The Federal Financial Institutions Examination Council (“FFIEC”) has issued proposed guidance on compliance issues and risk management in the use of social media (the "Proposed Guidance"). The term "social media" as used in the Proposed Guidance applies to "interactive online communication" where users "generate and share content." (i.e., Facebook, Yelp, LinkedIn, YouTube, etc.) Financial institutions are increasingly using social media to generate new business and develop stronger relationships with customers. The Proposed Guidance is intended to assist financial institutions in identifying and addressing potential areas of risk, including compliance, legal, operational and reputational risk. The Proposed Guidance also points out that financial institutions that do not engage in the use of social media should still include social media in their risk management programs, particularly reputational risks associated with negative comments on social media platforms. We have discussed some of the issues associated with the use of social media in prior blog posts.
The Proposed Guidance anticipates that a number of components will be included in a social media risk management program, including the following:
- Oversight by senior management or the board of directors;
- Policies and procedures regarding the use and monitoring of social media;
- Due diligence in the use of third-party service providers;
- Employee training programs on work-related uses of social media;
- An oversight process for monitoring information posted to social media sites;
- Audit and compliance functions to ensure ongoing compliance; and
- Appropriate reporting and periodic evaluation of the social media program.
The Proposed Guidance identifies several compliance areas that financial institutions should address in their social media programs. Many of the applicable statutes and regulations cited by the FFIEC are already addressed in other platforms used to communicate with customers, including the following:
- Truth in Savings and Regulation DD;
- Fair Lending Laws, the Equal Credit Opportunity Act, and the Fair Housing Act;
- Truth in Lending and Regulation Z;
- Section 8 of the Real Estate Settlement Procedures Act (RESPA);
- Fair Debt Collection Practices Act; and
- Section 5 of the FTC Act (unfair, deceptive, or abusive trade practices).
The Proposed Guidance goes on to generally discuss a number of areas of risk, including those associated with electronic payment systems, Anti-Money Laundering, fair credit reporting, and privacy-related restrictions. Other issues, such as employee use of social media and the risks associated with consumer complaints and account takeovers are also discussed. Comments on the Proposed Guidance are due by March 25, 2013.