May 12, 2015
What the Social Media Guidance Means to You
FFIEC Proposal Makes Social Media Risk Programs More Important Than Ever
Social media risk is the subject of “Social Media: Consumer Compliance Risk Management Guidance,” final supervisory guidance released by the Federal Financial Institutions Examination Council (FFIEC) on Dec. 11, 2013. Under the guidance, bank and other financial institutions supervised by an FFIEC member agency are expected to “effectively assess and manage risks associated with activities conducted via social media” – that is, to develop and audit a social media risk management program.
What Is Social Media?
In the guidance, the FFIEC offers a broad and generic definition of social media: “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.” The FFIEC goes on to state:
Social media can take many forms, including, but not limited to, micro-blogging sites (e.g., Facebook, Google Plus, MySpace, and Twitter); forums, blogs, customer review web sites and bulletin boards (e.g., Yelp); photo and video sites (e.g., Flickr and YouTube); sites that enable professional networking (e.g., LinkedIn); virtual worlds (e.g., Second Life); and social games (e.g., FarmVille and CityVille).
Elements of a Program
Each supervised financial institution is responsible for having a risk management program that allows the organization to identify, measure, monitor, and control the risks related to social media. Compliance requires a bank to develop the components essential to any effective social risk management program, which include:
- A corporate governance structure related to social media
- Policies and procedures regarding social media, including monitoring it and complying with related consumer protection laws, regulations, and guidance
- A due diligence process for selecting and managing relationships with third-party providers of social media services
- Social media training for employees
- A process to provide oversight and monitoring of social media websites
- Audit and compliance functions
- A process to confirm the effectiveness of the social media program
As social media use grows and evolves, every organization, whether a financial institution or not, should think through its related risks – starting with identifying the ways individual employees and various departments and functions of the organization currently use social media – and plan to use it in the future.1
For More Information
1 For additional information about managing social media risks, see Erika Del Giudice and Steve Gerschoffer, “Manage the Risks of Social Media and Earn Your Customers’ Trust,” February 2013, http://www.crowehorwath.com/ContentDetails.aspx?id=10923