Community Bankers of Iowa Monthly Banker Update January 2014 | Page 10

Banks and Social Media - FFIEC Guidance
Written By: Janet E. Phipps Burkhead, Dickinson Mackaman Tyler & Hagen, PC
On December 11, 2013, the FFIEC issued final guidance
regarding consumer protection and compliance laws,
regulations, and policies related to social media activities
conducted by federally supervised financial institutions and
nonbanks supervised by the CFPB. For purposes of the FFIEC
Guidance, ”social media” is defined as “a form of interactive
online communication in which users can generate and share
content through text, images, audio, and/or video.”
The Guidance provides examples of social media, such as
micro-blogging sites (e.g., Facebook, Twitter); forums, blogs,
customer review web sites and bulletin boards (e.g., Yelp);
photo and video sites (e.g., Flickr, YouTube); professional
networking sites (e.g., LinkedIn); virtual worlds (e.g., Second
Life); and social games (e.g., FarmVille and CityVille). For
purposes of this Guidance, messages sent via traditional

email or text message, standing alone, do not constitute
social media, although the Guidance cautions that such
communications may be subject to a number of laws and
regulations discussed in the Guidance.
The Guidance does not impose new requirements on
financial institutions. Rather, it is intended to assist financial
institutions understand potential consumer compliance and
legal risks, as well as related risks such as reputation and
operational risks, associated with the use of social media,
along with expectations for managing those risks. Generally,
the Guidance addresses four areas: 1) Risk Management
Expectations; 2) Third Parties and Social Media; 3) Monitoring
and Security; and 4) Existing Regulations and Social Media.
1. Risk Management Expectations for Social Media
The institution’s risk management program should be scaled to
the breadth of the involvement in social media. If the institution
relies heavily on social media to attra