Brett King

Social Media and Bank Compliance Departments – Eternal Enemies?

In Retail Banking, Social Networking, Strategy, Technology Innovation on July 6, 2010 at 22:50

A consistent theme keeps popping up as I discuss social media innovations with bankers these days. It is increasingly frustrating for innovators who want to use mobile, social media, the web and other such tools to get these past hyper-risk-adverse compliance specialists. It seems as if many of the banker’s I’m meeting are saying that the favorite word of the compliance officer of today is simply “No”.

That needs to change…

Compliance holding up social media adoption

In a recent American Banker’s Association survey they reported that 74% of participating banks confirmed that all ‘social media efforts were to be vetted by compliance first’. In an environment where minutes matter, and the response is key, such a logjam to social media participation is a frustrating mismatch with the realities of dealing with customers in todays uber-connected world.

On Sunday I enjoyed brunch with Matt Dooley who heads up Direct Customer Experience for HSBC’s Commercial team in Asia, and his wife Maria Sit who runs Heath Wallace’s Asia division. Over lunch the issue of culture, compliance, philosophy and the reluctance to experiment to broadly with social media, mobile engagement and other such issues came up.

Matt used a brilliant illustration to identify the problematic compliance hurdles we face today as bank innovators. He asked me whether or not a compliance department of a major financial institution would approve “snail mail” as a new initiative if it was proposed today? Let me explain. If snail mail did not exist today, what would your average compliance officer think if you came along and explained you wanted to use this great new technology for distribution of bank material like statements, new credit cards, PIN #’s, etc. You’d have your PowerPoint deck ready to go explain the process where you stuff an envelope, hand it on to someone you don’t know in the bank (likely a very junior staff member), he then puts it in a bag which is picked up by a truck with another person you don’t know, they take it to a large warehouse and sort it according to Geography, etc, etc…

There just ain’t no way that snail mail would make it through the compliance check list of today’s modern financial institution. The compliance officers would no doubt quote scenarios like this to justify why it would be absolutely impossible for the bank to consider using this new ‘snail mail’ technology.

This is the dilemma. Today there are those of us trying to improve customer experience, knowing full well that compliance departments are citing risk mitigation, regulations and laws, bank policy and procedures, and other such issues as reasons why innovators can’t release a new mobile app, engage in social media conversations in real-time with customers, and so forth. In the meantime, there are existing processes, procedures and systems that are far more riskier than things like social media, but they are immune to the compliance department’s gaze because they are already in place.

Is it riskier to do nothing?

Let’s take Twitter as an example. Today it’s rudimentary to do a Twitter search on major FI brands to see topics trending that in the old days if they were carried by mainstream media would turn a banker’s hair on end. In many cases, however, such interactions are simply ignored because there are no dedicated resources listening and responding to such social media conversations. The processes internally around getting compliance approval for a formal response simply make any such response useless by the time it is approved.

But aren’t social media free form responses risky?

Take for example the very public Twitter faux pas recently committed by a Westpac employee who stated “Oh so very over it today…”. Honestly, this is probably about the worst that it could get on Twitter – and it just isn’t that bad. I hear Compliance departments the world over rejoicing and justifying their stance at the next Social Media strategy review meetings – saying, ‘See, see – we told you so!”. The reality is, that this particular faux pas actually ended up humanizing the Westpac team and probably won them new supporters more than anything else…

It is far more likely that a serious breach of customer trust, a poor service or policy decision, or some other very public social media trending topic could do far worse brand damage if left unanswered out in the social media conversation.

Classic examples are those of Ann Minch with Bank of America and Citibank with the Fabulis debacle. In observing the Facebook and Twitter effect of such PR nightmares, the lack of timely response by the bank across the social media landscape made these issues far more impactful and damaging than they needed to be. So the real risk is in not responding quickly enough.

The reality is that banks are increasingly likely to face a major PR disaster and have it escalated more rapidly than they can every imagine through social media networks. Take the example of BP and the recent Gulf Oil Spill – their lack of maturity in handling PR issues over social media has absolutely punished their brand. The spill is bad enough, but BP’s response to the social media conversation has simply made it much worse than it had to be.

No amount of brand advertising and traditional PR can ever undo the sort of reputation damage that is possible to your brand in the social media landscape.

