SOCIAL MEDIA RISK:
KEEPING UP WITH THE
JONESES
WHILE MANAGING RISK
Session Outline
• Review of FFIEC Guidance
• Application of Guide to Social Media Use
• Group Discussion using Real World Examples
The Business Case
How are banks using social media?
• Marketing
• Information
• Onboarding customers
What other benefits?
What is Social Media?
• Interactive online communication where users can
create and share content
• Text and email are not included unless sent
through social media channels
How do Financial Institutions Use It?
Ways include:
• marketing
• incentives
• account openings
• customer reviews
• customer complaint resolution
• loan pricing
Why the Big Deal?
• Vast opportunities for direct customer interaction in
marketing, support, and research
• risks: lack of control; informal, dynamic forum; hard
to oversee usage by bank's employees
• benefits: increased brand awareness, advertising,
customer interactions, customer research
The Regulatory Context
Social media risk impacts:
•
•
•
•
Safety and soundness
Compliance/Consumer Protection
BSA/AML
Technology Operation
FFIEC Guidance
• Addresses applicability of federal consumer
protection and compliance in social media activities
• Imposes no new requirements
• A guide to existing requirements, supervisory
expectations and risk management
FFIEC Guidance Key Issues
•
•
•
•
Consumer privacy and transparency
Risk from brand identity fraud - spoofing
Improper behavior of host sites or other third party
Employees who communicate with consumers or
for their personal use where they reference the FI.
What are the Overall Risks?
• Risk of harm to consumers
• Consumer compliance and other legal risks
• Operational risks
• Reputational risks
FFIEC Guidance - Regulatory
Compliance Issues
•
•
•
•
•
•
•
•
•
•
Truth in Savings, Reg DD
Fair Lending – Reg B, ECOA, FHA
Equal Housing Lender, CRA, RESPA
Truth in Lending, Reg Z
Fair Debt Collections Practices Act
Advertisement of insured products
Nondeposit Investment Products
UDAP, BSA/AML
Reg E, check transactions
customer feedback/complaints/privacy
Conducting a Social Media Risk
Assessment
• Evaluate all current uses, and related technology, data
security, data privacy and regulatory compliance risks
• Repeat for any new or modified uses, use to develop social
media risk management program
Developing a Social Media Risk
Management Program
• Initial Program Design should take regulatory and risk
mitigation into account
• Up-to date technology and practices should be built in at all
levels. Bank has to work with its own and social media
platform’s technology service providers to implement.
• Robust monitoring programs implemented and fully utilized
• Communication among program participants is key.
• All applicable Bank compliance programs need to take
Social Media Program into account and vice versa.
Specific Compliance Practices
• Privacy/PCI Compliance/Security/Data Integrity
• risk mitigation practices and controls
• review of all social media content and activities
for compliance with applicable law
Technology-Oriented Risks
• Data security (FI/social media channel provider)
• Data privacy
• Third party vendors/risk management challenges
Group Discussion
• Real world examples of FI social media activities and
related regulatory compliance, data privacy and technology
issues
• How participation does/does not vary by size
• How CFPB-regulated non-bank entities are using social
media and what special challenges they might present
• What happens if Facebook succeeds in its quest to be
everyone’s Single Sign-On?
For further questions, contact:
Linda Odom,
Bryan Cave LLP
linda.odom@bryancave.com
(202) 508-6331 (office)
(434) 284-1952 (mobile)