporting to senior management and/or the board of directors
To effectively manage this program with the above elements, you need to know your entity’s risk tolerance and level of risk present based on the usage of social media.
Consider these questions to gauge your entity’s social media use:
- Do you strongly rely on social media to attain new customers?
- Perhaps you only use social media in limited ways?
- Maybe your entity has chosen not to use social media at all?
Regardless of your responses, a risk assessment is needed to define and document the level of social media risk to your entity. What is framework of risks?
- Compliance and legal risk: This type of risk arises from noncompliance or violations to internal policies and procedures and federal law as well as information exchanges that may defame or libel an entity or individual. Examples of laws to examine to ensure compliance include:
- Fair lending laws, such as the Equal Credit Opportunity Act and the Fair Housing Act
- Truth in Lending Act
- Real Estate Settlement Procedures Act
- Fair Debt Collection Practices Act
- Unfair, Deceptive, and Abusive Acts and Practices
- Bank Secrecy Act
- Community Reinvestment Act
- Gramm-Leach-Bliley Act and data security guidelines
- Telephone Consumer Protection Act
- Fair Credit Reporting Act
- Reputation risk: Negative publicity and dissatisfied consumers can explode on social media and may cause significant damage to your entity’s reputation. Be mindful of fraud and brand identity, third-party concerns, privacy concerns, consumer complaints and inquiries, and employee use of social media platforms.
- Operational risk: This risk involves the failure of processes, people, or systems that has caused loss to an entity. Information technology is an important element is identifying and measuring this risk.
The guidance may be almost seven years old, which in other cases, would be considered outdated. However, if you’ve never considered social media and the risks it presents to your entity, this guidance is perfect for you. Take the time to evaluate your entity’s social media and then assess the risks so that you can develop and maintain a good program to help protect your entity.
Should you already have a process to monitor social media, way to go! Refresh the program, review risks, and update accordingly.
Professional development courses and additional resources:
- Mortgage HQ: All-in-One Training Solution
- Social Media Risk Management Blog
- On-Demand Webinar: FFIEC Guidance on Employees’ Use of Social Media
- 5 Habits of Effective Mortgage Loan Officers Blog
- The Mortgage Profession
- Mortgage Loan Processing 101
- Loan Originator Compensation
- The Mortgage Loan Cycle
- Career Insights Center
- New License Requirements
About the Author
Jill Emerson, owner of Integrity One Consulting, maintains over 30 years’ experience in the financial services industry, both as a practitioner and as a federal regulator. She enjoys sharing her experiences and expertise through writing.
Jill can be reached at firstname.lastname@example.org.