WASHINGTON For bank regulators and the industry, writing risk management policies around banks' use of social media is akin to trying to board a moving bullet train.
But the agencies have won praise for attempting to propose a framework intended to be applied for both the current and future social media landscape.
"Social media is very dynamic. It's difficult to put in place guidance when social media is still developing and changing," said Mercedes Kelley Tunstall, a partner at Ballard Spahr and one of three panelists who will address policy issues facing banks' use of social media at American Banker's 3rd Annual Regulatory Symposium.
Regulators, Tunstall added, "don't want to hamper the banks from being able to improve what happens with social media channels as those channels get more mature. They don't want to get in the way of that."
The Federal Financial Institutions Examination Council issued 30 pages of proposed guidance in January intending to help banks and credit unions understand how their social media platforms should fit into their overall compliance and risk management systems.
Among other things, the proposal said that banks should have a risk management program in place for social media that is "commensurate" with the extent of its use of social media.
"A financial institution that relies heavily on social media to attract and acquire new customers should have a more detailed program than one using social media only to a very limited extent," the regulators said. (The FFIEC includes the Federal Reserve Board, Federal Deposit Insurance Corp., National Credit Union Administration, Office of the Comptroller of the Currency, and Consumer Financial Protection Bureau.)
Under the guidelines, a proper risk management approach would include a clear "governance structure" for establishing controls around an institution's use of social media, due diligence procedures for contacts with third-party providers related to social media and a training program for employees' use of work-related social media. The proposal also addressed how institutions should incorporate their use of social media into compliance with various consumer protection laws, including the Truth in Savings Act, Fair Housing Act and the Truth in Lending Act.
For example, the disclosure requirements under Regulation Z which implemented TILA should be considered when a bank markets a credit-related product through social media, the proposal said.
"Any social media communication in which a creditor advertises credit products must comply with Regulation Z's advertising provisions," the regulators said. "Regulation Z broadly defines advertisements as any commercial messages that promote consumer credit, and the official commentary to Regulation Z states that the regulation's advertising rules apply to advertisements delivered electronically."
The agencies' decision to outline guidance as opposed to more prescriptive rules for utilizing social media appear aimed at giving institutions broad principles for developing a risk management approach. Stricter rules could run the risk of being out of date quickly after future innovations in social media.
Jim Rau, a senior vice president and associate general counsel at Bank of America, cited the example of certain social media sites that have already grown in popularity in the time that policymakers have developed a regulatory approach.
"The challenge for everyone in social media is that it's not as finite as, 'This is what it is and it will never change,'" said Rau, who will also be a panelist at the American Banker symposium. "It's constantly evolving. For example, when we were having conversations about this months ago, the use of Vine, and the transmission of short video clips through social networking, was not at the forefront."
Rau said the regulators "didn't define social media as only limited to" today's popular sites.
"They're trying to establish the concept that if it's a place where your consumers and others can interact electronically, you need to think about how you manage that," he said.