Social Media Policies Within the Financial Sector in South Africa

The main purpose of this article is to explore the social media policies of financial institutions in South Africa. Owing to the advances in technology, businesses are exposed to many opportunities but also risks in social media platforms. For the study, a thematic framework was considered to analyze social media policies, which included risk and relationship building, brand image and reputation, stakeholders and communities, disciplinary action and compliance as well as professional and personal guidelines. A qualitative document analysis of social media policies of select South African Johannesburg Stock Exchange (JSE) listed financial institutions was then conducted. For the data analysis, a thematic document analysis using a consensual qualitative research process was applied. The results showed that all the financial institutions appreciated the value and opportunities provided by social media and ensured strict compliance to their social media policies. However, there were some financial institutions that did not focus on relationship building, did not mention brand image and reputation, did not include all stakeholders, and did not suggest personal guidelines in their social media policies.


Introduction
Social media as an ever-changing communication and collaboration channel of platforms, services, and applications has profoundly influenced all structures of society including individuals, experts, public figures, scientists, institutions, and businesses (Lomborg, 2015;Matesic et al., 2013). In addition, the advent of social networking sites such as Facebook and Twitter have led to the affordable dissemination and retrieval of information, which has added improved functioning of the public sphere (Steenkamp & Hyde-Clarke, 2014). Thus, these web-based applications enable users to exchange information, create relationships, and communicate information easily (Linke & Zerfass, 2013). According to Rauiar et al. (2014, p. 7), this new internet-enabled "voice of the masses" is creating a shift in the communication paradigm that affects every aspect of society. Furthermore, the current popularity of social media continually creates opportunities for organizations as it opens new channels of interaction with consumers and other important stakeholders. Overall, social media has the potential to be a valuable source or benefit to organizations and is growing exponentially (Zhang & Moe, 2017).
However, O'Connor et al. (2016) warn that although social media can have significant benefits for an organization, there are numerous potential risks associated with inappropriate or unprofessional conduct by its users when associated with an organization. O'Connor et al. (2016) stress the practice of well-developed and managed organizational social media policies that transcend the traditional information technology-related policies, so that organizations can protect their professional reputations and proprietary information from exposure. For Knott-Graig (2018), the Fourth Industrial Revolution has impacted the world, and one impact in South Arica is that the internet is now able to follow users and force people to act more professionally. The financial sector is no exception, South African banks and other financial institutions operate in a highly competitive industry where they face financial risks such as operational and reputational risk (Coetzee, 2016). As a result, operations within these highly competitive environments require innovative thinking, in terms of strategic management, linked to communication, stakeholder engagement, and management of reputation, to set them apart from their competitors. Little previous research has focused on social media management in the South African financial institutions.
This article aims to investigate social media policies and how they are implemented in various financial institutions in South Africa. The intention is to establish how social media policies of the financial institutions are utilized to manage social media activities and keep them ahead of their competitors. A thematic analysis approach was developed by consulting the available literature on social media management and social media policy development, to establish a framework for policy review. The article is organized into three main sections, namely, a brief literature review of social media development and policy implementation for organizations, thematic framework used for analysis, the research method followed to collect and analyze the data, and, finally, the results and conclusions.

