The final version of the FFIEC’s Guidance on social media policies and practices was finally produced this week. The FFIEC (the US equivalent to the FCA) issued its first consultation document in January 2013. The guidance, which is mandatory for all organisations that deal with finance and banking in the US, covers many aspects of social media management and could pave the way for similar regulation in the UK. The guidance states that banking institutions should have risk management programmes in place that identify, measure, monitor and control risks associated with social media.
Regulators state: “The size and complexity of the risk management programme should be commensurate with the breadth of the financial institution’s involvement in the medium.
For instance, a financial institution that relies heavily on social media to attract and acquire new customers should have a more detailed program than one using social media only to a very limited extent A governance structure with clear roles and responsibilities about how using social media contributes to the strategic goals of the institution, including:
• Policies and procedures for monitoring of social media
• A risk management process for selecting and managing third-party relationships
• An employee training program
• An oversight process for monitoring information posted to social media sites administered by the financial institution or a contracted third party
• Audit and compliance functions to ensure ongoing compliance; and parameters for providing appropriate reporting to management regarding the effectiveness of the institution's social media
Whether it is decided to enforce a code of practice in the UK or not, these seem to be very sensible procedures for any organisation that has a social media presence to live by. For the full document go to the FFIEC website.