Bank regulatory body proposes social media guidance

Share this article:

A U.S. interagency regulatory body for financial institutions has issued a draft document detailing risk management expectations for social media use. 

The Federal Financial Institutions Examination Council (FFIEC) released the guidance on Tuesday, and banks have 60 days to respond with comments.

“Institutions will be expected to use the guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their social media activities,” the guidelines said.

In the proposal, social media usage was defined as any “form of interactive online communication in which users generate and share content through text, images, audio, and/or video,” including, but not limited to the use of popular sites, like Facebook, YouTube, Twitter, LinkedIn and Flickr, and forums, blogs, customer review sites and boards, like Yelp, and social games.

The document highlights seven components proposed for risk management programs, including forming a governance structure with clear roles and responsibilities for boards of directors or senior management to assess the risk and contributions of social media activities, and creating policies and procedures on the use and monitoring of social media activity to make sure these comply with consumer protection laws, regulations and guidance.

Banks also should define a process for selecting and managing third-party organizations involved with social media activity; create an employee training program and an oversight process for monitoring information posted to social media sites; and implement audit and reporting mechanisms that support continued compliance for secure social networking use.

“Financial institutions may use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public, and engaging with existing and potential customers, for example, by receiving and responding to complaints, or providing loan pricing,” said the guidance. “Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.