Pub. 4 2014 Issue 1

25 WINTER 2014 D e veloping and maintaining a social media presence is now seen as a necessary part of business and adver- tising. Social media also impacts all employers, including banks and credit unions. On December 11, 2013, the Federal Financial Institutions Ex- amination Council (FFIEC) issued final guidance on the use of social media by banks, savings associations, and credit institutions titled “Consumer Compli- ance Risk Management Guidance.” The FFIEC’s guidance is available online, including on the FDIC’s website at http://www.fdic.gov/news/news/finan- cial/2013/fil13056.html. While the guidance does not impose any new requirements on financial insti- tutions, the purpose of the guidance is to help financial institutions understand and successfully manage the potential risks regarding the use of social me- dia. The nineteen-page guidance also ensures institutions are aware of their responsibilities under applicable existing requirements and work to control these risks within their overall risk manage- ment program. Among the recommendations in the FFIEC’s guidance is the creation of a risk management program by every financial institution. The guidance specifically states that each “financial institution should have a risk manage- ment program that allows it to identify, measure, monitor, and control the risks related to social media.” The FFIEC ac- knowledges that the size and complexity of the risk management program should be commensurate with the breadth of the financial institution’s involvement in and use of social media, but calls for the program to be designed with participation from specialists in compli- ance, technology, information security, legal, human resources, and marketing. The risk management program should include: a clearly defined governance structure; policies and procedures for use and monitoring of social media; a risk management process for selecting and managing third-party relationship; an employee training program on social media including the institutions’ policies and procedures of official, work-related use of social media and potentially for other uses of social media, including impermissible activities; an oversight process for monitoring information post- ed to proprietary social media sites; audit and compliance functions; and param- eters for providing appropriate reporting to the financial institution’s board of directors or senior management. One issue that remains particularly salient is the issue of bank employees’ use of social media. Other than the risk management program components outlined above, the guidance only de- votes one paragraph to employee use of social media. The guidance is not nearly as comprehensive as the 2010 FINRA guidance on social media (available at http://www.finra.org/Industry/Regula- tion/Notices/2010/P120760) or the FTC regulations on disclosure of material connections, 16 C.F.R. § 255.5 (Part 255: Guides Concerning Use of Endorse- ments and Testimonials in Advertising). The FFIEC’s guidance provides only the following regarding employee use of social media: “Financial institu- tions should be aware that employees’ communications via social media may be viewed by the public as reflecting the financial institution’s official policies or may otherwise reflect poorly on the financial institution, depending on the form and content of the communica- tions. Employee communications can also subject the financial institution to compliance risk, operational risk, as well as reputation risk. Therefore, as appropriate, financial institutions should take steps to address these risks, such as establishing policies and training to address employee participation in social media representing the financial insti- tution. For example, if an employee is communicating with a customer regard- ing a loan product through an approved social media channel, policies should include steps to ensure the customer is receiving all of the required disclosures. This Guidance does not address any employment law principles that may be relevant to employee use of social media. In addition, the Guidance is not intended to impose any specific requirements for policies or procedures regarding em- ployee personal use of social media. Each financial institution should evaluate the risks for itself and determine appropriate policies to adopt in light of those risks.” If your bank or financial services com- pany does not have well-defined social media policies and procedures in place and has not thoroughly trained manage- ment and staff on these policies, the time to act is now! w For more information on social media issues in the workplace, contact Nonnie L. Shivers, at 602-778- 3706 or nonnie.shivers@odnss.com . Ms. Shivers is a shareholder in the Phoenix office of Ogletree Deakins and works collaboratively with employers in Arizona and nationally to proactively address workplace is- sues. Ms. Shivers has been with Ogletree Deakins since August 2005. All Atwitter About Social Media: New Guidance Issued for Financial Institutions By NONNIE L. SHIVERS , Ogletree Deakins