CU Compliance Connection FFIEC - Social Media
Social Media Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the members, and engaging with existing and potential members. Since this form of member interaction tends to be both informal and dynamic, and may occur in a less secure environment, it presents unique challenges to credit unions.
Social Media The FFIEC published the Guidance to address the applicability of federal consumer protection and compliance laws, regulations, and policies to the social media activities conducted by credit unions and other financial service providers.
Social Media • Social media takes many forms including: • Micro-blogging sites; • Photo and video sites; • Sites that enable professional networking; and • Virtual worlds and social games. • Social media can be distinguished from other online media because the communication tends to be more interactive.
Social Media Risks • Social media risks can include: • The risk of harm to consumers; • Compliance and legal risk; • Operational risk; and • Reputation risk. • Increased risks arise from many sources, including poor due diligence, oversight, or control of the social media process on the part of the credit union.
Social Media Risk Management • Credit unions should have a social media risk management program that allows it to: • Identify; • Measure; • Monitor; and • Control the risks related to social media.
Social Media Risk Management • The credit union’s risk management program should include: • Governance structure; • Established controls and ongoing assessment; • Policies and procedures; • Risk management processes; • Employee training programs; • An oversight process for monitoring information posted to proprietary social media sites; • Audit and compliance functions; and • Appropriate reporting.
Social Media The credit union is expected to take steps to ensure that advertising, account origination, lending activities, and document retention are performed in compliance with all applicable regulations and laws.
Social Media - BSA The FFIEC Guidance states that BSA controls should apply to all members, products and services - including members engaging in electronic banking (e-banking) through the use of social media, and e-banking products and services offered in the context of social media.
Social Media – Reputation Risk • Credit unions engaged in social media activities are expected to properly manage reputation risks that arise from social media including: • Fraud and brand identity; • Third party vendor due diligence; • Privacy Concerns; and • Member complaints and inquires. • .
Social Media – Reputation Risk The credit union should be aware of and address employees' communications via social media; which may be viewed by the public as reflecting the credit union’s official policies and may reflect poorly on the credit union, depending on the form and content of the communications.
Social Media – Operational Risk Social media provides vulnerabilities to account takeover and the distribution of malware. Credit unions should protect systems and safeguard member information from malicious software. Social media should be included in the incident response protocol.
Thank you for joining me for this review of the FFIEC Social Media Guidance Stay Tuned… Shawn Wolbert, CIA, CUERME, CUCE Director CU System Relations 101 S. Washington Square, Suite 900 Lansing, MI 48933-1703 (800) 262-6285 Ext. 486 (734) 658-5427 Mobile Follow me on Twitter – Shawn Wolbert @ Go2CUGuru