While engaged in a "myth busting" exercise via the myth busters preferred venue, Source Media, FDIC senior policy analyst Elizabeth Khalil responded to one "myth" with an answer that, while it may be technically correct, may also fly in the face of recent "boots on the ground" experience.
Ms. Khalil, one of the authors of the FFIEC's proposed guidance on social media use by financial institutions, was responding to various negative comments and alleged concerns expressed by critics of the proposed guidance. One of the "myths" allegedly floated by critics is that the proposed guidance is a "regulation." Obviously, it's not a "regulation," it's "guidance." Ms. Kahlil, however, seems to negate the impact of the guidance as an embodiment of "safe and sound banking practices" that most of us in the private sector and, we assumed, most of those in the regulatory agencies, thought such guidance was intended to be.
"It doesn't create any new obligations or burdens," Khalil says. "To create any new obligations we would have to issue a regulation. We can't impose new obligations through the guidance. That's important to emphasize, because a lot of people have been referring to this document as a regulation or as rules, and that is not correct."
A bank's examiners could not cite violations of the guidance, she says. "You can't technically violate guidance. You can violate the laws and regulation referred to in the guidance, but not the guidance itself."
She then goes on to state that the guidance was intended to be some sort of public service announcement, designed, at the request of ignorant bankers, to clue them in on the risks of social media that they could not get from other sources, such as consultants and lawyers in the private sector who are paid to tell bankers what the risks might be and how to mitigate those risks. In other words, FFIEC guidance is some sort of an educational tool but not the basis for the assertion of regulatory enforcement action if a financial institution doesn't follow it.
Don't believe it. While it is true that guidance is not regulation, and a "violation" of "guidance" should not have the same effect as the violation of a formally adopted "regulation," a number of bank lawyers who have reviewed a client's report of examination in the years 2007 through 2012 and saw a Matter Requiring Attention, or reviewed a "15-day Letter" from a regulatory agency threatening a potential enforcement action against a bank's current or former officers and directors, saw among the laundry list of alleged "violations" an item that alleged that the bank violated the Statement of Policy on Concentrations in Commercial Real Estate Lending, Sound Risk Management Practice. That "Statement of Policy" specifically states that it is "guidance," yet alleged violations of it are cited as forming the basis for regulatory sanctions, including enforcement action. If violations of guidance can't be cited by an examiner in a report of examination, then what are citations of such violations that I and others have seen with our own eyes in examination reports doing there? I'm speaking of examinations done by the FDIC, by the way.
I have always understood such guidance as providing "rules of the road" that financial institutions should follow if they want to be in conformance with safety and soundness principles. Violating "safety and soundness" standards is a basis for regulatory action against the institution. Thus, I think that, notwithstanding Ms. Khalil's dismissal of the guidance as not rising to level of a "regulation," any financial institution would be foolish not to treat it seriously.