The FFIEC’s Social Media Guidelines in Plain English


By Jason Falls, Founder of Social Media Explorer

It’s been fascinating watching the industry’s reactions to the Federal Financial Institutions Examination Council (FFIEC) proposed risk management guidance for social media. But let’s put the pitchforks down, step back for a second and take a look at the underlying spirit of the FFIEC’s advice — piece by piece — so we can translate it into a useful reality for both banks and credit unions. (Please keep in mind, I’m a digital marketing practitioner, not a bank marketer. I come to this from the perspective of a social media marketer, not one firmly ingrained in the financial services world.)

Governance Structure

The first recommendation is simply that banks and credit unions have a governance structure in place with clear roles and responsibilities. This is the FFIEC’s way of saying, “If regulators call and ask, the person who answers the phone should know who’s in charge of social media and direct us there accordingly.”

This is simple. Reasonable. If you’re going to be involved in social channels — and even if you’re not — someone in your building needs to own it, manage it and be accountable for it. And everyone should know who that person is. If you’re not that far along, get there… and fast.

( Read More: Regulatory Shocker On Social Media In Banking Coming Soon )

Policies and Procedures


An interactive database ranking 450+ banks and credit unions on Facebook, Twitter and YouTube.

The FFIEC makes a number of recommendations about policies and procedures that basically translates to, “Have stuff written down so if the person responsible for social media is hit by a bus, someone else can read the manual and figure it out.” The FFIEC also covers how your institution should account for regulatory compliance when marketing in social channels. Hey… You’re in the financial services industry. You know by now everything has to have a policy and procedure in place.

What I find interesting about this particular recommendation from the FFIEC is that it covers the monitoring of social media. This is where institutions that lacking interest in social media may find themselves in hot water. The FFIEC says “policies and procedures should incorporate methodologies that address risks from online postings, edits, replies and retention.” Depending on your interpretation, this could include postings by anyone, not just the bank. That opens Pandora’s box. It’s no longer an option to choose to pay attention to what is said about you online or not. Now you have to.

But honestly, shouldn’t banks be doing this already anyway?


Due Diligence For Third Party Services

The FFIEC is asking financial institutions to make sure they check out any software company, consultant or agency they might use for social media to ensure they understand disclosures, regulations, privacy and the like, and have safe guards in place to ensure they don’t unwittingly violate the regulations you’re required to adhere to. Again, if you aren’t already doing this, switch industries.

Employee Training

Here are two inescapable facts:

  1. Your financial institution deals with people’s money and private data.
  2. Your employees are likely using social media personally.

So all the FFIEC is saying is that you need to make sure what employees know they can and cannot do/say online. That’s it. And if any of them have been authorized to post online in an official bank or credit union capacity, they need to be clear on what’s within limits and what’s out of bounds. Pretty obvious, right? I mean, this isn’t rocket surgery folks.

( Read More: Financial Marketers Slam Proposed Social Media Regs )

Monitoring Oversight

The FFIEC seems to focus on the branded channels that you control — your institution’s Facebook page, for instance. The FFIEC is simply asking you to have a process in place for monitoring what is posted there to ensure nothing lands from consumers or the institution that would be out of compliance with regulatory policies. Again, this shouldn’t be a problem, because you’ve already got this covered, correct?


Audit and Compliance

Utter the words “audit and compliance” to a financial marketer and you may as well be sending them to a proctology exam. However, dotted in every single one of the FFIEC’s guidance is the assumption you need to ensure regulations are met, policies are adhered to and documented for proof of posterity (and to cover your posterior). Sure, doing paperwork adds time and complexity — as it would to any project — but that’s the price you’ve gotta pay for holding on to people’s money.

Effectiveness Reporting

Wait? The FFIEC wants banks and credit unions to measure and report the effectiveness of their social media programs?


How can they!?!

It’s an outrage!

The paranoid worry that the FFIEC is asking financial marketers to prove social media has “ROI.” But the regulations simply call for, “periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.” Not once does the FFIEC assume one of the stated objectives is revenue, so relax.

If your stated objectives are to maintain efficient communications with customers and prospects to disseminate information about the institution and its programs, there’s not an “ROI” calculation to make. You measure this type of program in the number of messages sent, audience reached and perhaps message points recalled. So, all the FFIEC is saying here is that you need to be able to show management you aren’t just wasting time playing on social channels with no measureable outcomes. Assuming those measurable outcomes are financial is a mistake. Social media can do much more than just drive revenue.

Is This Really All That Newsworthy?

What the FFIEC is saying with its regulatory guidance is that you have to get your proverbial schtuff together, cross those T’s, dot those I’s, and be organized.

So, what’s the fuss?

Consumers on social channels, and sometimes they are talking about their money or their financial institution — maybe even yours. Regardless of your interest or investment in social marketing, your institution needs to be involved and aware — at least at the most basic, most fundamental level — with policies, procedures and reporting in place to ensure consumers are served and protected under the law.

Isn’t that fair?

This article was originally published on . All content © 2024 by The Financial Brand and may not be reproduced by any means without permission.