Bank regulatory body proposes social media guidance

Share this article:

A U.S. interagency regulatory body for financial institutions has issued a draft document detailing risk management expectations for social media use. 

The Federal Financial Institutions Examination Council (FFIEC) released the guidance on Tuesday, and banks have 60 days to respond with comments.

“Institutions will be expected to use the guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their social media activities,” the guidelines said.

In the proposal, social media usage was defined as any “form of interactive online communication in which users generate and share content through text, images, audio, and/or video,” including, but not limited to the use of popular sites, like Facebook, YouTube, Twitter, LinkedIn and Flickr, and forums, blogs, customer review sites and boards, like Yelp, and social games.

The document highlights seven components proposed for risk management programs, including forming a governance structure with clear roles and responsibilities for boards of directors or senior management to assess the risk and contributions of social media activities, and creating policies and procedures on the use and monitoring of social media activity to make sure these comply with consumer protection laws, regulations and guidance.

Banks also should define a process for selecting and managing third-party organizations involved with social media activity; create an employee training program and an oversight process for monitoring information posted to social media sites; and implement audit and reporting mechanisms that support continued compliance for secure social networking use.

“Financial institutions may use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public, and engaging with existing and potential customers, for example, by receiving and responding to complaints, or providing loan pricing,” said the guidance. “Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions.”

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.