Direct Messaging Is a Great Idea for Banks. Here Are 3 Tips to Make It Compliant.

Posted by Doug Wilber on October 1, 2019

3 Tips for Compliant Direct Messaging

By now, most banks have realized the need for an effective social strategy to engage their customers. But simply being on social isn’t enough. Now, bank employees need to be available for immediate two-way dialogue with customers through direct messaging.

After all, 24% of consumers born between 1981 and 1999 identify social media and messaging over the internet as their favorite channels of communication, with emails and text messages followed closed behind (21%). In 2018, Facebook Messenger (the most popular messaging app) hosted 126.3 million users, and that number is expected to rise to 138 million by 2022. It’s clear that direct messaging is an important form of communication. If your financial institution isn’t using it, it’s missing a big “in” with customers.

But while direct messaging opens a lot of doors, it also increases the possibility of violating important compliance rules. FINRA doles out hefty fines each year for electronic communications violations, and direct messaging on social media falls under these regulations. The good news is that you can enable convenient two-way dialogue between your employees and your customers without compromising compliance.


How to Build a Compliant Direct Messaging Strategy

Despite the spontaneous nature of social media, your bank is still responsible for safeguarding users’ privacy and adhering to regulations. In addition to typical marketing guidelines on social media, you also have to protect all incoming communications. Therefore, your social selling strategy should be guided by a policy that balances privacy and open communication.

If you want to take advantage of direct messaging, fold it into your social media policy by addressing its uniquely fast nature. Start with these few tips:


1. Update your policy and archive everything. A social media policy that takes privacy and regulation into account isn’t just a good idea; it’s mandated by the FFIEC. Direct messaging needs to be covered in this policy. Have guidelines for when and how employees should respond to direct messages, explain possible violations clearly, and detail the consequences of those violations.

Your efforts to remain compliant will mean nothing, however, if you can’t prove compliance. FINRA’s Regulatory Notice 10-06 dictates that financial institutions that communicate with consumers via social media or other online sites must retain records of the correspondence. When regulators request proof that you’ve followed proper protocol, you’ll want to make sure you have what they need.

Keeping a full archive of all digital communication between employees and consumers may seem time-consuming — and without the right tools, it is — but an auto-archiving tool can automatically record every piece of correspondence (including usernames and time stamps) to ensure accountability and prove compliance.


2. Revisit social media training for employees. Armed with a compliance-oriented social media policy, employees will be better able to understand the nuances of compliant direct messaging. As an immediate two-way communication channel, social media messaging is equal parts marketing and customer service. So train employees on what an approved message looks like, new security protocols, and new compliance concerns before you let them loose.

Because it’s just as much about customer service as it is marketing, issues will come up, so institute protocols to address them in real time. Draft a plan to manage common customer concerns and complaints, and provide pre-approved responses for employees to use. For the inevitable unforeseen problems, have a clear internal workflow process so you can address curveballs as quickly as possible.


3. Protect consumers’ information. Aside from meeting regulations with direct messaging, banks should also understand that they have a responsibility to keep consumers’ data and information secure. In a Pew Research survey, 74% of consumers said it was “very important” for them to be in control of the data collected about them, yet only 9% reported feeling confident that they had that control.

Build consumers’ trust by guaranteeing that you’ll protect the information they share. Be sure your social media policy highlights the importance of keeping consumers’ information secure, and have a procedure in place for handling privacy issues. For example, employees should know exactly what to do if a customer shares confidential information such as a Social Security number.


Direct messaging isn’t just hype anymore; it’s quickly growing into consumers’ preferred communication channel. It can offer your customers an easy-to-use tool for interacting with your employees — but only if you take the correct security and compliance measures.


Is your institution behind the curve?

Check out the ABA's State of Social Media in Banking 2019 report to see what others have to say:

The State of Social Media

Topics: Compliance, financial social media, policy, social media archive regulations, Employee Advocacy

Subscribe to the Gremlin Social Blog

Recent Posts