Author: Karen Crumbley, karenc@gladtech.net
“Hey, look here…” as Uncle Si from the Duck Dynasty TV show would say, “I live by my own rules (reviewed, revised and approved by my wife)…but still my own.”
Si’s quote reminds me of Social Media: Consumer Compliance Risk Management Guidance: Proposed Interagency Guidance, an OCC bulletin released in January of 2013 that outlines proposed guidelines for Financial Institutions (FIs) communicating via social media channels. Similar to Si’s comment, FI personnel will soon be required to follow social media communication standards that are reviewed, revised and approved by FI management. The OCC bulletin [Docket No. FFIEC-2013-0001] provides straightforward insight for managing risks related to social media. However, even with the detail provided there is still much to learn about this guidance. For example:
Will there be significant changes from the proposed guidance?
What will examiners choose to focus on after the guidance is available?
When can we expect the official release and date for compliance?
Even without the formal release of the guidance, FIs can start their strategic approach to address forthcoming social media initiatives, beginning with employee education on social media communication usage. The following bulleted item is a minimum expectation that FIs can anticipate:
An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities.
Regardless of how an FI uses social media, it should address social media communications for employees within its Acceptable Use Policies and Procedures. Bank management should review relevant points in these employee policies and consider enhancing the content. In addition, each FI will need to document the training deployed to personnel that participate in FI-related social media communications as part of their job description. These individuals will need to understand the legal, compliance, reputational and operational aspects associated with social media so that they can carry out their job role accordingly. Having the ability to demonstrate employee participation regarding social media training through automated activity reporting would also be beneficial.
Another point to consider as you review existing policies is that the proposed guidance defines social media as “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.” The examples they provide expand beyond the typical list of micro-blogging sites (e.g., Facebook, Google+, MySpace, and Twitter). Other areas of concern include forums, blogs, customer review websites, and bulletin boards (e.g., Yelp); photo and video sites (e.g., Flickr and YouTube); sites that enable professional networking (e.g., LinkedIn); virtual worlds (e.g., Second Life); and social games (e.g., FarmVille and CityVille). Consider all of the outlined examples when developing your training program and address the risks accordingly.
In summary, training employees to understand the appropriate use of social media can benefit your FI’s ability to protect non-public information and also has far-reaching aspects for mitigating risks. You will not regret planning for the inevitable roll out of the impending social media regulatory guidance, and remember….
“There are two kinds of people in this world…the educated and the unducated.” – Uncle Si, Duck Dynasty TV show