Social Media Policies
The term "social media" includes a range of tools and services that all enable direct user interaction on computermediated environments (Lampe et al., 2011, p. 2). Social media predominantly uses the internet and mobile-based tools to share and discuss information. The term "social media" most often refers to activities that integrate technology, telecommunications, and social interactions as well as the construction of words, pictures, videos, and audio (Mohamed, 2011). The term social networking includes web-based services that allow users to connect a public or semi-public profile within a bounded system, articulate a list of other users with whom they share a connection as well as view and transverse their list of connections and those made by others within the system (Mohamed, 2011). Rauniar et al. (2014) define social media as forms of electronic communication, such as websites for social networking and microblogging, through which users create online communities to share information, ideas, personal messages, and other forms of communication, for example, videos. This form of communication has a social impact that reaches beyond documents or data to networks of relations and their structures (Linke & Zerfass, 2013).
According to Go and Han You (2016), "with the growing significance of new media technologies in business, organisations are now using media tools strategically in order to meet their various customers, needs" (p. 176). Advances in technology such as item identification, mobile data services, and Web 2.0, including wikis, blogs, and collaborative platforms, provide opportunities for organizations to improve their internal and external operations as well as collaborate with their external stakeholders (Vuori, 2012). The value of organizations engaging in social networking has been sufficiently documented, signaling to organizations the importance of this engagement, and further the risk of becoming less competitive if not active on social networking sites (Kwayu et al., 2018;Madia, 2011). According to Chikandiwa et al. (2013), social media helps build "brand awareness, visibility, reputation, knowledge sharing, customer acquisition and retention, low cost promotions, new product development and customer relationship marketing" (p. 366).
However, it has become important to appreciate the risks associated with this technology. According to Christina et al. (2016), social media use within organizations has generated a number of risks. These threats range from matters related to issues of monetary loss, damage to reputation, and reduced public trust, so for an organization to avoid risks and maximize the benefits, a good implementation strategy is required (Al Riyami & Ashrafi, 2016).
These potential risks are true for all sectors of industry operating in the social media space. However, it could be argued that the financial sector, including those operating in South Africa, carries a higher prospect of possible damage to reputation and loss of revenue given the sensitivity in managing financial resources, and the volatility attached to operational losses that have seen a number of financial disturbances including the collapse of some institutions over the last two decades (Barakat et al., 2019;Ferreira et al., 2019). Raj and Sindhu (2013) highlight that it is imperative that those within the finance system identify and measure various risks faced and initiate suitable remedies to mitigate them. The risks faced by the finance sector are divided into two main categories, namely, financial and nonfinancial. According to Raj and Sindhu (2013), financial risks involve all activities that relate to financial aspects, which can be broadly stratified as credit risk and market risk. Nonfinancial risks include all risks faced by the organization in their normal functioning, such as operational risk, strategic risk, reputational risk, and political risk.
For Raj and Sindhu (2013), Demek et al. (2018) as well as Barakat et al. (2019), there are key identifiable characteristics, which make researching the financial sector advisable, as follows: • • High-risk management sphere operations; • • Competitive markets; • • Highly people-driven, both in terms of HR and marketing; • • Extraordinary management and protection knowledge levels; and • • Client retention and attraction require cutting-edge innovation.
Client trust is paramount to sustainability and success. Therefore, organizations in the financial sector need to adopt clear management strategies to manage social media to avoid potential risks to the organization (Benthaus et al., 2016). Demek et al. (2018) provide more details about the concept of social media risk and point out that risk can arise from the organization's actual use of social media, employee use of social media, external sources, or a combination of these sources. Demek et al. (2018) continue by outlining the four main categories of risk that need to be taken into consideration when using social media platforms, namely the following: • • Awareness of viruses, spam, and malware introduction; • • Confidential information leakage; • • Employee productivity threat; and • • Organizations reputation damage.
Given these advances in "new" potential organizational risks, there has been a rise in social media policies development, which aim to "regulate employee communication and behaviour on public platforms" (Banghart et al., 2018, p. 339). Vaast and Kaganer (2013, p. 94) explain that the traditional policies used to manage information technology governance, technical investment, human resources, and training have proved to be less effective in managing "social media use, which is largely end-user" driven. Thus, organizations will need to formulate robust social media strategies and come up with approaches on how to implement and manage these strategies (Kwayu et al., 2018), if they plan to survive and thrive in this new online space.
The content of the organizational social media policies has become an important aspect in managing social media. According to Shah and Jha (2018), organizational decisionmakers are tasked with ensuring that policy content reflects the representation of social technology and serves as a best practice that consists of elements such as information on social tools, goals of social presence, and review of policy information.

Development of a Thematic Framework for Social Media Policy Analysis
An initial analysis of the available literature provided an opportunity to develop a thematic framework to consider social media policies. The structure of the themes included risk and relationship building, brand, image and reputation, stakeholders and communities, disciplinary action, and compliance as well as professional and personal guidelines. Chun (2005), Friedman (2009) as well as Schultz and Werner (2013) identify that effective organizational management can be explained as the collective efforts of various management structures to build and sustain the organization's reputation strategically through the careful generation of positive responses from its stakeholders (both internal and external), resulting in the organization meeting both its strategic and financial goals. Thus, operational management requires a profound understanding of the link generated between relationships, communication, and results (Murray, 2003). The research by Khan et al. (2014) gauges the risk and benefits of social media use and highlights that the benefit effect on users were stronger than the associated risks.

Risk and Relationship Building
The focus of the policy content, therefore, needs to reveal the intent of the key principles that are being addressed in these social media policies. This unveils a deeper understanding of the core content presented in the policies and informs the research of the focus placed on managing social media use by institutions.

