= Subscriber content; or subscribe now to access all American Banker content.

Author of FFIEC's Social Media Guidance Rebuts Objections

Ever since the FFIEC released its social media guidance for banks in January, bankers have been concerned about several requirements, such as the difficulty of monitoring employees' social media activities and the challenge of calculating an ROI for social media. Elizabeth Khalil, senior policy analyst supervisory policy at the FDIC and one of the authors of the FFIEC's social media compliance rules, spoke with us and cleared up some common misconceptions.

Myth #1: It's a regulation.

"It doesn't create any new obligations or burdens," Khalil says. "To create any new obligations we would have to issue a regulation. We can't impose new obligations through the guidance. That's important to emphasize, because a lot of people have been referring to this document as a regulation or as rules, and that is not correct."

A bank's examiners could not cite violations of the guidance, she says. "You can't technically violate guidance. You can violate the laws and regulation referred to in the guidance, but not the guidance itself."

And bankers actually asked for this, according to Khalil. "The agencies had been hearing from regulated institutions that were interested in using social media that guidance from the regulators would be helpful in putting together risk management approaches to social media," she says. "Because there's an absence of guidance from the agencies, some institutions were concerned they didn't fully understand the risks social media could raise and all of the regulations that could apply."

Myth #2: It's meant to discourage banks from using social media.

Not so, Khalil says. "The guidance was not put together in response to any problem or issue we were seeing. It was not motivated by a desire to discourage banks from using social media. But we hope that it raises issues FIs will find helpful to consider when putting together social media programs."

Myth #3: The guidance requires all banks to have the same risk management program for social media.

Among the 80 comments the FFIEC received about its proposed guidance, "some commenters raised concerns that we were advocating a one-size-fits-all risk management approach," she says. "We are not advocating a one-size-fits all risk management approach. Financial institutions should develop a risk management approach that works for their risk profile."

Myth #4: The guidance prohibits bank employees from having their own social media pages.

In drafting the guidance, the agencies wanted to avoid wading into the waters of employment law, Khalil says. "We're not being prescriptive regarding the policies financial institutions should have around their employees' use of social media," she says. "We did raise the issue that employee use of social media can raise certain risks for financial institutions that it may be useful to consider." But the FFIEC does not say precisely what banks should do about it.

Myth #5: Banks are now required to monitor everything said about them on social media networks.

"A financial institution should regularly monitor the information it places on social media sites," Khalil says. Banks should also consider whether and how to respond to communication about them on social media sites. "But we did not propose requiring the financial institution to monitor everything said about it on social media," she says.

Myth #6: The guidance requires the board of directors and/or senior executives to directly oversee social media initiatives.

"We're not creating any new or special reporting requirements or board oversight requirements that are specific to social media," Khalil says. "As with any risk, any activity, board and senior management have oversight responsibilities generally." The board and senior management should be informed and aware of a bank's social media activities and risk management generally, she says.

Myth #7: Banks need to constantly monitor the social media activity of any third parties they work with, to make sure they're not discussing the bank in an inappropriate way.

The FFIEC guidance on third party contractors is directed at due diligence on companies used for social media, contractual provisioning, and ongoing monitoring of the third party during the course of the relationship, Khalil says. "With social media, financial institutions may be working with a number of third parties that are not traditional service providers or vendors, e.g. a provider of a social media platform. Why not conduct the same type of due diligence and engage that they would do for any third party?"

Myth #8: Banks have to be able to calculate a return on investment on their social media efforts.

The FFIEC says banks need to have their board or executive officers set social media strategy, review the effectiveness of the strategy at least once a month, and receive reports on social media results.

Some bankers worry about this requirement, believing that return on investment is too hard to measure on fledgling social media programs.

"The proposed guidance does not offer any metrics or calculations," Khalil says. "There's no specific metric calculation that we're imposing."


(4) Comments



Comments (4)
It's not a question of "violating guidance". It's a question of being up to speed with the new technology and communication platform for receiving new customers and retaining existing ones. Learning to be ahead of the curve with compliance, staff involvement, back up of your social media and social media policies can put you way ahead of the game which will continue to evolve and perhaps change some of the "guidelines" to hard and fast "regulations".
Posted by DoWeComply.com | Thursday, June 13 2013 at 10:47AM ET
"You can't technically violate guidance." Did everyone just read that?
Posted by anonymous commentator | Wednesday, June 12 2013 at 11:49AM ET
Good article dispelling some myths but its understandable that those in the banking industry would be concerned over some of these "guidelines". There are proper ways to establish a social media policy for employees that also helps people understand what is suggested as appropriate on their own social media sites. We work with a company that will also let you "backup" to your computer all the information on your social media sites so that you have that information off of the social media platforms such as Facebook. It is important to understand the value of social media in marketing and branding but it can be done with little headaches. A social media policy which meets the NLRB, Federal Law and State Laws (which are changing); proper use of social media and proper training for employees allows your employees to be become a part of your outgoing marketing and not a part of a new "problem".
Posted by DoWeComply.com | Wednesday, June 12 2013 at 11:42AM ET
To say that FDIC guidance "doesn't create any new obligations or burdens" is either naive or disingenuous. Banks are routinely told by examiners that the Management component of their CAMELS rating will be downgraded if guidance is not strictly adhered to.
Posted by drhansen | Wednesday, June 12 2013 at 10:26AM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.