Does your bank or credit union use social media? Awesome. In today’s day and age, banks and credit unions need to have a social media presence to survive. But are you demonstrating social media compliance for credit unions or social media compliance for banks by having the required social media risk management program in place? Because if not, you can get sued or face serious legal risks.
As a social media law firm for credit unions and banks, we’re here to teach you how you can comply with FFIEC Social Media Guidance. You see, about couple of years ago, social media was really the wild, wild west for banks and credit unions. We know we needed to use it, we also know that there were laws out there, but we didn’t have clear guidelines or rules of the road as to how to comply with financial laws on social media or what our requirements are to have a risk management program in place so that we don’t put ourselves or our clients or our members at risk.
But now we do have requirements. You see, the Federal Financial Examination Institution has implemented social media guidance that requires every bank, credit union, or financial institution that uses social media to have a social media risk management program in place. We call that FFIEC Social Media Guidance. And if you don’t have a FFIEC social media risk management program, you don’t comply with the law.
So, what is a social media risk management program? What do you need to have? Need to have about seven things. You need to have one, a social media clear roles and responsibilities. Meaning, who is managing the social media process? What are they doing? And those roles and responsibilities have to be laid out in a clear and easy to follow way.
Two, you need to have social media policies and procedures and the types of policies that your bank or credit union might need depend on the types of social media activities that you do. So if your bank, for example, has employees that use social media on their personal time, which spoiler alert is all of you, you have to have an employee social media use policy. If your bank has a page and is promoting products or services or community engagement, you have to have a social media risk management policy that talks about what your bank or credit union can or can’t do when they promote products and services online. If your bank does online giveaways or boost posts, you have to have specific policies and procedures for that as well.
Three, your bank must have social media risk management training, whether it’s training your employees on your HR social media policy or training your marketing and compliance department about how to comply with financial laws and regulations when promoting or boosting posts.
Four, you have to have processes and procedures in place that manage third party risk when it comes to social media. Meaning your bank or credit union might hire a PR agency, a marketing agency, or independent contractors that might be using social media in some form or another on your behalf. You have to have procedures in place for third party risk management.
Five, your risk management program must also include an oversight and monitoring procedures so that someone at your bank or credit union or someone that you hire is always monitoring questions, comments, and complaints and responding to people timely.
Six, your bank or credit union must preserve its social media content, both for risk management purposes and for complying with the community reinvestment act.
And seven, you must have senior management reporting and oversight. Meaning, your senior management has to be kept in the loop about your social media activities and how they help to advance your bank or credit union’s strategic goals and also about the effectiveness of your risk management program so they can understand what risks are in place and that they are properly managing it.
That is what is required as part of your bank or credit union’s social media risk management program.
Now look, there’s no one size fits all approach because there’s no one size fits all financial institution. Your credit union bank might be promoting products and services and boosting posts and doing digital advertising and that’s awesome, but your social media risk management program must be more complex or comprehensive than, let’s say a small community bank or credit union that just has a Facebook page that promotes community engagement and updates people on information like outages or wonderful things that might be happening with their employees in the community.
Both of these financial institutions need to have a social media risk management program, but one is more comprehensive than the other because it must match the unique risks associated with your financial institution’s social media risk management program. If your bank or credit union uses social media, the law says you must have a risk management program in place that matches those risks.
So, you might be asking yourself, “This is really helpful, but I don’t know (a) what are the laws that apply to my bank’s social media use? and (b) what needs to be part of my social media risk management program. Well, never fear, the Social Media Law Firm is here. We have prepared a free guide on how banks and credit unions can manage social media legal risks and you can download it today financialfridays.co. That’s financialfridays.co, not .com because we couldn’t afford the domain name, it was like $2,000. But you can download that guide for free at financialfridays.co.
I hope you found this blog helpful, and if you need help building your social media risk management program, reach out to us today.
