The FFIEC is the formal inter-agency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by, among others, the Federal Reserve System, the Federal Deposit Insurance Company (FDIC) and the Consumer Financial Protection Bureau (CFPB). The memorandum issued by the Council, "Social Media: Consumer Compliance Risk Management Guidance," is meant to "address the applicability of federal consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks, savings associations, and credit unions, as well as nonbank entities supervised" by the CFPB. Compliance officers with financial institutions as well as other senior managers at such institutions would be well served to review the Council's Guidance not only pursuant to their own responsibilities and obligations as outlined in the memorandum, but also because the memorandum provides a brief, yet substantive, overview of a wide variety of laws applicable to the financial sector's use of social media. The Guidance makes reference to, and provides relevant summaries of, a variety of laws including, but not limited to, the Truth in Savings Act, the Equal Credit Opportunity Act, the Truth in Lending Act and the Fair Debt Collection Practice Act.
The Guidance states that a "financial institution should have a risk management program that allows it to measure, monitor, and control the risks related to social media." It also specifies that the risk management program should provide guidance and training for employee official use of social media. The components of the risk management program include, in brief, the following:
- a governance structure with clear roles and responsibilities;
- policies and procedures regarding the use and monitoring of social media and compliance with all applicable consumer protection laws and regulations, and incorporation of guidance as appropriate;
- a risk management process for selecting and managing third-party relationships in connection with social media;
- an employee training program;
- an oversight process for monitoring information posted to the financial institution's social media site;
- audit and compliance functions to ensure ongoing compliance; and
- parameters for providing appropriate reporting to the financial institution's directors and senior management for periodic evaluation.
The Guidance points out that "Since this form of customer interaction tends to be both informal and dynamic, and may occur in a less secure environment, it can present some unique challenges to financial institutions."