Regulators in the US have issued a draft of proposed guidelines governing social media use by banks and credit unions — everything from Twitter to FarmVille. The bottom line? You’ll need to have a formal written strategy, monitor social mentions and yes… even measure ROI.
The Federal Financial Institutions Examination Council (FFIEC) has released proposed guidance on policies concerning social media usage by banks, savings associations and credit unions.
The FFIEC says the use of social media by financial institutions to attract and interact with customers can affect their risk profile. The FFIEC policy document outlines the potential consumer compliance, legal, privacy, reputational and operational risks associated social media, along with guidelines for how those risks should be managed. (You can view the original FFIEC document in its entirety here.)
The FFIEC considers “social media” to include any form of interactive online communication in which users can generate and share content through text, images, audio and/or video — including, but not limited to, micro-blogging sites (e.g., Facebook, Google Plus, MySpace, and Twitter); forums, blogs, customer review web sites and bulletin boards (e.g., Yelp); photo and video sites (e.g., Flickr and YouTube); sites that enable professional networking (e.g., LinkedIn); virtual worlds (e.g., Second Life); and social games (e.g., FarmVille).
The FFIEC says every financial institution’s social media plan should be designed with participation from compliance, IT, information security, legal, human resources and marketing. The size and complexity of each financial institution’s plan would be dependent on the scale of their involvement in social media.
The guidelines suggest even financial institutions that aren’t currently engaged in social channels might be required to have a plan in place: “A financial institution that has chosen not to use social media should still be prepared to address the potential for negative comments or complaints that may arise within social media platforms, and provide guidance for employee use of social media.”
In other words, the FFIEC wants all banks and credit unions to be prepared for the (inevitable) negative feedback they will (eventually) encounter somewhere in the online social sphere.
( Read More: Financial Marketers Slam Proposed Social Media Regs )
So What Are the Specifics?
Here’s how the FFIEC proposes financial institutions should manage social media risks. The components of the plan include:
Social Media Strategy Now Required – A governance structure with clear roles and responsibilities whereby the board of directors and/or senior management spell out how use of social media contributes to the strategic goals of the institution, while also spelling out what kind of controls will be put in place, and how ongoing social media risks will be assessed.
Regular Reporting of ROI – The FFIEC is calling for regular reports to the financial institution’s board of directors and/or senior management, “enabling a periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.” Sounds like financial marketers will have to start tracking social media’s ROI. Gulp…
Monitoring of Social Channels Mandated – The FFIEC is calling for all financial institutions to have an oversight process for monitoring information posted to social media sites administered by the financial institution or a contracted third party.
Put Formal Social Media Policies & Procedures in Place – All financial institutions need to implement policies regarding the use and monitoring of social media, and compliance with all applicable consumer protection laws. Social media policies should incorporate procedures addressing risks from online postings, edits and replies.
Tightly Manage Third-Party Vendors to Ensure Customers Are Protected – Customer privacy and security of their financial data are a top concern. Financial institutions working with third-party social media vendors will be required to manage those relationships within defined parameters to ensure compliance with all regulations.
You Have to Tell Employees What’s Okay and What’s Not – Banks and credit unions will need an employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities.
Compliance Protocols – Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance.
Don’t Show This List to Your Compliance Department
The 31-page document issued by the FFIEC contains a laundry list of various laws and regulations they say apply to a financial institution’s use of social channels. This amounts to hundreds — possibly even thousands — of pages of regulatory material. It’s enough to paralyze any compliance person to the point where nothing would seem appropriate to post on any social network. Ugh…
- Truth in Savings Act/Regulation DD and Part 707
- Fair Lending Laws: Equal Credit Opportunity Act/Regulation B3
- Fair Housing Act
- Truth in Lending Act/Regulation Z
- Real Estate Settlement Procedures Act
- Fair Debt Collection Practices Act
- Unfair, Deceptive, or Abusive Acts or Practices
- Deposit Insurance or Share Insurance
- Electronic Fund Transfer Act/Regulation E
- Bank Secrecy Act
- Community Reinvestment Act
- Gramm-Leach-Bliley Act Privacy Rules and Data Security Guidelines
- CAN-SPAM Act
- Telephone Consumer Protection Act
- Children’s Online Privacy Protection Act
- Fair Credit Reporting Act
Have an Opinion? Give ’Em an Earful
The FFIEC is inviting comments, saying it wants to hear from both banks and credit unions on any aspect of the proposed guidance. They are specifically seeking feedback on the following questions:
- Are there other types of social media, or ways in which financial institutions are using social media, that are not included in the proposed guidance but that should be included?
- Are there other consumer protection laws, regulations, policies or concerns that may be implicated by financial institutions’ use of social media that are not discussed in the proposed guidance but that should be discussed?
- Are there any technological or other impediments to financial institutions’ compliance with applicable laws, regulations, and policies when using social media of which the Agencies should be aware?
You can submit your comments, or view others’ comments and materials related to the FFIEC’s guidelines, by visiting the Federal eRulemaking Portal. Go to www.regulations.gov and click the “Advanced Search” option (located in the bottom-right corner of the “Search” box). Scroll down to the ”By Docket ID” search box, then type “FFIEC-2013-0001,” and hit “Enter.”
Comments must be received mid-March. Be careful what you say though: All comments will be posted without change at www.regulations.gov, including any personal information provided.