Brand, Image, and Reputation
An organizational brand is purely an identification label, that is, a name or "visual scheme that an organization employs to distinguish itself or its products and services from rivals, primarily in markets, and largely with customers and prospects" (Roberts, 2009, p. 11). Thus, for Roberts (2009), "brand applies more to a specific product or service" offered by an organization. On the other hand, Nguyen and Le Blanc (2001, p. 303) describe organizational image as the "overall impression made on the minds of the public" about an organization and is related to the various physical and behavioral attitudes of the organization, "such as organisation name, architecture, variety of products or services, tradition, ideology and the impression of quality communicated by each person" interacting with the organization. Lange et al. (2011, pp. 160-161) define reputation as a multidimensional construct of "being known" and "being known for something" and a "generalised favourability." Collectively, this could be seen as the composition from numerous key attributes, including the organization's capacity for innovation, the quality of its management and employees as well as the perceived quality of its products and services.
Managing social media usage in light of protecting the institutional brand and image becomes crucial. Therefore, understanding how policies are addressing aspects of brand and identity-and thus its reputation itself-provides insights into the management of organizational reputation and the value placed on these components.

Stakeholders and Communities
One of the major influences of the internet has been in shifting the emphasis of organizations back to the stakeholders and its communities with whom they have the most direct relationships (Money & Gardiner, 2005;Xu & Saxton, 2019). The internet has provided opportunities for the individual stakeholder to get information on the good and the bad of an organization's performance, and to spread that information (Money & Gardiner, 2005). Social media, in particular, provides an avenue for stakeholder engagement, which is essential to ensure the building of both internal and external relationships (Surucu-Balci et al., 2019). Dodd and Stacks (2013) highlight that organizations can be faced with widespread social media use among both the external public as well as employees internal to that organization. Stakeholders can typically be grouped as internal (e.g., employees and managers) and external (e.g., customers and stakeholders; Chun, 2005). A stakeholder can be defined as any given individual or group who has an impact on an organization or who the organization can ultimately impact (Freeman, 1984). Stung and Yang (2009) identify stakeholders as people who are interdependent on the organization, or because they have stakes in the organizational operations. The effects of corporate reputation on various stakeholders can be seen as trust and loyalty of customers, desirable investment opportunities for investors, job security for employees, and environmental responsibility for society (Friedman, 2009). Thus, understanding how an organization views and classifies its stakeholders will impact directly the management of these crucial groups of people who play a vital role in determining the organization's reputation and how their social media should be managed in this light.

Disciplinary Action and Compliance
The increasing use of social media by both individuals and organizations for personal and professional reasons has come to the fore as a critical issue at the intersection of human resources and information technology (Jacobson & Tufts, 2013). Thus, organizations need to find the point of equilibrium between allowing freedom of expression, on one hand, and exercising some form of control, on the other hand.
This section highlights the organization's intention to enforce compliance through their social media policies. The aim of insisting on compliance relates directly to the organization's definitive intention of the policy. Policies aiming at encouraging social media use only, do not necessarily address issues of compliance or disciplinary action. If the aim of the policy is ensuring responsible use and protecting the organizational reputation, the policy may directly refer to action to be taken if transgressed.

Professional and Personal Guidelines
Online communication and media tools are important communication channels that provide organizations with the opportunity to engage with their stakeholders, thus making it part of the work expectation of some of its employees to adopt social media tools into everyday organizational activities (Mergel & Bretchneider, 2013, cited in Fusi & Feeney, 2018. Employee challenges for managing both professional work-related use and personal off-duty use of social media are plentiful, and add an additional level of complexity to the level of management from the organization to the employee (Jacobson & Tufts, 2013).
As a result, the objective of many social media policies is to provide parameters for social media use, whether it is for the employees' professional responsibilities, or to inform employees of their responsibilities when using social media in a personal capacity, or to manage risk associated with the use of these tools (Department of Human Services, 2011). Fusi and Feeney (2018) argue that organizations need to incentivize and support the individual social media learning processes by building a creative and positive correlation with social media policies and rules for an innovative online presence.

