Social Media Compliance: Monitoring vs. Auditing

For those that are unfamiliar, there are a total of seven components to the Federal Financial Institutions Examination Council's guidance on social media compliance. Each element is vitally important to an organization's risk management program, with two of them – monitoring and auditing – often being misinterpreted as similar, when in fact, they are unique. As such, financial institutions are instructed to develop programs that monitor information posted on social media sites, as well as create audit functions that ensure ongoing compliance with internal policies, applicable laws, and regulation. On the surface, that sounds daunting so let's take a moment to explore the difference!

Monitoring vs. Auditing

Social media compliance monitoring has traditionally entailed an internal management process that is designed to oversee corporate digital marketing, any presence on social media platforms, and related activities for compliance with internal policies. However, with social media outlets and activities expanding at an exponential rate, coupled with increasing regulatory oversight, monitoring has quickly grown to encompass a loan officers’ professional and personal social media use as well.

Monitoring can offer substantial benefits, allowing your institution and employees to promote activity that generates more leads, develops business, and extends your market reach – all while identifying risks. With a proactive approach, monitoring will highlight risks, escalate issues, and create valuable training opportunities. Additionally, real time monitoring of trigger terms and/or relevant keywords can contribute to the backbone of any social media compliance program. This remains the most effective way that an organization can quickly respond to and manage potential violations. 

Backed by a solid and detailed policy, as well as management’s participation and affirmation, monitoring should be managed in a way that supports all of these elements. Keeping a flexible approach and seeking ways to incorporate monitoring will result in process improvement. A few key areas to consider are:

Non Compliant Activity
The primary goal is to have the capabilities to recognize non-compliant social media activity, so it can be promptly addressed and future  problems can be circumvented.

Policy Changes
External regulations will change, social media channels will advance, and internal policies will need to reflect this overall evolution. These changes need to be understood, effectively communicated to all employees, and monitored by management.

Repeat Offenders
It’s common for mistakes to happen or for an employee to have an occasional lapse in judgment, irrespective of solid policies and training. Monitoring activities will assist management in identifying repeat offenders so that additional training and/or disciplinary action can be administered.

Auditing, although similar, is a completely separate process. Whether conducted in-house or by a third-party auditor, auditing is more specific in its capacity to track activity, collect data, and recognize potential concerns. Thoughtful and careful analysis to identify what audit data is important to your corporate brand and compliance oversight will help to maximize results, as well as ensure consistency and accuracy.

It is important that audits are performed regularly and findings should be detailed over the past 12 months. This historical perspective allows an organization to readily analyze trends and optimize information to identify issues, prevent re-occurrence, and minimize potential violations. Audit data also helps determine where to focus training and what to look for when scheduling future audits.

Who should be audited? 

It is highly recommended that financial institutions audit the activities of anyone that represents the company in any way, across any social media platform. In addition to individual employees, one may want to also consider the various groups that should be audited as a part of oversight and auditing protocol:

Individual Employees

Branch Locations

Corporate Marketing

Third-party Providers

For more information on monitoring best practices, download Optimal Blue's white paper titled  MONITORING YOUR EMPLOYEES' SOCIAL MEDIA ACTIVITY.