The Federal Financial Institutions Examination Council (FFIEC) recently released one of its first pieces of proposed guidance for 2013 (FFIEC-2013-0001), and the hot topic on their minds is social media risk. We have all heard the term “social media” be defined in any number of ways. For the purposes of the guidance, the FFIEC defines Social Media as “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.”
Social media is typically used by financial institutions for:
- Providing incentives
- Facilitating new account applications
- Obtaining customer feedback
- Engaging with new and potential customers
If there is poor oversight or control over the social media function, it poses certain risks to financial institutions such as compliance or, legal, operational and reputational risk, to name a few.
Reputational risk is one of the more obvious risks to social media engagement, but yet, this is where even the biggest of companies have failed to implement the correct controls or safeguards. The FFIEC specifically calls out reputational risk issues such as mismanaged communications, spoofing of financial institution sites, etc.
The legal and compliance risks can be far-reaching. Here are two examples:
- Advertising must be performed in compliance with applicable consumer protection laws and regulations such as the Truth in Savings Act / Reg DD, Fair Lending Laws: Equal Credit Opportunity Act, and others.
- Customer information and privacy must be maintained as it relates to the Gramm-Leach-Bliley Act (GLBA), and the financial institution should clearly disclose its privacy policies as required. This becomes especially relevant as financial institutions begin to integrate social media into new account generation.
Financial institutions should ensure that the controls are in place to protect against the unique risks that the use of social media poses. It is important to point out that the FFIEC does note that risk management and oversight over social media should be commensurate with the breadth of involvement in social media for the financial institution.
To help develop a plan to ensure that your financial institution is compliant with this recent FFIEC guidance, please contact Dan Desko (Manager, Internal Audit & Risk Advisory Services) by email or at 412-697-5285.
© 2013 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.