The South African Financial Sector and Social Media Use
A study by Chikandiwa (2014) highlighted the use of social media by South African banks. The study looked at understanding how social media was used as a marketing tool within the banks and how integrated the tool had become in this sector. A key set of findings identified by Chikandiwa (2014) was that South African banks faced serious challenges, but also opportunities, when managing these platforms. The challenges were listed as follows: • • Lacking manpower to manage and administer the systems; • • Failing to adapt to customer dynamics; and • • Fearing the loss of brand to the customer. Chikandiwa (2014, p. 121) identified the opportunities as follows: • • Keeping up with industry trends; • • Increasing competitive advantage over other banks; • • Ever-improving relationship with stakeholders; • • Enhancing the corporate credibility; and • • Providing a platform for banks to educate their customers.
To deal with these challenges, David Cripps (ComputerWeekly. com, 2012), Investec's Information Security Officer, emphasizes the importance of putting social media policies in place to manage the "flow and use of social media." Cripps maintained that Investec's social media policies aimed at assisting staff to know their responsibilities when using social media and upheld that using technology alone should be the last resort for managing the risks associated with the use of social media (ComputerWeekly.com, 2012). Cripps adds that in addition to well-integrated social media policies, organizations should offer compulsory information security training to staff with a heavy focus on social media, thus empowering staff to be the best "brand ambassadors" for the organization (ComputerWeekly.com, 2012;Langlois, 2012). The Investec social media policy includes three elements, namely, appropriate use of social media by its staff, information security training, and monitoring social media (Falk, 2012). KPMG South Africa (2014) proposes social media as a solution to almost all problems currently faced by the banks, "from customer loyalty and the re-establishment of trust through to new product development and more efficient approaches to customer services." KPMG South Africa (2014) maintains that social media offers innovative banks a fairly straightforward and cost-effective approach to transformation. Mayo (2012), in turn, points out that South African banks need to empower themselves by incorporating social media into their operations, which will allow them to move away from traditional marketing and customer services. Seggie (2012) warns that customers have "upped the ante" on customer service, changing the way they interact with companies and putting them under pressure to operate on new platforms. Lana Strydom from FNB (Seggie, 2012) views social media as part of the organization's overall brand and communication strategy, and emphasizes that the best way to manage social media is as a "holistic channel across the business, not just in marketing or customer service teams" (Seggie, 2012). ABSA Chief Information Officer, Alpesh Patel (in Seggie, 2012), is quoted as saying that the biggest threat to financial institutions is not posed by other financial institutions, but by nonfinancial institutions using technologies to reach new customers. Mayo (2012) further acknowledged that the financial sector in South Africa would need to empower leaders and drive a new set of behaviors and culture that will support innovation and upset traditional ways of thinking with regard to social media use.

Research Method
As document analysis was used in this qualitative study, the data were collected by obtaining the social media policy documents of the sample organizations. The population sample included all the respective financial institutions listed on the South African Johannesburg Stock Exchange (Sharenet, 2015). The list consisted of five (national and international) registered banks, two investment banks, and six insurers listed as financial institutions. All institutions were contacted via email to participate in the study.
It needs to be noted that not all of the financial institutions assisted with providing their organizational social media policies. Only six of the listed financial institutions provided their internal employee social media policies. Three institutions replied to the request and asserted that their social media polices were for internal use only and, therefore, could not be referenced or made use of externally. Four organizations did not respond to the request at all. However, nine of the organizations who responded to the request confirmed that they managed their social media exposure through formally implemented internal social media policies.
Given the high risk and competitive nature of the institutions under study, the six policies offered were obtained under the confidentiality agreement recommended within the ethics clearance obtained by the researching institution. For this reason, the identities of the participating institutions could not be disclosed. To maintain confidentiality, the participating institutions were referred to by means of alphabetical encryptions. In addition, no social media policies were openly available on the internet.
Care was taken not to exclude any policies based on their size or content, and polices were read in conjunction with the employee social media guidelines where applicable. Consideration was given to those organizations who offered both policies and guidelines to their staff. These organizations felt that the guidelines provided an additional layer, which assisted staff to understand their role and responsibilities to the organizations when using social media and social networks.
Thematic document analysis was used to analyze the data obtained from the social media policies of the participant financial institutions. The thematic framework was fundamental to the process of analysis and was developed from the literature consulted regarding social media policy development. Thematic frameworks are seen as a way of indexing and categorizing the text to establish a framework of thematic ideas about what the text is saying (Gibbs, 2013). The thematic framework allowed the text to be categorized with the aim of grouping together all the examples of the same phenomenon, idea, and explanation under various themes. This allowed the data to be managed and organized for examination in a structured way and to identify the relationship between the themes and categories as well as allowing case-by-case comparison (Gibbs, 2013). An adaptive process of Consensual Qualitative Research (CQR) was applied to the data analysis process in an effort to achieve research trustworthiness. This method employed the services of an academic research team to conduct an auditing or verification system in keeping the consistency of the themes, categories, analysis, and interpretation throughout the research process (van den Berg & Struwig, 2017).
The reason for placing the research within a thematic framework, identified from the literature, was that it explained the unique situation that managers faced when considering social media management within the financial sector. A further benefit of using this approach ranged from the unobtrusive nature of data collection to the unbiased information obtained and the cost benefits.
From the thematic analysis approach employed from the literature search, the list of themes outlined in Table 1 was applied to the social media policies under analysis. The list of themes was divided into two broad categories according to what they aimed to understand. Level 1 considers the contents of the actual policy, whereas Level 2 considered the consumers of the policy.
As this was a qualitative study, the ideas expressed in the documents as well as the underlying approach were used as the primary focus when analyzing the documents. However, the analysis approach and reporting provided further explanation, through numbers-as a complementary process to the qualitative information presented-and was not meant to be a generalization of a larger sample. Maxwell (2010) argues that the use of numbers in conjunction with qualitative methods and data does not make a study one of mixedmethod research. Using numbers in the sense of simple counting are legitimate and an important type of data analysis for qualitative research.

