I had the pleasure of presenting The Real Impact of
Social Media at the Arizona
Bankers Association Annual Convention at the Ritz-Carlton, Dove Mountain. The Convention was jam packed with amazing roundtables, panels, presentations, and
events. The AzBA counts over 70 banks and credit card operations
among its members, and the Convention is certainly well-attended and enjoyed by
all. And the fact that we were surrounded by gorgeous desert scenery made
it even better.
First, I promised I would post on the blog a link to the
Federal Financial Institutions Examination Council (FFIEC) January 2013
guidance on social media: here it is.
I have written a lot about social media and the impact on employers;
however, the banking industry also has specific guidance from the FFIEC that
could be helpful for any business to review and understand - whether the
company is engaging with its customers on social media or not. The reality is employees
and customers will be discussing the company online, and there need to be
policies in place and risk management teams need to prepare the company for
potential "crisis" scenarios.
The FFIEC's guidance is intended to help financial
institutions such as federally supervised banks and certain non-bank entities
understand the potential risk associated with social media, along with
expectations for managing those risks. It discusses the importance of the risk
management team, which should include participation from specialists in
compliance, technology, information security, legal, human resources, and
The components of a risk management program include:
A governance structure with clear roles and
responsibilities in which the board of directors or senior management direct
how social media contributes to the strategic goals of the institution and
establishes controls and ongoing assessment of risk in social media activities.
Policies and procedures
regarding the use and monitoring of social media. The FFIEC guidance does not
address employment law principles; therefore, a company will have to balance
any regulatory requirements with the protections that are afforded to employees
under local, state and federal law.
An employee training program that incorporates the
policies for official, work-related use of social media and also defines
A due diligence, audit and compliance process for
overseeing third-party service provider relationships and ensure compliance
with internal policies and all applicable laws and regulations.
An oversight process that may monitor information
posted to proprietary social media sites administered by the financial
institution or a contracted third party. There are detailed laws regarding the
liability that may result when a company responds to or otherwise controls the
content of a website; therefore, that must be evaluated as well.
Parameters for providing appropriate reporting to
the financial institution's board of directors or senior management that enable
periodic evaluation of the effectiveness of the social media program and
whether the program is achieving its objectives.
The efforts and expenditures a company makes will have to
be determined based upon its size and social media activities. Even the FFIEC
guidance contemplates that small banks may not have the same obligations as
The important takeaway for any business - laws do
not contain exceptions for social media. Companies need to evaluate privacy
laws, document retention policies, advertising rules or regulations, and all
other applicable local, state and federal laws to determine what actions they
must take to remain compliant when engaging others online or responding to
actions taken on social media and networking sites.
Read more articles on employment law issues
at Employment and the
Law, a blog by Ashley Kasarjian.
For more information about LexisNexis
products and solutions connect with us through our corporate site.