ALERT – FFIEC Issues Guidance on Social Media
by Jim Satterfield, President and COO, Firestorm
In several articles and webinars last year, Firestorm discussed the evolution of regulatory agency guidance, rules and regulations with regard to social media use. As social media use has grown, we have seen regulators such as FINRA, promulgate regulation to protect investors; the SEC issue notices which provide guidance for using social media in the context of regulated business transactions. We have suggested best practices for monitoring use, both internal and external, and are continually reviewing risk reduction as it applies to social media policy.
Also notable, is the ever increasing body of case law emanating from social media risk, including claims of defamation and copyright infringement; discrimination; breach of non-compete agreements; employee misrepresentation on social media sites – all with significant consequences, including associated judgments, fines and penalties.
On January 22, 2013, the Federal Financial Institutions Examination Council (FFIEC) released proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks, savings associations, and credit unions, as well as nonbank entities supervised by the Consumer Financial Protection Bureau and state regulators.
The FFIEC is responding to requests for guidance in this area from various industry and consumer interests. The guidance is intended to help financial institutions understand potential consumer compliance, legal, reputation, and operational risks associated with the use of social media, along with expectations for managing those risks. Although the guidance does not impose additional obligations on financial institutions, the FFIEC expects financial institutions to take steps to manage potential risks associated with social media, as they would with any new process or product channel.
The Guidance advises financial institutions to maintain risk management programs to identify, measure, monitor, and control risks related to social media. Such a program should include:
- A governance structure with clear roles and responsibilities for the board of directors or senior management to direct how social media will contribute to the strategic goals of the institution (for example, through increasing brand awareness, product advertising, or researching new customer bases) and establish controls and ongoing assessment of risk in social media activities;
- Policies and procedures on the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations, and guidance, which should incorporate methodologies to address risks from online postings, edits, replies, and retention;
- A due diligence process for selecting and managing third-party service provider relationships in connection with social media;
- An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities;
- An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;
- Audit and compliance functions to ensure compliance with internal policies and all applicable laws, regulations, and guidance; and
- Parameters for reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the social media programs’ effectiveness, including in achieving its stated objectives.
Firestorm leadership is reviewing this proposed guidance, and will present a learning session on the guidance, impact to your organization, and best practices to mitigate risk stemming from Social Media use.
The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB), and to make recommendations to promote uniformity in the supervision of financial institutions. In 2006, the State Liaison Committee (SLC) was added to the Council as a voting member. The SLC includes representatives from the Conference of State Bank Supervisors (CSBS), the American Council of State Savings Supervisors (ACSSS), and the National Association of State Credit Union Supervisors (NASCUS).
If you have questions on how this proposed guidance may effect your organization or institution, contact us via this website or call: (800) 321-2219