Results and Discussion
The policy documents that formed part of the sample were considered under two main categories of analysis, namely, the situational setting of the social media policies and the themes identified within the policies.

Situational Setting of Social Media Policies and Policy Development
The situational setting of social media policies provided an indication of the initial direction of their development and the way social media was managed through these policies. It provided insights into the intent as well as the primary use of the policy by the organization. Furthermore, it highlighted the organization's understanding of the link between social media and managing the overall organizational reputation as well as the potential risk associated with wrongful use. Recognizing the time frame for development and updating of these policies also addressed the issue of urgency and importance placed within the context of the ever-changing nature of social media use.
The context of operation of the policies was important in so far as it provided the opportunity to articulate the significance of the role that social media management played in organizations. All the financial institutions consulted expressed the importance placed on managing their staff through social media policies. Although 33% of the policies were registered as policies intended to manage aspects of marketing and public relations of the financial institutions, half (50%) of the policies were aimed at managing aspects of organizational operational risk. The target audience of the social media policies of all the financial institutions was their staff members.
The majority of the financial institutions who participated in the study viewed social media use as important in the day-to-day functioning of their operations. For example, Organization A commenced their policy by providing a well-reasoned rationale for networking and connecting with clients and key stakeholders. The staff policy and guidelines reinforced the value of openly communicating on social media: Organisation A does not object to or discourage the use of social media and regards it as an important tool for communicating and engaging with clients and key stakeholders. This policy is intended to foster an open and expressive environment.
Organization B highlighted the benefits of social media use with a distinct focus on interconnecting for internal collaboration and knowledge sharing: In addition, social media will also allow you to get in contact with people in the organisation with the aim of sharing ideas, which ultimately will increase our flexibility, reaction to our dynamic environments and our competitiveness.
Organization B raised a convincing argument by emphasizing the internal benefits of using social media within the organization. The value attached to this aspect of the organization's activity was widespread and accessible to all staff. This collaboration network was available to permanent, temporary, and contracting staff within Organization B.
In addition, social media also allowed personnel/employees to contact people in the organization with the aim of sharing ideas, which ultimately would increase their flexibility, reaction to their dynamic environments, and competitiveness. Organization C provided similar encouragement to their staff: Together we can share ideas, stay informed, make connections and continue to innovate.
However, it is important to note that all social media policies, no matter how encouraging, also brought to the attention of staff the possible risks associated with social media use. The aspect of risk is discussed in the analysis of social media policies.

Analysis of Social Media Policies Using the Thematic Framework
The various aspects emphasized by the social media policies provided an indication of the nature of social media policy  Figure 1 provides a summary of the findings drawn from the themes presented for social media policy within the sample of social media policies selected. From Figure 1, the following can be deduced: (a) Main focus themes presented by South African financial sector social media policies.
The focus of the policies revealed the intent of the key principles that were being addressed. This unveiled a deeper understanding of the core content presented by the policies, and informed the research regarding the focus that institutions placed on managing social media use.
The majority of the sample of South African financial institutions in the study valued the use of social media and social networking as a key tool in engagement with internal and external stakeholders. This included both external and internal collaboration as well as relationship building. Some institutions had further developed their own internal networking platforms, while still encouraging the use of the more traditional platforms.
Three distinct categories of policy focus were identified, and, as a result, the social media policies analyzed in this research were categorized into these three main themes, namely, (a) relationship building, (b) risks, and (c) both relationship building and the associated risks. The majority of the social media policies (five of the six policies) focused on both the importance of relationship building and the associated risks. Only one policy did not to encourage staff to use social media because of the risks involved, and only offered guidelines to minimize risk to the organization.
Organization C highlighted the opportunities presented for engaging and networking, supported this tool, but also cautioned staff of the potential damage that could be caused:  Figure 1. Summary of the themes embedded in social media policies in the South African finance sector sample.

