Privacy

FFIEC Releases Social Media Guidance

Published: Jan. 30, 2013

Updated: Oct. 05, 2020

Businesses of all kinds are increasingly finding ways to use social media to further their business goals.  Social media, however, can introduce new problems.  Responding to this issue as it affects financial institutions, the Federal Financial Institutions Examination Council (FFIEC) released a draft set of guidance in late January addressing the use of social media.

The draft guidance states that issuing agencies want to “help financial institutions understand potential consumer compliance and legal risks, as well as related risks, such as reputation and operational risks associated with the use of social media, along with expectations for managing those risks.”  The draft guidance does recognize, however, the utility of social media for financial institutions (including for such purposes as generating new business, interacting with consumers, improving market efficiencies, and broadly distributing information).

The draft guidance analyzes the effects social media can have financial institutions and the risk considerations that come into play.  The risk management program mentioned in the guidance, however, is something that would likely already be in place under existing requirements.  For example, the draft guidance states that the risk management program within an organization should include a governance structure, policies and procedures, a due diligence process , and an employee training program.  Clearly, none of these would wind up being put in place just because an organization decided to use social media.

Some of the more noteworthy issues raised by the draft guidance include:

    1. Social media “tends to be more interactive”:  Many people have gotten used to the spontaneous and casual nature of social media.  The interactivity itself doesn’t necessarily introduce new risks, but it does amplify existing risks.
    2. Defamation and libel risk:  At one point, the draft guidance mentions that “defamation or libel risk exists where there is broad distribution of information exchanges.”  The nature of the medium definitely increases the risk of this being an issue.
    3. Reputation: Organizations that don’t use social media still need to be aware of the reputational issues that may arise via the use of social media by other third parties.  In particular, a brand watch program might be appropriate for organizations that attract negative attention online.
    4. Privacy:  The draft guidance mentions that “privacy rules have particular relevance to social media.”  Privacy also isn’t something new but the nature of the medium, coupled with how consumers use it, increase certain risks.  A company must be prepared accordingly.  Further, employees may social media for personal purposes, but the interconnected nature of these accounts may create unintended consequences for the financial institutions.  (e.g., Joe Smith, who works for BigUSABank, says something problematic and this later gets linked back to the employer).
    5. Content ownership:  One other interesting question to ponder:  If the Bank itself uses 3rd party social media tools, what rights do they retain in the content?  This becomes an element of vendor/partner management.
    6. Training:  In many of the above scenarios, it is REALLY important to have good training (or disallow the use of social media altogether, in the alternative).

Social media is clearly here to stay.  It will continue to evolve and grow into new and more interactive platforms.  This undoubtedly presents risks for financial institutions but, as the FFIEC draft guidance points out, existing risk management programs of such institutions likely already address the general aspects of that risk.  Social media simply requires a recalibration of those existing risk management programs.  If you would like to submit comments, they are due to http://www.regulations.gov by March 22, 2013.  Please contact any of the ZwillGen attorneys if you would like help or guidance on submitting comments.