In today’s day and age, banks and credit unions need a social media presence to engage their customers and their local communities. But many financial institutions are afraid to use social media because they are unsure how the law applies to their online activities – and more specifically – how to comply with FFIEC Social Media Guidance.
While the FFIEC Social Media Compliance Risk Management Guidance was designed to be a short, helpful resource for banking professionals to learn how financial laws apply to social media, many people find the guidance to be incredibly confusing and difficult to apply. For starters, the guidance memorandum is over 19 pages long with 38 different footnotes – so it’s not incredibly easy to digest. To complicate matters further, the FFIEC guidance on social media lacks clear guidelines or examples of how banks and credit unions can comply with financial regulations on social media so they can avoid costly penalties.
So, let’s take a moment to make sense of the FFIEC social media guidance summary so that we can better understand how to comply:
In a nutshell, the guidance says that if you use social media than you have to comply with the law and properly manage risk.
Specifically, the FFIEC explains that financial institutions are free to use social media to attract new customers, but that doing so can also expose banks and credit unions to serious risks. There are legal risks when banks fail to comply with the law on social media, but there’s also operational, compliance, and reputational risks that can arise when communicating with customers, employees, and members of the public. If not properly managed, these risks can lead to lawsuits, regulatory scrutiny, and financial penalties. Even worse, banks and credit unions can tarnish their reputation and lose hundreds of customers with a single misguided tweet. As a result, the FFIEC requires that all financial institutions that use social media must maintain a social media risk management program.
To comply with FFIEC social media guidance, your social media risk management program should encompass all departments that use social media, including marketing, technology, legal, compliance, and human resources. The risk management program should include policies, procedures, and controls to be followed for compliance with all banking laws on social media, including but not limited to, the Truth in Lending Act, Truth in Savings Act, Regulations DD, Regulation Z, Regulation B, the Equal Credit Opportunity Act, the Fair Housing Act, Bank Secrecy and Anti-Money Laundering Act, the Community Reinvestment Act, and the Gramm-Leach-Bliley Act Privacy Rules. That’s a lot of laws!
With so many different risks to manage and regulations to comply with, it can difficult to figure out where to begin. While every financial institution is different, and their goals for social media vary, when it comes to FFIEC social media compliance we believe that everyone should start with the same first step: a social media risk assessment.
The first step is to conduct a social media risk assessment. A thorough risk assessment will start with interviews with key personnel who are involved with social media. These interviews typically start with the marketing department or social media coordinator, but may also extend to people in compliance, HR, IT, and legal. The purpose of these interviews are to determine the financial institutions goals for social media, how social media is currently managed, and what existing controls are in place to manage risk.
Once key personnel are interviewed, the next step is to review your financial institution’s social media policies, procedures, training program, handbook and any other risk management procedures that may currently exist. An assessment of the financial institution’s social media content, advertisements, digital marketing initiatives, and interactions with the public should also be conducted. This will provide a starting-point from within which to assess where the financial institution may be at risk.
Following this analysis, a risk assessment report should be commissioned that details the financial institution’s current level of risk and compliance with financial laws and FFIEC social media guidance. This report can be reviewed by key stakeholders and senior management so that you can identify your highest priority action items and develop a plan to get your bank or credit union into compliance. Your plan will identify which policies, procedures, checklists, audits, reports, training or other measures may be needed to protect you from social media risks. You can then put your plan into action and come into compliance with financial laws and the FFIEC social media guidance.
The Social Media Law Firm can conduct your social media risk assessment to determine your compliance with FFIEC social media requirements. With our assessment in hand, you’ll have the tools you need to execute your social media strategies while eliminating social media legal risks.
By going through this step-by-step process with The Social Media Law Firm, you’ll be able to market your bank on social media with the confidence that you’re complying with FFIEC guidelines. As experienced social media attorneys, we understand the complexities and frustrations you’re facing, and know how to get your financial institution into compliance. In fact, we founded our law firm four years ago with a primary focus of social media compliance for banks and social media compliance for credit unions.
Having conducted many risks assessment for banks and credit unions across the country, we know exactly what you need to get into compliance and what it will cost so that you can enjoy the peace of mind that everything is being handled correctly. Best of all, we work hand-in-hand with your compliance and marketing departments to make sure you can accomplish your marketing goals in a safe and compliant manner.
So, what are you waiting for? Contact us today to get your financial institution into compliance.