Source. Authors' compilation.
Social media offer an important platform for Organisation C to engage and converse with our clients, communities, shareholders and general public. Employees, and contracted 3 rd parties, may participate in these conversations subject to the principles contained in this policy . . .
. . . You may be held liable for harm, (or potential harm), that may result from any social media commentary you make.
The focus on risks associated with online communication was in line with the nature of the sector being discussed. It was imperative that organizations operating in a high-risk environment ensured that staff and others associated with the organization were aware of the potential negative exposure that could be created.
The attitude of organizations toward protecting their brand and image to both their internal and external stakeholders was important in so far as it denoted awareness of the perceptions held about the organization. However, reference to organizational reputation also revealed a deeper understanding of the importance placed on stakeholders' perceptions, both internally and externally. Furthermore, organizations that made a distinction between both image and brand as well as organizational reputation by referring to all three, viewed these concepts as separate but interwoven notions. This demonstrated a deeper understanding of the implications of managing perceptions of the organization over a longer, more sustained period of time. Given the growing contribution social media could make to the perceptions of brand, image, and reputation, it was important to note the way in which organizations referred to these concepts. Although not explicitly defined in the policies, the study considered the reference to these terms as defined in the study and by the literature consulted.
Overall, 50% of the sample viewed both reputation and brand/image as important. These organizations sought to draw their employees' attention to understanding the dynamic effect social media could have on their brand, image, and their reputations as a whole. It was important to note that 17% of the respondent organizations did not mention brand, image, or reputation within their policies.
Organization B raised issues and risks that could affect not only its reputation and brand, but also encouraged its staff to protect the group's values and code of ethics as maintained by the organization: . . . public social media have implications for the group's reputation.
Employees who interact via social media networks need to be considerate of the impact they may have on the brand they represent. Organization E remarked on all three concepts mentioned in their policy, thus creating an understanding of the distinction that existed among the concepts: . . . you need to be mindful of the impact that you may have on the brand at all times.
. . . what you say in social media has implications on the organisation's reputation, image and values.
(c) Stakeholders and communities.
Stakeholders were seen as important role players within an organization, and policy guidelines on how these relationships should be managed and the potential as well as the realtime risks associated with such relationships became central themes when managing organizational reputation. As a result, stakeholders could be considered to be both internal and external role players. According to Balnaves (2012, p. 140), financial sectors use social media "channels" at varying levels, namely, for traditional marketing, where they control all levels of communication, integration of marketing into a two-way communication with stakeholders and some organizations "build actual communities" with individuals influencing the organization itself. The effects of corporate reputation on various stakeholders can be seen as trust and loyalty of customers, desirable investment opportunities for investors, job security for employees, and environmental responsibility for society (Friedman, 2009). Thus, understanding how an organization viewed and classified its "stakeholders" could impact the management of these crucial groups who play a vital role in determining the organization's attitude to overall management of social media.
While analyzing the sample of organizational social media policy documents, care was taken to understand how the organizations defined stakeholders. For purposes of this study, stakeholders were considered as both internal and external groups that could affect or be affected by the organization, including the organization's understanding of its own social and environmental responsibility. An organization's attitude and appreciation for the greater impact it could have on its social and environmental surroundings was vital in creating a trustworthy and sustained organizational reputation.
Overall, 50% of the sample's organizations made reference to both "stakeholders" and "communities" as distinct role players with regard to the organization. And, 33% referred to stakeholders only, no organization referred to "communities" only, and 17% failed to refer to any form of stakeholder group or "community." Organization A referred to and made mention of various stakeholders (as defined by this study) throughout its policy and staff guidelines: . . . turning customers into advocates and developing relationships with key online influences.
. . . building branded communities to support customers and sustain online sales and self-care.
. . . it must protect the privacy, security and image of the organisation's clients and stakeholders, while at the same time maintain corporate security.
Organization D provided a list of various possible stakeholders, drawing the attention of staff to the multilayers of external and internal stakeholders: Social media offer an important platform for the organisation to engage and converse with our clients, communities, shareholders, and the general public across a number of channels.
. . . whenever you engage with the organisation's stakeholders it is your responsibility to behave appropriately according to the standards set in the policy.
(d) Disciplinary action and compliance.
The increasing use of social media by both individuals and organizations for personal and professional reasons has come to the fore as a critical issue at the intersection of human resources and information technology (Jacobson & Tufts, 2013). Thus, organizations need to find the point of equilibrium between allowing freedom of expression, on one hand, and exercising some form of control, on the other hand.
The importance placed on how organizations insisted on compliance with their policies also reflected the organizations' attitude toward managing the content of their policies and maintaining responsible social media practice by their staff.
Given that this study considered high-risk institutions only, it was not unexpected for policies and staff guidelines to make direct reference to disciplinary procedures should staff not comply with the content of the policy.
Organization F emphasized matters of discipline and compliance throughout its policy that also required staff to monitor social media activity and report on issues of noncompliance: Any deviation from this policy may be subject to disciplinary review or other appropriate action.
If you observe a breach of this policy, or suspect there may be an impact on Organisation F due to content published, please contact your line manager and your business-unit's media relations team immediately.
Ensure you comply with your responsibilities, acceptable use and group compliance policies, as well as all relevant Organization F policies and rules.
Organization E made similar reference to disciplinary action in both their formal policy and staff guidelines. There was reference to a wider compliance with the law and direct compliance with the policy, namely as follows: Consider the law. Always abide by the laws of the country, including those laws governing defamation, discrimination and harassment. In addition, online communication is global in nature; other laws and regulations may also be applicable to your communication.
Failure to abide by these guidelines could put your participation at risk, and may even result in termination of your contract with Organisation E and possible debarment.
(e) Personal and professional guidelines.
Online communication and media tools are important communication channels that provide organizations with the opportunity to engage with their stakeholders, thus making it part of the work expectation of some of its employees. Employee challenges for managing both professional workrelated use and personal off-duty use of social media are plentiful and add an additional level of complexity to the level of management from the organization to the employee (Jacobson & Tufts, 2013).
The objective of many social media policies is to provide parameters for social media use, whether it is for the employees' professional responsibilities, or to inform employees of their responsibilities when using social media in a personal capacity, or to manage risk associated with the use of these tools (Department of Human Services, 2011).
The intention of most organizational policies would be to manage operational risk and ensure compliance with the aim of protecting the organization. However, social networking through the use of internet-based and other electronic social media tools is integrated into everyday life, thus, the lines between personal life and work can become blurred (The American Institute of Architects, 2013). It is essential that financial institutions find ways to ensure that staff members comply not only with good social media practice professionally, but also in their personal capacity in so far as the staff members' association can be traced back to the organization. Therefore, it is paramount to ensure that social media policies convey the risks connected to the organizations.
From the sample under review, it was evident that there were two distinct groupings of policies: (a) those that only referred staff to best practice for professional use and guided them how best to communicate and build networks for professional purposes with the aim of benefiting the employing organization, and (b) those that referred staff to best practice for both professional and personal social media use. The latter group identified the need to provide guidance for personal use as they recognized that the majority of their employees used internet-based social media in their personal capacity. The organizations (four of the six policy documents) endeavored to protect the organizational reputation through ensuring compliance and providing guidelines related to professional and personal network activities. The majority of the sample financial institutions (67%) provided guidelines to both the use of social media to protect organizational reputation and for personal use of social media.
Organization C offered staff clear professional and personal guidelines linked to avoiding organizational risk. Risk could be mitigated through this, and related policies focused on employees' personal and professional behavior and addressed information confidentiality and integrity, namely as follows: Outlined below are some dos and don'ts to follow when engaging on social media: (a) Speak on your own behalf and not for Organization C, unless you are an authorized media accredited online spokesperson. (b) Read and adhere to all Organization C policies, as applicable from time to time, and South African law. (c) Be responsible . . . Organization B considered the personal reputation of its employees and provided a summary of considerations to be reflected by the employee: The reputation of people and organizations are nowadays more easily open to risk due to the explosion of social media networks.
Usually this rule is the best to apply: if in doubt, you probably shouldn't publish. Here is a summary of primary considerations: From the analysis, several positions emerged and stood out from the main findings: • • There were financial institutions that did not focus only on relationship building in their social media policies. The management of social media was focused mainly on potential risk that could be created rather than the opportunities associated with increased brand and image awareness as proposed by the literature. • • There were financial institutions that did not mention brand, image, and reputation in their social media policy. Given the highly competitive nature of the South African financial sector, it could be assumed that there would be, in all cases, more focus on increasing their competitive edge through an online presence. • • There were financial institutions that did not suggest personal guidelines of how staff should manage their personal social media platforms in their social media policy. Thus, focus was on a holistic approach to social media management and its possible direct and indirect image as well as its risk management.

