News: Risk Management Program for Social Media

February 2013

Brian P. Gallogly

The Federal Financial Institutions Examination Council (“FFIEC”) has invited comments on its proposed guidance issued on January 22, 2013 which addresses the applicability of numerous consumer protection and compliance laws and regulations to social media activities conducted by credit unions and banks, and also other financial entities supervised by the Consumer Financial Protection Bureau. When finalized, the guidance will likely have far-reaching implications for financial institutions, even for those financial institutions which do not use social media.  The FFIEC is particularly concerned that the use of social media may increase a financial institution’s compliance, legal, reputation and operational risk, all of which needs to be managed effectively.

The FFIEC expects each financial institution to adopt a “risk management program that allows it to identify, measure, monitor and control the risks related to social media.”  The program should include the following seven components:

  • A governance structure to determine how social media contributes to the goals of the financial institution and establishes controls and ongoing assessment of risk in social media activities;
  • Policies and procedures regarding the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations and guidance;
  • A due diligence process to select and manage third party vendors used in social media activities to ensure compliance with applicable laws;
  • An employee training program;
  • An oversight process to monitor information posted on social media sites;
  • An audit and compliance program; and
  • An appropriate reporting mechanism to the board of directors or senior management for the evaluation of the effectiveness of social media.

For those financial institutions which use social media, the same laws and regulations apply to their activities, whether done through social media or some other means of communication. The proposed guidance advises those financial institutions which do not use social media to be prepared to address negative comments or complaints in social media platforms, and provide guidance to employees on the use of social media. 

Among the federal statutes and regulations likely to impact financial institutions and their use of social media are: Truth in Savings Act, Truth in Lending Act (Regulation Z), Gramm-Leach-Bliley Act, Real Estate Settlement Procedures Act, Children’s Online Privacy Protection Act, Equal Credit Opportunity Act, Federal Trade Commission Act (Unfair, Deceptive, or Abusive Acts or Practices), and Fair Housing Act.

Upon completion of the guidance, the agencies which comprise the FFIEC (the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration and the Consumer Finance Protection Bureau) will expect that all financial institutions that they supervise will utilize the guidance to assess and manage the risks related to activities conducted by social media.  Also, the State Liaison Committee (another member of FFIEC), will encourage the adoption of this guidance by state regulators.

Comments to the FFIEC on the proposed guidance are due by March 25, 2013.  Please note that all comments received will be posted, including any personal information provided.


Link to copy of the proposed guidance

Email this page