“How can compliance officers meet the challenge of building good governance in a world where new communications are consistently emerging?” asked Melissa Callison, Global Marketing and Corporate Affairs Compliance Executive of Bank of America during a recent event. Callison joined other financial services compliance professionals on a panel to discuss how to enable the business to use social media and other new forms of communications while meeting the regulatory requirements for communications with public.
In the end, it boils down to five key steps:
Callison said the first step is to define the entire social media program. Clarify the channels that you plan to use. Discover which entity of the business wants to use social media and why. Various job functions and activities within your firm may be regulated differently, so you need to know exactly who will be using social media so you may set employee use polices that comply with various rules and regulations. Build those policies by bringing the key stakeholders into the conversation to identify and mitigate risks together. These could include representatives from the business, sales, marketing, investor relations, compliance, risk, HR, Data, Security, Privacy and IT. Callison concluded by saying “good governance is really good social.”
Define Business Needs
Work with the various business constituencies as soon as possible to understand what you are doing now and their plans for the future of social media at your firm. Is the intent to use social media to build brand awareness? Manage reputation? Deepen relationships? Or perhaps to even drive revenues through lead generation and attracting new clients? These activities will drive the compliance and risk and infrastructure that you’re going to need, so make sure you know what the goals are. Callison views compliance as being a stakeholder, rather than driving the process – like marketing or the business partners do – but hopes to be involved early enough to develop strong social media governance programs before there’s a public misstep.
Stephen Bard, Senior Vice President and Director of Communications Compliance at Wells Fargo Advisors added, “This is a team approach. This is definitely not something you want to do by yourself, whether you’re sitting on compliance, marketing, legal or the risk side. You want to have the correct parties there, because everyone has their own lens of what they’re looking for.”
“Once you understand what the business is interested in doing, you can figure out who can help you with that,” continued Bard. Look at your existing processes and policies to determine whether they can be applied to this new form of communication with some updates. Define infrastructure you will need to supervise social media activities. Can you leverage the marketing review and supervision systems that are in place today? Or will you need to work with an outside vendor to create something new? Think about the type of additional tools you may need for supervision and content retention, as well as monitoring social media activities impacting your brand. One important criterion when selecting an outside vendor is flexibility. “You need flexibility to address the different business cases that are going to be presented to you,” said Bard.
Jonathan Reedy, Senior Manager of Enterprise Business Development at Hootsuite, suggested that you go to your network of peers and colleagues to make recommendations for the top two vendors to evaluate against each other. As you have conversations with these vendors, consider whether they would be good partners. To that end, “be forthright with what you’re trying to accomplish from the get go.” And demos are not enough. It’s also important to your firm to actually be able to “to kick the tires, because technology’s moving fast.”
Educate Each Other
While programs are being developed, education is a two-way street. “It’s not just compliance educating our business partners, it’s also compliance being educated” on how the business plans to use social media said Brandy Corder, Senior Analyst at LPL Financial. Once you understand the business case, clearly convey the resources required to support using social media in order to comply with industry rules and regulations around recordkeeping and supervision.
And finally, once social media programs are defined and ready to be deployed, training regulated end users is essential and required by the regulators. This should include your firm’s social media policy as well as guidance on the separation between business and personal use so your employees can make good decisions.
Create a Crisis Plan
Even if you do everything right, all the panelists agreed on the importance of creating a plan in the event of crisis. Think through various scenarios. “It’s important to know how you would respond in a crisis situation. Do you respond through your PR arm or do you respond through the social media programs that are on those channels? And who’s the first responder? Who’s evaluating the right approach or the right response? Is no response the right response? Some firms take the planning a step further and conduct crisis simulations. “You need to be deliberate and have the right people in the room. Preparation is key,” concluded Callis