Skip to content

New proposed social media compliance rules announced by the FFIEC

On January 22 2013, the Federal Financial Institutions Examination Counsel (FFIEC) issued proposed guidelines entitled “Social Media: Consumer Compliance Risk Management Guidance” (Guidance).
In response to requests from industry and consumer groups, this policy document outlines potential social media risk for supervised entities (including banks, savings associations, credit unions, mortgage lenders, and other nonbank entities supervised by the Consumer Financial Protection Bureau) and provides guidelines for how organizations should manage those risks. Once finalized, supervised entities will need to follow the Guidance and the FFIEC will encourage state regulators to adopt the Guidance into law.
To get ahead of this change, such entities will need to ensure that their policies and practices on social media (LinkedIn, Facebook, Twitter, etc.) commensurate with the Guidance. Thankfully for many institutions addressing similar risks to FINRA, SEC and other regulations on communications, the FFIEC is another government agency confirming the need for oversight and control over financial institutions communications on social media. While this Guidance is more detailed than existing regulations, it addresses similar risk areas.

Key takeaways from the proposed guidance

Implement a social media policy & procedure
As part of their overall “Risk Management Program,” governed entities should have a clear and concise social media policy that includes a governance structure, outlines clear roles and responsibilities for all parties involved, and aligns social media with the strategic goals for the institution. The policy should also include an employee training program, identifying the controls in place for the use and monitoring of social media as well as procedures for audit and compliance.
At Hearsay Social, we encourage financial institutions to approach social media with a thoughtful combination of policy and technology. As suggested by the FFIEC in this Guidance, it is important that this policy outlines the strategic value of social media for the organization and how employees should use social media for business purposes.  The training and enforcement of this policy is almost as important as the policy itself.
Reporting of effectiveness of the social media program policy
The FFIEC requests regular reporting to the financial institution’s board of directors or senior management on the effectiveness of the social media program and whether the program is achieving its stated objectives.
As with any outbound initiatives, it is important for organizations to continually refine activities and measure return on investment.  With a software solution like Hearsay Social, financial institutions can easily monitor and measure their effectiveness on social media and report on compliance.
The covered institutions should have an oversight process for regularly monitoring social media posts, including those generated by third parties engaged to provide social media services for such institutions, to ensure compliance with all applicable laws and regulations.
Hearsay Social offers flexible governance solutions for organizations to build monitoring and review processes that meet their needs; as always, the supervision, retention, and retrieval of all social media communications is a standard requirement for FINRA and SEC governed organizations. For institutions seeking an extra level of security, Hearsay Social offers controls so employees can only publish pre-approved content to social media networks.
The FFIEC is requesting comments on the proposed Guidance. Specifically, FFIEC is seeking feedback on the following questions:

  • Are there other types of social media, or ways in which financial institutions are using social media, that are not included in the proposed guidance but that should be included?
  • Are there other consumer protection laws, regulations, policies or concerns that may be implicated by financial institutions’ use of social media that are not discussed in the proposed guidance but that should be discussed?
  • Are there any technological or other impediments to financial institutions’ compliance with applicable laws, regulations, and policies when using social media of which the Agencies should be aware?

Comments on to the proposed Guidance can be submitted to the Federal eRulemaking Portal by March 22. The Docket ID “FFIEC-2013-0001” must be included with the comment.
The Guidance can be found here.

Disclaimer: The material available on this blog is for informational purposes only and not for the purpose of providing legal advice. We make no guarantees on the accuracy of the information provided herein.

Yasmin Zarabi

Yasmin is responsible for Hearsay's legal affairs including commercial, compliance, regulatory and privacy matters. She is a thought leader in compliance for financial services, has been published in industry press and speaks at events around the world.

Visit the Resource Center

Download White Paper, Infographics, Industry Reports and More…

Visit Resources