I had the pleasure of presenting The Real Impact of Social Media at the Arizona Bankers Association Annual Convention at the Ritz-Carlton, Dove Mountain. The Convention was jam packed with amazing roundtables, panels, presentations, and events. The AzBA counts over 70 banks and credit card operations among its members, and the Convention is certainly well-attended and enjoyed by all. And the fact that we were surrounded by gorgeous desert scenery made it even better.
First, I promised I would post on the blog a link to the Federal Financial Institutions Examination Council (FFIEC) January 2013 guidance on social media: here it is.
I have written a lot about social media and the impact on employers; however, the banking industry also has specific guidance from the FFIEC that could be helpful for any business to review and understand – whether the company is engaging with its customers on social media or not. The reality is employees and customers will be discussing the company online, and there need to be policies in place and risk management teams need to prepare the company for potential “crisis” scenarios.
The FFIEC’s guidance is intended to help financial institutions such as federally supervised banks and certain non-bank entities understand the potential risk associated with social media, along with expectations for managing those risks. It discusses the importance of the risk management team, which should include participation from specialists in compliance, technology, information security, legal, human resources, and marketing.
The components of a risk management program include:
A governance structure with clear roles and responsibilities in which the board of directors or senior management direct how social media contributes to the strategic goals of the institution and establishes controls and ongoing assessment of risk in social media activities.
Policies and procedures regarding the use and monitoring of social media. The FFIEC guidance does not address employment law principles; therefore, a company will have to balance any regulatory requirements with the protections that are afforded to employees under local, state and federal law.
An employee training program that incorporates the policies for official, work-related use of social media and also defines impermissible activities.
A due diligence, audit and compliance process for overseeing third-party service provider relationships and ensure compliance with internal policies and all applicable laws and regulations.
An oversight process that may monitor information posted to proprietary social media sites administered by the financial institution or a contracted third party. There are detailed laws regarding the liability that may result when a company responds to or otherwise controls the content of a website; therefore, that must be evaluated as well.
Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its objectives.
The efforts and expenditures a company makes will have to be determined based upon its size and social media activities. Even the FFIEC guidance contemplates that small banks may not have the same obligations as larger banks.
The important takeaway for any business – laws do not contain exceptions for social media. Companies need to evaluate privacy laws, document retention policies, advertising rules or regulations, and all other applicable local, state and federal laws to determine what actions they must take to remain compliant when engaging others online or responding to actions taken on social media and networking sites.