SocialMaurice - If ever there was an industry worried about using social, it has financial services. There are lots of ways to get in to trouble, as opposed to using social to sell cookies. Today's site comes to us from Tom Chernaik, CEO of CMP.LY, a social startup whose CommandPost handles third-party entanglement and adoption issues, disclosure and other lawful and measurement challenges. In addition to the Website, give a listen to the recent webcast with Tom and Oracle Social's Angela Wells, "Making it all Make Sense -- The FFIEC's Consumer Compliance Risk Management Guidance." Just register as you would for the live webinar and you'll see the listen on-demand option.
On December 11, 2013, the Federal Financial Institutions Examination Council (FFIEC) published final guidance to tackle how federal consumer safety and compliance laws, regulations and policies relate to social networking actions conducted by retail banks, saving associations and credit unions.
Social media usage is subject to virtually the same legal requirements as other forms of business-related media use; the only exception is social networking happens only on the Internet. Because of this, financial institutions open themselves up to heightened risk by communication on social, even if they don't violate certain regulations. To safeguard against these threats, the FFIEC recommends institutions perform proper risk assessments (that take into account the institution's size, activities and risk profile) and also build a risk management curriculum; the greater the risk profile, the more detailed the curriculum.
The guidance offers simple steps for creating a risk management program:
- Realize the reason why your institution is (or isn't) using social media.
- Discuss institutional targets for social networking use.
- Align company objectives with the strategic vision.
- Enforce a governance structure that highlights a strong "tone from the top."
Financial institutions also will need to create concise and clear policies which address social media existence and comply with relevant consumer privacy regulations and laws, along with the laws and regulations relevant to promotion and the proper use of consumer disclosures. (For example, Bank Secrecy Act/Anti-Money Laundering Programs must be incorporated into a financial institution's policies and procedures to ensure compliance with the Bank Secrecy Act and the Patriot Act's recordkeeping and reporting requirements.)
What's more, policies should address how to control consumer info and address consumer complaints. While a lender does not have to track and react to all of Internet communications on societal, it should perform a suitable review based upon previous risk assessments when assessing how to track and react to these communications.
Once social media policies are finalized, financial institutions are accountable for policy implementation and supervision. Institutions should:
- Identify who can utilize social on behalf of the business, and what can not be shared (e.g. private client information or profanity).
- Explain how employees could use societal as well as the procedures and technologies available for worker social networking use for business purposes.
- Define the frequency of articles publication and processes governing workflow for approval, enforcement and monitoring.
- Distinguish clear roles and responsibilities for supervision.
All in all, the FFIEC's advice was primarily intended to help financial institutions understand the risks involved with social networking use, clarify present compliance requirements and responsibilities and support the implementation of oversight, controls and processes. However, while practical and meant to be relatively simple to implement, the advice should be tailored to meet a specific institution's circumstances and needs.
0 Response to "Ffiec Social Media Consumer Compliance Risk Management Guidance - SocialMaurice"
Post a Comment