To address the intersection of financial institutions and social media, the Federal Financial Institutions Examination Council (FFIEC) recently released proposed guidance on the potential legal, reputational, and operational risks posed by social media sites.

In collaboration with the Office of the Comptroller of the Currency, the FFIEC issued “Social Media: Consumer Compliance Risk Management Guidance.” Entities governed by the FFIEC’s members – including banks, savings associations, and credit unions, as well as nonbank entities supervised by the Consumer Financial Protection Bureau – will be expected to use the guidance “to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their social media activities.” The public comment period will close on March 25, 2013.

As defined by the guidance, social media is “a form of interactive communication in which users can generate and share content” in a variety of mediums like text, images, audio, and/or video. “Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions.”

According to the guidance, all financial institutions should establish a risk management program, but the details will depend upon the scope of a given institution’s involvement in social media. For example, a bank that relies heavily on social media to attract and acquire new customers should have a more detailed program, while a bank that chooses not to use social media at all may rely upon a less comprehensive policy. However, at a minimum, all entities must still “be prepared to address the potential for negative comments or complaints” within social media platforms and provide guidance for employee use of social media.

Risk management programs should address issues that include the governance structure and the strategic goals of the institution’s social media plan (like increasing brand awareness or product advertising); the policies and procedures for monitoring the company’s social media use; training of company employees in the official and non-official uses of social media; and the effectiveness of the company’s audit and compliance procedures.

Financial institutions face a broad spectrum of risks when using social media, the FFIEC explained. They include potential defamation or libel suits and risk to their reputation and to the identity of the brands. The guidance emphasized that already heavily regulated financial institutions must continue to comply with their governing regulations in the context of social media.

For example, the Truth in Lending Act and Regulation Z advertising provisions require that credit ads present information in “a clear and conspicuous manner.” Electronic advertisements via social media are no different, the FFIEC noted, although companies are permitted to provide required information on a table or schedule located on a different page from the main advertisement if the ad refers to the other page or location.

Other existing regulations also apply with equal force on social media sites. They include the Fair Debt Collection Practices Act’s prohibition on inappropriately contacting consumers or their families or friends, and the requirement that “Member FDIC” be included when advertising FDIC-insured products.

The FFIEC also cautioned financial institutions to respect privacy concerns and clearly disclose a privacy policy as required by the Gramm-Leach-Bliley Act. Financial institutions should also ensure compliance with the Children’s Online Privacy Protection Act by monitoring whether it collects information from children under age 13, and avoid running afoul of the Telephone Consumer Protection Act or CAN-SPAM by sending unsolicited communications to consumers via social media sites.

To read the proposed guidance, click here.

Why it matters: The FFIEC’s member agencies “recognize that financial institutions are using social media as a tool to generate new business and provide a dynamic environment to interact with consumers,” the guidance said. “As with any product channel, financial institutions must manage potential risks to the financial institution and consumers by ensuring that their risk management programs provide appropriate oversight and control to address the risk areas discussed within this guidance.”