Compliance Blog

Dec 13, 2013
Categories: Operations

FFIEC Issues Final Social Media Guidance; Berger at MACUMA: Enough is enough

Written by Alicia Nealon, Regulatory Compliance Counsel

Happy Friday compliance community! My name is Alicia Nealon and I am one of two new Regulatory Compliance Counsels here at NAFCU. As this is my inaugural blog post, and they always say you only get one chance to make a first impression, I figured I would start with something that we can all relate to- social media.

Social Media has all but exploded in the past five years.  Today, three out of every four Americans belong to social media sites.  Visiting these social media sites has become the fourth most popular online activity-ahead of even personal email. In fact, in August 2011, Facebook surpassed Google as the site where internet users spend the majority of their time.  Today, 41.1 million hours are spent on Facebook every single week.

Regulators, and the compliance community, have struggled to adapt to how the explosion of social media has consumed current culture and business practice.  But on Wednesday, the Federal Financial Institutions Examination Council (FFIEC) issued a final guidance aimed at helping, banks, credit unions and other financial institutions manage risks related to social media. 

The FFIEC published the guidance in proposed form in January 2013 and invited public comments through March 25, 2013.  Taking into account the 81 official comments on the proposal, this final guidance differs from the proposal released in January in several respects, most notably the expectations for risk management practices and the definition of social media. 

Addressing the concerns raised by NAFCU Regulatory staff and other commenters that that the proposal appeared to recommend a "one-size-fits-all" approach for all lenders, the FFIEC acknowledged that a financial institution’s approaches to managing social media risk will vary according to its size, complexity, activities and relationships with third parties.  For example, commenters worried that the proposed guidance would require banks and credit unions to monitor all online communications that mention their institutions.  The final guidance clarifies this is not the case, but rather each financial institution should conduct its own risk assessment to determine the appropriate approach to take regarding monitoring of, and any response to, online complaints and inquiries about the institution.

The revised guidance also incorporates the requests from NAFCU Regulatory staff and other commenters to recognize that social media differ from other modes of communication.  Under the final guidance, traditional emails and text messages, standing alone, are not social media. However, messages sent through social media channels are social media.  The guidance cautions financial institutions to stay abreast of existing laws for emails and text messages, as they may overlap with social media regulations.

The guidance covers several other areas specific to the credit union industry, including clarification that the existing requirements regarding NCUA membership and share insurance apply equally to advertising and other activities conducted via social media as they do in other contexts. For more information, take a look at the guidance here. 


While the FFIEC guidance does not impose any new regulatory requirements on financial institutions, NAFCU is committed to combat those existing and pending regulations that have begun to wreak havoc on the credit union industry.  Earlier in the week, NAFCU President and CEO Dan Berger spoke about the overregulation of credit unions as well as NAFCU’s plan to target “the dirty dozen” top regulations that must be eliminated or changed during his address Tuesday night before the Metropolitan Area Credit Union Management Association in Arlington, Va.

"Credit unions cannot serve Main Street if they remain locked in an uphill battle with Wall Street,” Berger said. “In its very essence, overregulation is nothing more than a regressive tax – one that hamstrings our fundamental ability to compete. Most important, every dollar credit unions spend on regulatory compliance is a dollar they cannot invest in a family's dream of homeownership or a budding entrepreneur's vision for a small business. It's far past time for a common-sense approach to regulation based on government's power to help rather than its ability to hinder.”

Berger cited several legislative efforts to curb the overregulation of the industry, including the “Regulatory Relief for Credit Unions Act,” introduced by Rep. Gary Miller, R-Calif. He also highlighted NAFCU’s decision to go after the top 12 regulations that pose unnecessary burdens on the industry– the “dirty dozen” – which affect whether credit unions can change their fields of membership, whether their members can transfer money from savings accounts more than a certain number of times per month, and more. Details about the 12 regulations are available on the NAFCU website.