Cohen & Gresser LLP
JANUARY 2013

FFIEC Proposed Guidance on Social Media Risk Management: Practice Points for All Organizations Using Social Media

Karen H Bromberg    

Organizations using social media are confronted with an ever increasing challenge of social media risk management. To help financial institutions identify, measure, monitor, and control such risks, the Federal Financial Institutions Examination Council ("FFIEC") has just released proposed guidance (the "Guidance") on the use of social media by banks, savings associations, credit unions, and nonbank entities supervised by the Consumer Financial Protection Bureau and state regulators.

 

The proposed policy (entitled Social Media: Consumer Compliance Risk Management Guidance) defines social media broadly to include any "form of interactive online communication in which users can generate and share content through text, images, audio, and/or video" and therefore captures micro-blogging sites such as Google Plus, Facebook, MySpace, and Twitter, photo and video sharing sites like Flickr and YouTube, professional networking sites like LinkedIn, and online forums, blogs, bulletin boards, customer review sites, virtual worlds, and online social games.  


The Guidance outlines the steps financial institutions should employ to manage the risks associated with using social media platforms. The Guidance identifies the following key features of an effective social media risk management program:

 
  • "A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution...;
  •  
       
     
  • Policies and procedures...regarding the use and monitoring of social media and compliance with all applicable consumer protections laws...;
  •  
     
  • A due diligence process for selecting and managing third-party service provider relationships in connection with social media;
  •   
     
  • An employee training program that incorporates the institution's policies and procedures...;
  •   
     
  • An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;
  •   
     
  • Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance; and
  •  
      
     
  • Parameters for providing appropriate reporting to the financial institution's board of directors or senior management..."
  • Comments on the Guidance must be submitted before March 25, 2013 and may be submitted through the Federal eRulemaking Portal. Once finalized, covered entities will be expected to follow the Guidance and the FFIEC will encourage state regulators to adopt the policy as law.

     

    In anticipation of this change, all companies - not just financial institutions - should review their policies and practices with respect to all of their interactive online communications to determine if they are consistent with the proposed policy. Although the FFIEC's proposed Guidance, when finalized, will on its face apply only to financial institutions, it is an excellent summary of current best practices for managing social media and a clear indication of how all businesses are likely to be regulated in the future. Companies should seriously consider getting ahead of the curve.

     

    The Guidance can be found here.

    About the Author

    Ms. Bromberg is the head of the firm's Intellectual Property and Licensing Group. She handles all aspects of intellectual property, Internet, and technology law, including license agreements, technology transfer and vendor agreements, joint development and co-branding agreements, privacy policies, website terms of service, and management of IP litigation (including patent, trademark, copyright, and trade secret litigation). She was named as a New York Super Lawyer for Intellectual Property in 2010, 2011, and 2012.

    About Cohen & Gresser
    Cohen & Gresser is a boutique law firm with offices in New York and Seoul. We represent clients in complex litigation and corporate transactions throughout the world. Founded in 2002, the firm has grown to over fifty lawyers in four practice groups: Litigation and Arbitration; Corporate Law; Intellectual Property and Licensing; and White Collar Defense, Regulatory Enforcement and Internal Investigations. Our attorneys are graduates of the nation's best law schools and have exceptional credentials. We are committed to providing the efficiency and personal service of a boutique firm and the superb quality and attention to detail that are hallmarks of the top firms where we received our training.

     

    NEW YORK | SEOUL
    www.cohengresser.com          info@cohengresser.com          PH: +1 212 957 7600
    This information may constitute attorney advertising in certain jurisdictions.