Significance of the Research
There is limited evidence in the research literature that examines the implementation possibilities that social media has had on the reputation management of the financial sector within South Africa. Jacobson and Tufts (2013) stress the knowledge gap that exists in managing this relatively new form of communication and engagement, pointing to the many unanswered questions on how to manage both social media and social media employee issues. The authors frame the problem as being, in many instances, the problem of the IT department, which is left to manage employee access and participation in social media endeavors through technical solutions without the involvement of management or any consideration of human resources and other challenges (Jacobson & Tufts, 2013). Maintaining the sensitive balance between employee rights to privacy and the need for the organization to manage potential risk becomes a major challenge. Given the intense personal and professional relationship ramifications of privacy invasions and reputational concerns, these issues should be relevant for years to come (Oravec, 2012).
Furthermore, managers need to identify well-managed and well-orchestrated online conversations that can help organizations build and maintain an active presence, reputation, and brand image (Jones et al., 2009). A good relationship with stakeholders can be advantageous to building a stronger organization while placing it in a better position to manage risk in times of crisis.
As social media has been identified as a major contributor to the management of communication, stakeholder engagement and reputation, lessons learnt from this research are bound to make a significant contribution to the understanding of the importance of effectively managing social media and the significance of stakeholder relationships within the financial sector in particular.

