Skip to main content

Social Media for Financial Institutions - Final Guidance

Written by Amy Malone

At the end of 2013,  the Federal Financial Institutions Examination Council (FFIEC) became the latest regulator to weigh in on social media and offered their final social media guidance.  The proposed regulation was released last January (mentioned in our post here.) The final guidance is much like the original proposal with the resounding message being that financial institutions need to manage the risks posed by social media.  Actions taken on social media are not exempt from laws and regulations that apply to other communications channels. Financial institutions are not expected to monitor all internet communications for complaints, but they are expected to monitor their own social media and respond as appropriate.

In addition, financial institutions are not required to monitor social media pages of employees, but should develop and train employees on proper social media use (developing employee social media policies comes with its own hurdles – see our blog posts here and here.)

During the December 19 interagency teleconference discussing the final guidance, FFEIC representatives explained what type of due diligence institutions should conduct on third party social media sites (such as Twitter and Facebook).  The representatives said institutions should consider the type of information that is shared on the site, the site’s reputation and the type of control the institution has over the site (the teleconference slides are available here.)  Representatives noted that they have not developed examination procedures specific to social media, but will review social media activities using the current examination process.

Although specific to financial institutions, this guidance is helpful for companies in any industry.  If you haven’t considered the risks social media imposes to your company and customers - now is the time!  Contact one of Mintz Levin’s Privacy Attorneys for assistance.


Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.