The Federal Financial Institutions Examination Council (FFIEC) of America has now issued its final supervisory guidance on using social media without breaching current compliance and risk management regulations.
Entitled “Social Media: Consumer Compliance Risk Management Guidance,” the document covers a range of online platforms, from Facebook and Twitter to games and virtual worlds like Farmville and Second Life. It does not apply to text messages and emails. It rules that financial institutions must expand their risk management programmes to identify, measure, monitor and control risks relating to social media use. Key risk areas, say the regulators, include reputational, operational, and compliance and legal risks.
Whilst an institution that uses social media extensively to communicate with customers will need detailed plans for mitigating risk, says the FFIEC, even those who avoid social media altogether will need to consider the issues involved, and to have a programme for monitoring and responding to postings. This is because negative comments and complaints can be posted by users of social media platforms, whether or not the institutions they relate to have a presence there.
In a statement, the law firm Pepper Hamilton LLP said: “The Guidance does not change existing requirements for institutions, but rather qualifies that they apply with equal force to the use of social media. This may pose challenges and limits for financial institutions wishing to engage in informal social media platforms that do not easily lend themselves to compliance with laws and regulations.”
“For example, the FDIC requirement that institutions advertising FDIC-insured products use appropriate designating language may be difficult to comply with for an institution wishing to advertise on Twitter, which limits all posts to 140 characters.”