The FFIEC proposes guidance on social media - can you stay two steps ahead?

March 06, 2013, Dirk Anderson, Managing Director, Professional Services

On January 22, 2013, the FFIEC put out a press release called “Financial Regulators Propose Guidance on Social Media”.  We should begin by saying that even without a social media presence, every company should address social media risks in their annual risk assessment. In this day and age where the average person has a smartphone, laptop, and a tablet, everyone is aware of social media. But what exactly is social media?

Social media can be defined in several ways, but we refer to it as web-based and mobile-based technology used to facilitate interactive communication between organizations, communities and individuals. With 1.06 billion active users on Facebook, 800 million unique visitors a day to YouTube, 400 million tweets a day on Twitter, and 200 million registered users on LinkedIn, it’s no wonder that the average company has a social Media presence. This is why the FFIEC is seeking feedback on rules that they will set forth. In particular they are seeking:

  1. Ways in which social media is used
  2. Impact on financial institutions
  3. Risk management related to social media presence

So what is the GOOD, the BAD, and the UGLY on social media? It’s a good thing because it’s a cost- effective mechanism to reach a broad audience in a short period of time. The majority of customers, especially the younger generation, partake in some form of social media. More importantly, banks and credit unions are often focus on community building, and social media is a great way to foster that connection. In addition, customer service can also be provided via postings and message forums. The benefits are endless, but at the same time social media generates a new list of problems. 

Obviously social media increases your public footprint, but with more exposure comes increased risk. What types of risks are we referring to? There are four basic types of risk that affect social media: Compliance, Legal, Reputational, and Operational.  These risks can be introduced in a variety of ways:

  • Compliance – Employee and customer data is posted to a social media site
  • Legal – Information posted contains copyrighted material without proper permission
  • Reputation – An employee, or someone from the public, posts negative feedback
  • Operational – Information submitted to social media is submitted at risk of non-ownership

What should you do to mitigate these risks?

  • Update your risk assessment to reflect social media concerns
  • Develop a social media policy
  • Educate employees on the usage of what employees (and the public) can and cannot do
  • Identify and monitor social media presence from an appointed Social Media Officer

A financial institution should weigh the risks of a social media presence, keeping in mind that the success of social media exposure requires consistent vigilance.

Dirk Anderson


Dirk Anderson — Managing Director, Professional Services

Recent Posts

Post Topics