Compliance as an enabler

Compliance needs to understand the negative risk of increasing workload on the frontline in respect of customer service perception, and decreasing the ability of the organization to respond to social media events in real time. They need to start thinking about their function as an enabler of the core business with customers, rather than just risk mitigation. They can also be lobbying regulators to help regulators adapt and make their processes more user-friendly, while retaining security of identity and the assets of the customer.

Customer experience is being hampered by compliance heavy processes that look to reduce risk, but make the engagement unnecessarily complex. Translating the Terms and Conditions from a paper application form onto the first 7 pages of a web-based application process might seem legally sound, but is quite ridiculous from a Usability and Customer Experience perspective.

Compliance departments need to learn to stop saying no, and be embedded within social media, customer advocacy and customer experience teams so they understand the implications of ‘risk’ and ‘legal’ decisions that actually hamper the organizations ability to respond to customer needs.

  1. […] This post was mentioned on Twitter by Can Koklu. Can Koklu said: RT @leventbulusan: Social Media and Bank Compliance Departments – Eternal Enemies? […]

  2. Who responds to the regulator’s needs??? You get rid of Government Regulations (Another 2000+ Pages that is passing the Senate today) and then you can embed Compliance in the “Innovation” Department. You obviously have an agenda. Think about the compliance person’s perspective…No Mr. Regulatory Examiner, we decided the 7 page disclosure you require could be reduced to 1 sentence in social media land…to make it convenient for the customer…Your 7 pages was meant to protect the customer…Protect or Service – same thing right?…Matter Requiring Imediate Attention…What????

    • Get Real,

      It think you’ve missed the point – protecting the customer is secondary, because it is part of serving the customer.


    • Get Real,

      I’m not advocating removing Compliance or regulation. I’m advocating turning Compliance teams into internal-consulting or advisory teams that work with innovators to work out HOW to get stuff done while still protecting the customer. For example – the 7 page disclosure, while legally necessary in terms of content, just isn’t read by clients in the real world – so how do you keep the T&Cs but not overwhelm the experience of the customer by insisting the T&Cs are read before they can “DO”.

      Software manufacturers, travel agents, and others have long ago resolved this with the tick box to confirm you’ve read the T&Cs. From a regulator and legal compliance perspective that means the bank is covered, regulator is happy, and customers flow is not interrupted by a process that is unwieldy.

      It is not about removing compliance – it is about building it into the customer experience in a smarter way.


  3. Compliance departments have to stop saying no? That is perhaps a simplistic point of view. Compliance officers are tasked with the unenviable job of trying to ensure that banks and credit unions comply with a myriad of complex regulations. They aren’t cautious out of a desire to be a pain. Rather, they are one of the few folks who understand the laws, regulations, guidance document and potential legal risks involved. Social media is nothing other than an advertisement. There are rules to be followed. Rather than “friend or foe,” a good financial institution blends compliance into each aspect of the institution. Compliance should strive to understand what marketing needs, but marketing should do the same thing. Painting auditing or compliance as the “bad guys” accomplishes nothing, if not actually doing harm by minimizing the need to play by the rules.

    • Anthony,

      U understand there are rules. The thing is that compliance guys need to ‘think’ differently. The overwhelming response is simply ‘no – the rules say you can’t do that’. Predominantly those rules these days are policy in-bank and not regulatory requirements unfortunately.

      The way to fix this is turn the compliance team into enablers. They have to start thinking HOW to get stuff done. It is a mindset issue.

      I’ve seen compliance teams where this works and they are no longer considered the ‘bad guys’ inside a team, but a valuable contribution to innovation and progress.


  4. “Predominantly those rules these days are policy in-bank and not regulatory requirements unfortunately.”

    Mr. King, I believe that “predominantly” might be a bit of a stretch. I don’t think there are too many successful businesses that are currently operating under in-house policies and procedures that limit growth and innovation.
    As Anthony mentioned, if a compliance officer says “no – the rules say you can’t do that” it is not out of some nefarious intent to sabotage the business that provides their daily bread. It is the result of carefully considered research that determined that the rules say you can’t do that.
    It is important, as you mention, to consider more than just marketing or advertising compliance. There are real risks associated with employee use of social media. Marketing should be just as concerned with potential reputation risk as compliance staff are. Both compliance and marketing should be at the table, playing to their strengths and supporting the organization as it innovates and creates opportunities for survival and success. Although compromise may be required, rest assured that Federal and state examiners and regulators are not going to be all peace, love, and marketing when assessing penalties for compliance violations.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: