The Federal Financial Institutions Examination Council, the formal interagency body that sets uniform evaluation standards for federal banking regulators, recently published proposed risk management guidance for financial institutions that use social media to interact with consumers. The FFIEC invites comments on the proposed guidance by March 25, 2013. The proposed guidance, acknowledging the importance of social media sites such as Facebook and Twitter as marketing tools, advises that the various consumer protection and compliance laws, regulations, and policies that apply to other forms of marketing also apply to social media. While the proposed guidance does not impose additional obligations, it does mandate that financial institutions establish risk management programs that allow them to "identify, measure, monitor and control the risks related to using social media." Specifically, the risk management programs are to contain: (1) a governance structure; (2) policies and procedures to ensure compliance with laws; (3) a due diligence process for third-party service providers connected with social media; (4) an employee training program; (5) an oversight process to monitor information posted on proprietary social media sites run by the financial institution or contracted third parties; (6) regular audits for compliance with laws, regulations, guidance and internal policies; and (7) periodic evaluations of the social media program. Notably, under the proposed guidance, financial institutions that do not currently use social media are still required to address the potential for issues that may arise within social media platforms and provide employees training on the use of social media.
TIP: If finalized, under the proposed guidance, financial institutions will be expected to establish social media risk management programs as described above.