Conclusion
This study has contributed toward the limited debate on how social media policies in the financial sector have been developed and employed to manage the organization's-and to some extent their employee's-social media use with the aim of promoting their organizational communication, stakeholder management, and reputation. Research interests in strategic organizational management, marketing and communications, human resources, stakeholder management, and organizational risk management could use the findings of this study to develop and improve strategies of the following: • • Assessing the impact of social media activity on organizational reputation, • • Developing management models of social media management with the aim of improving and protecting and enhancing organizational communication, and • • Assessing both internal and external stakeholder perception and management.
Thus, the development and introduction of such strategies could advance the discussion and the understanding of the role of managing social media in the financial sector. In addition, it also creates the opportunity for future research areas such as exploring social media policies in a global context and investigating to what extent financial institutions comply with their policies. In so doing, it addressed the limitation of the research that centers on the lack of available literature on social media policy development and social media management within the financial sector, in particular, within the context of South Africa. However, the results confirmed the research of Chikandiwa (2014) that although social media use was still in its infancy (at that time), the financial sector was using this tool for external engagement and for purposes of advertising, brand management, and handling of customer complaints. Platforms such as Facebook, Twitter, YouTube, blogs, and LinkedIn were used most often.
The literature reflected the pressure that has been put on this sector to operate within social media realms and keep up with the times. The emphasis was not only on communication and networking but also on the need to enfold social media into daily operations with both internal and external communication. Thus, the risks associated with such development needs to be carefully managed at all levels to establish a secure platform for the development and maintenance of a good reputation that will yield high returns.
The results further showed that the majority of the financial institutions appreciated the value and opportunities provided by social media to establish and build a positive profile by engaging with both external and internal stakeholders. However, at the same time, mitigating the possible risks was equally as important. The financial institutions ensured strict compliance with their policies, and none of the samples identified provided a policy for noting purposes only as the policies were seen as key drivers to maintain and protect the organizational reputation.
Further analysis revealed that some organizations provided staff with detailed social media guidelines in addition to policies. These organizations sensed that the staff guidelines needed to provide clear best practice directives to staff. However, staff did not always read the guidelines and to counteract this, some organizations provided their staff with social media training, which was one of a number of ways of ensuring compliance for building improved organizational social media management.
An appreciation of the integrated and profound impact social media has on society is the foundation of social media policy development. The argument is no longer how to avoid or only protect an organization from the risks associated with social media use, but how to harness the potential and move with the times by including social media into most aspects of the organization's operations, while still recognizing the areas of possible threat to organizational reputation.