FFIEC social media guidance final
Dec. 16, 2013 – Potential consumer compliance, legal, reputation and operational risks to financial institutions through social media activities are detailed in guidance released last week and put into effect immediately by the Federal Financial Institutions Examination Council.
NAFCU, in its official comment letter on the proposed guidance issued in January, warned against a one-size-fits-all approach, and FFIEC says it has attempted to address such concerns in its final guidance. For example, it says the revised guidance “clarifies and points to the longstanding principle that financial institutions are expected to assess and manage the risks particular to the individual institution, taking into account factors such as the institution’s size, complexity, activities, and third party relationships.”
FFIEC says the guidance imposes no new requirements on financial institutions, but it adds that institutions are expected to use the guidance in seeking to ensure their own policies and procedures “provide oversight and controls commensurate with the risks pose by their involvement in social media.”
The guidance was adopted substantially as proposed, with some changes, mostly for clarification. In addition to the preceding clarification, the guidance notes that traditional emails and text messages, standing alone, are not considered social media unless they are sent through social media channels.
The guidance will be discussed by regulators during a Dec. 19 teleconference; representatives from all FFIEC member agencies, including NCUA, will participate. Advance registration is required.
For more on the guidance, see the NAFCU Compliance Blog.
NAFCU comment letter
Register for Dec. 19 teleconference
NAFCU Compliance Blog post