A recent Smarsh blog post addressed the FFIEC guidance on social media risk. That’s a beginning, but far from the end of the story.

When considering social media monitoring financial institutions shouldn’t focus only on what’s “legally required” in this arena—their antenna have to be set on what’s “prudent,” because social media risks go beyond fines and sanctions to include corporate risk and potential brand damage.

How much goodwill does your brand have? Can you restore it if it’s lost or damaged?

The internet is littered with stories of brands that have been damaged by social media snafus.

For financial institutions and other businesses, the question boils down to this: How can you insulate your brand from undesirable social media messaging? Inevitably, prominent companies will be discussed on social media, in raves or rants. How to prevent the negatives from tarnishing the brand?

Some corporate social media policies forbid commenting on the company or its activities. These can be hard to monitor, especially when people use multiple social media platforms. (The average number of smartphone apps exceeds two dozen.) A loan officer might identify his bank or credit union employer on LinkedIn, but use different apps to follow personal interests in online gambling or assault weapons collecting. Customers (and potential customers) who put two and two together may be influenced.

When people identify themselves digitally in relation to their employers, corporate brands may be associated with individuals’ personalities and prejudices. As dangerous as this might be, the risks are magnified vis-à-vis ex-employees, disgruntled customers, terminated vendors, and others intending harm through their posts, photos, blogs, and tweets.

Recent CFPB Regulations now require the monitoring of social media. Some companies already monitor their brand mentions on social media—this helps them follow and respond to harmful or false messages, and can help identify needed training for employees who cross legal lines. Social media monitoring isn’t bullet-proof, but any reasonable good faith effort is better than covering one’s digital ears. Realistically, a company with a brand identity can’t risk not knowing its online reputation. If it’s out there, you’ll be assumed to know it.

Ultimately, it is up to the individual firm to manage risk—and that should include monitoring and taking action on social media messages, as well as adopting social media risk-avoidance policies. In this way a company might protect its business, brand, and even its workers. A good technology solution can ensure that not only are potentially risky messages being flagged, but can also help filter out the white noise, so that compliance doesn’t waste time reviewing harmless and irrelevant messages.

In the case of social media monitoring, you may want to adhere to the truism that “the devil you know is better than the one you don’t.”