A couple of years ago, I opined that the time was coming when the federal bank regulators would get around to "suggesting" that every bank have a policy in place that governed the use of social media by its employees.
At some point (which may have already arrived), banks aren’t going to have the option of doing nothing. Social media use by employees is proceeding at a rapid pace, and social media governance policies are a wise idea, whether or not the bank is going to jump into the use of social media itself. Not having any policy to govern the use of social media by employees in ways that could adversely affect the bank, or, having a policy in place but not adopting effective tools to monitor and enforce it, might be considered to be unsafe. As a recent client alert from Norris McLaughlin & Norris P.A. points out, the SEC and FINRA are already focused on social media sites and the risks they pose to the businesses they regulate. While the federal banking agencies are currently otherwise occupied, banks should take the trend seriously and be seriously thinking about social media governance.
The federal banking regulators have finally gotten around to specifically addressing social media risks, and the time for seriously thinking about social media governance has arrived for even the most dilatory of banks. On January 22, 2013, the FFIEC issued proposed consumer compliance risk guidance with respect to social media. Included in the proposed guidance is the following admonition:
Financial institutions should be aware that employees’ communications via social media — even through employees’ own personal social media accounts — may be viewed by the public as reflecting the financial institution’s official policies or may otherwise reflect poorly on the financial institution, depending on the form and content of the communications. Employee communications can also subject the financial institution to compliance risk as well as reputation risk. Therefore, financial institutions should establish appropriate policies to address employee participation in social media that implicates the financial institution.
Yes, it's "proposed guidance." The FFIEC is asking for comments, and if you have any, get them in within the 60-day window. Nevertheless, I do not expect that the FFIEC will abandon its position that financial institutions should adopt "appropriate policies" regarding employee use of social media that could impact the institution.
Don't be one of those laggards like the slugs we saw who dragged their heels on multi-factor authentication in online banking. If you haven't already done so, get a sound policy in place. By "sound," I mean well thought out and cognizant of the practical and legal nuances. You'll be glad you did, and so will your regulator.
****************************************************************************************************************************
Chris Dye of Harland Financial Solutions and I are doing a webinar next month for BankersHub on the topic of "de-risking" the legal risk of social media use by financial institutions and their employees. Although special attention will be given to the proposed FFIEC guidance, we'll be ranging beyond that subject.
