Regulators Weigh In on How Banks Use Social Media

For bank-marketing executives who thought their social media programs were running smoothly, a virtual speed bump could now stand in their way: Regulators (specifically, the Federal Financial Institutions Examination Council or FFIEC) recently released proposed guidelines governing how financial institutions use social media.

The guidelines state banks will need formal written social media strategies, plus buttoned-down governance, monitoring and measurement protocols to ensure social-media compliance with all applicable consumer protection laws.

As stated in the FFIEC press release, “… financial institutions are using social media as a tool to generate new business and provide a dynamic environment to interact with consumers. As with any product channel, financial institutions must manage potential risks to the financial institution and consumers by ensuring that their risk management programs provide appropriate oversight and control to address the risk areas discussed within this guidance.”
FFIEC says its guidance is meant to help financial institutions identify potential risks to ensure institutions are aware of their responsibilities to address risks within their overall risk management program when it comes to social media strategies, even if a bank does not have a social media presence.

As reported in The FinancialBrand.com,   “The FFIEC considers social media to include interactive online communication in which users generate and share content through text, images, audio and/or video — including, but not limited to, micro-blogging sites (e.g., Facebook, Google Plus, MySpace, and Twitter); forums, blogs, customer review web sites and bulletin boards (e.g., Yelp); photo and video sites (e.g., Flickr and YouTube); sites that enable professional networking (e.g., LinkedIn); virtual worlds (e.g., Second Life); and social games (e.g., FarmVille).”

So just how could banks manage the social media risk that would pass muster with the Regulators? FFIEC has proposed a risk management program to include:

  • Strategic Management: A governance structure with clear roles and responsibilities: the board of directors or senior management will need to direct how using social media contributes to the strategic goals of the institution; and establishes controls and ongoing assessment of risk in social media activities.
  • Guidelines: Policies and procedures for the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations, and guidance.
  • Vendor Management: A due diligence process for selecting and managing third-party service provider relationships in connection with social media.
  • Training: An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media.
  • Monitoring: An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party.
  • Compliance: Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance; and
  • ROI: Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management to evaluate the effectiveness of the social media program and whether the program is achieving its stated objectives.

A posting on The FinancialBrand.com probably best sums up how bankers could be feeling after wading through the 31-page document: “Regulatory Shocker on Social Media in Banking Coming Soon.”

Once they get over the shock and awe, bankers will have until mid-March to offer feedback.  Let the comments begin.

This entry was posted in Social Media, Technology and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>