A U.S. interagency regulatory body for financial institutions has issued a draft document detailing risk management expectations for social media use.
The Federal Financial Institutions Examination Council (FFIEC) released the guidance on Tuesday, and banks have 60 days to respond with comments.
“Institutions will be expected to use the guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their social media activities,” the guidelines said.
In the proposal, social media usage was defined as any “form of interactive online communication in which users generate and share content through text, images, audio, and/or video,” including, but not limited to the use of popular sites, like Facebook, YouTube, Twitter, LinkedIn and Flickr, and forums, blogs, customer review sites and boards, like Yelp, and social games.
The document highlights seven components proposed for risk management programs, including forming a governance structure with clear roles and responsibilities for boards of directors or senior management to assess the risk and contributions of social media activities, and creating policies and procedures on the use and monitoring of social media activity to make sure these comply with consumer protection laws, regulations and guidance.
Banks also should define a process for selecting and managing third-party organizations involved with social media activity; create an employee training program and an oversight process for monitoring information posted to social media sites; and implement audit and reporting mechanisms that support continued compliance for secure social networking use.
“Financial institutions may use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public, and engaging with existing and potential customers, for example, by receiving and responding to complaints, or providing loan pricing,” said the guidance. “Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions.”