On December 11, 2013, the Federal Financial Institutions Examination Council (FFIEC) finalized guidance on social media risk management. While the guidance does not create new regulatory requirements, it does clarify that the existing regulations apply to social media. To ensure they comply, credit unions should review their social media risk assessment, policies and procedures, employee training, and social media content.
Risk Management Program
The final guidance emphasizes the need for a strong risk management program, which can be part of the credit union's overall program. A successful risk management program allows the credit union to measure, monitor, and control risks related to social media. Important components of a risk management program include written policies and procedures, employee training, and an audit function to ensure compliance with internal policies and consumer protection laws and regulations.
Specific Risks: Advertising Disclosures
While an overall risk assessment is a necessity, so is establishing specific compliance and legal reviews of the credit union's social media activity. For example, posting a Facebook update about the credit union's mortgage rates or the credit union's "refer a member" campaign could trigger advertising disclosure requirements.
While the guidance does not provide any exceptions for social media advertisements, credit unions can utilize existing flexibility for certain advertisements by providing disclosures via an electronic link. To help manage the compliance and legal risks, credit unions should establish procedures to review social media (and website) advertisements to ensure they include all the required disclosures.
Specific Risks: Member Complaints
While social media provides a unique way for credit unions to engage with their members (and potential members), it also presents members with a unique way to engage with the credit union. Members are not shy about voicing their frustrations through social media and credit unions should have procedures in place to handle member complaints. For example, a member's complaint on social media not only presents reputation risks but could also trigger the credit union's error resolution requirements for a debit card or a mortgage loan. Detailed member complaint procedures and employee training can help the credit union manage compliance and reputation risks simultaneously.
As use of social media continues to grow, credit unions must have appropriate risk management programs in place to ensure continued compliance with consumer protection laws and regulations.