Social Media guidance from FFIEC and governed agencies .. up for comments!

The FFIEC released today (January 22, 2013) the “Social Media:  Consumer Compliance Risk Management Guidance” and is available here online.  The release is seeking comments and is a great opportunity to see where enforcement agencies are leaning; what are the concerns they are seeing on a macro scale, and their intended path to mitigating these unique areas.

“The 31-page proposal addresses how social media impacts compliance and legal risk, operational risk, reputational risk, and an increased risk of harm to consumers. While the agencies note that no additional regulations apply to social media, the relatively casual communication channels are not exempt from the rules, either.

According to the proposal, social media risk management programs should include a governance structure that includes how social media contributes to strategic goals, policies and procedures, third party due diligence, employee training, oversight, audit and compliance functions, and a reporting process.” – reference

Considering the velocity of the risks in this area and the lagging of legislation, it is fair to say that those even OUTSIDE the purview of the FFIEC, should strongly consider these as inputs to their compliance and security programs.

“The FFIEC invites comments on any aspect of the proposed guidance. It is specifically seeking comments on the following questions:

  1. Are there other types of social media, or ways in which financial institutions are using social media, that are not included in the proposed guidance but that should be included?
  2. Are there other consumer protection laws, regulations, policies or concerns that may be implicated by financial institutions’ use of social media that are not discussed in the proposed guidance but that should be discussed?
  3. Are there any technological or other impediments to financial institutions’ compliance with applicable laws, regulations, and policies when using social media of which the Agencies should be aware?”

Participate in the comments and invoking of these guidances here.

The guidance itself is again available here. (pdf)

Best,

James DeLuccia

*See me speak at the RSA 2013 Conference – Passwords are Dead (I’ll also be posting research elements on this site for the communities input)

Advertisements

One response to “Social Media guidance from FFIEC and governed agencies .. up for comments!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s