Compliance Blog

Mar 06, 2013
Categories: Advertising Operations

FFIEC's Proposed Social Media Guidance

Editor's Note by Steve Van Beek

NAFCU's offices are technically closed today due to the weather in the Washington D.C. area.  Of course, we'll still be available to help NAFCU member credit unions.  To help ensure employee safety, some of our compliance team is working remotely.  If you have a compliance question, the best way to reach us is via email:

NAFCU's Ability to Repay/Qualified Mortgage Webcast.  Today's webcast will continue as planned.  Andy Keeney from Kaufman & Canoles will be speaking and I'll be moderating.  If you're joining us - see you there (or, at least, you'll see me there)!  If the weather prevents your credit union from viewing today, the webcast - as with all NAFCU webcasts - will be available for on-demand viewing allowing you to reschedule and watch at a more convenient time.


Written by Bernadette Clair, Regulatory Compliance Counsel

The FFIEC is seeking comment on proposed social media risk management guidance designed to address the applicability of federal consumer protection and compliance laws, regulations, and policies to activities conducted via social media by credit unions and other financial institutions.  The guidance would cover credit unions’ activities on Facebook, Twitter, blogs, forums, and YouTube, to name just a few of the covered social media tools.

The proposed guidance discusses various risks associated with social media –such as compliance, legal, reputation, and operational risks – and sets forth a framework for establishing a risk-based management program designed to identify, measure, monitor, and control these risks.  Of note, the proposed guidance states that the components of a risk management program should include the following:

  • A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution (for example, through increasing brand awareness, product advertising, or researching new customer bases) and establishes controls and ongoing assessment of risk in social media activities;
  • Policies and procedures (either stand-alone or incorporated into other policies and procedures) regarding the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations, and guidance. Further, policies and procedures should incorporate methodologies to address risks from online postings, edits, replies, and retention;
  • A due diligence process for selecting and managing third-party service provider relationships in connection with social media;
  • An employee training program that incorporates the institution's policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities;
  • An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;
  • Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance; and
  • Parameters for providing appropriate reporting to the financial institution's board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.

The FFIEC invites comments on any aspect of the proposal, but is specifically requesting comments on the following questions:

  1. Are there other types of social media, or ways in which financial institutions are using social media, that are not included in the proposed guidance but that should be included?
  2. Are there other consumer protection laws, regulations, policies or concerns that may be implicated by financial institutions’ use of social media that are not discussed in the proposed guidance but that should be discussed?
  3. Are there any technological or other impediments to financial institutions’ compliance with applicable laws, regulations, and policies when using social media of which the Agencies should be aware?

If you would like to weigh in on this proposed guidance, comments must be received by the FFEIC on or before March 25, 2013.