Skip to main content

New Regulation Comments from FFIEC

By January 31, 20133 min read

Last week the FFIEC issued new suggestions for Social Media and banking. This proposed guidance has implications for those with social media profiles and those who do not yet have profiles. This new guidance does not come as a surprise to the industry, but gives institutions a window of the types of indicators auditors will be looking for.

The FFIEC acknowledges the value of social media and how it can change the financial industry. The institutions who embrace social media and utilize it most effectively will differentiate themselves from their competitors.  However, with the added utility in using social, there are additional measures that need to be taken to limit risk.

From the Consumer Compliance Risk Management Guidance:


FFIEC Guidelines

On Monitoring your Financial Institution:

Any mention is flagged and relayed to compliance, marketing, or any employee that is selected for your institution.

“An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party.”


It is nearly impossible to manually report on social media. Risk management needs to include automated archival and reporting as well as metrics that allow institutions to correlate bank activity and social activity directly.

“Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.”

Employee Training:

Employee training on social media cannot be a one-time only process. And it cannot only be a risk-reduction strategy. Engaging employees in social media is far-more effective when employees are part of the solution to helping influence the bank’s image.

“An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities.”

Employee Compliance:

Also, individual positions within the bank should be treated differently, i.e. Loan officers need to talk about how truth in lending affects social media policy.

“Employee communications can also subject the financial institution to compliance risk as well as reputation risk.”

Current Audits: 

Current auditing processes rarely dig deeply into social media as an ongoing process. But soon they will. By identifying controls by who can post and how content is determined, it is one step into ongoing processes.

“Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance.”

Negative Complaints: 

Focusing on the negative post can be paralyzing; however, having a plan for addressing negative complaints before they arise is critical. Your plan needs to include how to escalate or assign tasks from social as customer service issues to be resolved quickly.

 “Compliance risk can also arise when a customer uses social media in an effort to initiate a dispute…”

In light of these inevitable changes we have been advising our clients in a number of ways including the following tips:

The new guidance from the FFIEC will mature the way banks use social media going forward. At Social Assurance we are happy to see this regulation as it helps focus past regulation and makes it’s less ambiguous to financial entities.