Bank regulatory body proposes social media guidance

Share this article:

A U.S. interagency regulatory body for financial institutions has issued a draft document detailing risk management expectations for social media use. 

The Federal Financial Institutions Examination Council (FFIEC) released the guidance on Tuesday, and banks have 60 days to respond with comments.

“Institutions will be expected to use the guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their social media activities,” the guidelines said.

In the proposal, social media usage was defined as any “form of interactive online communication in which users generate and share content through text, images, audio, and/or video,” including, but not limited to the use of popular sites, like Facebook, YouTube, Twitter, LinkedIn and Flickr, and forums, blogs, customer review sites and boards, like Yelp, and social games.

The document highlights seven components proposed for risk management programs, including forming a governance structure with clear roles and responsibilities for boards of directors or senior management to assess the risk and contributions of social media activities, and creating policies and procedures on the use and monitoring of social media activity to make sure these comply with consumer protection laws, regulations and guidance.

Banks also should define a process for selecting and managing third-party organizations involved with social media activity; create an employee training program and an oversight process for monitoring information posted to social media sites; and implement audit and reporting mechanisms that support continued compliance for secure social networking use.

“Financial institutions may use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public, and engaging with existing and potential customers, for example, by receiving and responding to complaints, or providing loan pricing,” said the guidance. “Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.