7 Social Media Risk Management Practices for Mortgage Lenders
As the stay-at-home era extends into 2021, home buying continues to see steady growth. According to Forbes, Zillow expects 6.9 million existing home sales this year — the highest since 2005.
One of the factors driving the surge in real estate sales is social media. The combination of time at home, popular hashtags like #dreamhome and #mortgage, and social-media-savvy millennials and Gen Z entering the homebuying market in record numbers makes social media a prime venue for marketing mortgage services.
Social media platforms are a great way to connect with the next generation of homeowners, but public communications invite regulatory or legal scrutiny. In keeping with the Mortgage Acts and Practices (MAP) Advertising Rules, companies selling mortgage products or services are required to keep records of marketing communications for compliance.
Your employees are representatives of your organization, whether engaging on company social media accounts or personal accounts. Ensuring codes of conduct and regulatory guidelines are followed requires a multi-pronged approach.
If you are using social media for marketing your products or services, now is a good time to revisit your social media risk management practices to avoid legal, regulatory or reputational risk.
1. Form a governance structure
Companies need clear social media roles and responsibilities. Your board of directors or senior management should decide how social media will contribute to your strategic business goals, and then create controls and perform regular risk assessments. Without this structure, a lack of top-down awareness of social media use may take hold, and social media can become out of alignment with corporate strategies.
2. Develop social media use policies and procedures
Mortgage lenders need to establish social media processes to protect against non-compliance with consumer protection laws and regulations. The policies should be designed with input from colleagues in compliance, technology, legal, human resources, information security, and/or marketing — and address what employees are, and are not, allowed to communicate in their official capacity. Explicit rules about which platforms are allowed or prohibited are critical. Since reputation risk exists whether employees post on behalf of the organization or personally, consider including recommendations for business and personal social media use. Without this, your company may be exposed to legal and compliance risks.
3. Know the platforms you’re using
Just as with any other outsourced relationship, have systems in place to perform due diligence prior to engaging with any social media platform. You’re expected to be aware of the company’s reputation, its policies regarding use of its information and customer data, how often its policies might change, and what (if any) control you have over its policies. Without this, your company might be made vulnerable to operational risks — for instance, theft of consumer information resulting from a social media provider’s compromised IT infrastructure.
4. Establish and maintain an employee training program
Social media training needs to be provided to all your employees (especially sales, services and marketing) who use social media on behalf of your company. Establish a code of conduct: employees need to understand the purpose of each social media platform your business uses, and their individual role in its use. Without a formal and documented training program, your organization can be exposed to various legal, compliance and reputational risks from misuse of social media.
5. Monitor social media use
Archiving and oversight of the content posted to your company’s official social media channels (and the accounts your employees use to represent the business) is required to ensure information posted by your company, social media vendors or consumers reflects internal policies and industry laws and regulations. Without this, reputational damage can result based on fraud, misrepresentation of your brand, mismanagement of consumer complaints or questions, and other compliance and legal risks.
6. Install strong social media audit and compliance functions
To ensure ongoing compliance with laws, regulations and your corporate internal policies, involve your compliance or audit team to identify and mitigate social media risks. Make sure your social media practices continue to comply with evolving laws and regulations by conducting regular checks and evaluate your policies to make sure they are functioning as intended. Without these functions, your company can be vulnerable to compliance and legal risks.
7. Track and report on your social media risk management program
Your board of directors or senior managers must actively supervise the risk program and receive the appropriate level of reporting to determine if social media initiatives are meeting company objectives. There are many tools available on the market that can help track metrics and results. Without this, you won’t be able to chart the effectiveness of your corporate social media program, show accountability for activity and content on social platforms, or ensure corporate, legal and reputational goals are met.
Finally, even if your company doesn’t officially use social media, it still needs a social media risk management program. This will help you determine how to handle social media comments made by your customers, competitors or other parties on social media, respond to instances where employees go “rogue” and post to social media while acting on behalf of your company, or handle a crisis.
Retain critical information in a single, secure, search-ready repository where it can be actively monitored and produced on-demand.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.