Banking Exchange Magazine Logo

Social media focus of new regulatory guidance

Regulators increase scrutiny of social media for marketing

Social media focus of new regulatory guidance

Recent FFIEC guidance on social media use reflects growing sophistication among both regulators and bank marketers; an ABA expert details key points

In December the Federal Financial Institutions Examination Council issued final guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks and other financial institutions.

As the council said upon its release, “the guidance does not impose any new requirements on financial institutions. Rather, it is intended to help financial institutions understand potential consumer compliance and legal risks, as well as related risks such as reputation and operational risks, associated with the use of social media, along with expectations for managing those risks.”

However, the 19-page document does go into detail about what the regulatory agencies expect of their covered institutions. Denyette DePierro, senior counsel at ABA, recently detailed what the guidance says and how it may fit in with bank’s plans for compliance.

She spoke during the recent ABA briefing/webcast “Let’s Talk Social Media Compliance and Risk,” which is part of a series of such briefings sponsored by ABA. (For more information, go to

“The first thing to realize is that regulators are actually quite active and are sophisticated users of social media themselves,” DePierro says. “They know how social media works and understand how the messaging works.”

In fact, she says, bank examiners since at least 2010 have included in their exam questions pointed questions about bank use of social media. These include: do you offer and maintain a social media presence? If you do, describe the use of the presence and whether or not you’re using social media to promote products and services. And what are your controls, and, specifically, do you have policies and procedures?

The recent guidance more or less echoes these queries, with seven specific regulatory expectations. These are:

• A governance structure for social media use.

• Policies and procedures.

• A risk management process.

• An employee training program.

• An oversight process for monitoring.

•  Audit and compliance.

• An appropriate reporting to the financial institution’s board of directors or senior management.

“There’s not necessarily much new in the guidance but there are some tweaks you need to be aware of,” DiPierro says. These include, she says:

• It’s not overly prescriptive. “It is very idiosyncratic [and recognizes] that banks are all over the spectrum in their sophistication, their level of use, where they are active, how they are active, and who’s allowed to post.”

• It applies not only to banks that are active in social media, but to those that are not. “Even if you’re not active on social media there are expectations that you are going to be monitoring [this area] and that you have some amount of employee training.”

• It does not provide a comprehensive review of the applicable rules and regulations. “We [ABA] had asked for at least a listing of requirements that apply.”

• It does provide a definition of social media. “This is a bit new, although it has an interesting exception for the use of email.”

According to the guidance, FFIEC defines social media as “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.” Later it says, in part, “For purposes of this Guidance, messages sent via email or text message, standing alone, do not constitute social media.”

Download the guidance at: Social Media: Consumer Compliance Risk Management Guidance

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top


About Us

Connect With Us



Navigating Fraud in the World of Instant Payments:
Strategies for Success

Time/Date: February 28, 2:00-3:00 ET

As payment technology advances, so does the need for effective fraud prevention strategies.

Join experts Mike Cook, VP of Commercialization, Fraud Solutions at Socure, and Mark Majeske, SVP of Faster Payments at Alacriti, in this Banking Exchange hosted webinar on February 28, 2:00-3:00 ET, as they discuss the current and future state of fraud in the instant payments landscape, and share strategies for protecting your business in the face of evolving fraud trends.

Key topics to be covered include:


This webinar is brought to you by:
Alacriti logo