FFIEC Releases Social Media Guidence Letter

The FFIEC has released a proposed Social Media Guidance document for public comment.  Credit unions should be aware that if this guidance is released in final form, it is likely that the NCUA will adopt this document and require compliance with the guidance.

The content and our opinion of the document can be summarized as follows:

Social Media Strategy.  Credit unions using social media will need to have a governance structure with clear roles and responsibilities.  The key is that the board of directors and senior management must have documentation on how use of social media contributes to the strategic goals of the institution, while also spelling out what kind of controls will be put in place, and how ongoing social media risks will be assessed.

This strategy probably does not need to be especially complex, and might only  need to be a page or so in length.  It is true that there are significant risks to be considered before embarking on a social media campaign, such as:

  • Monitoring of social media for abusive, derogatory, or inappropriate material
  • Posting of marketing materials that may violate regulatory requirements
  • Posting of photos and other media, and whether consent is required
  • The handling of member or public complaints, or derogatory posts


The FFIEC is correct that most of the regulations involving consumer privacy and marketing are as equally applicable to social media as they are to printed material and email.  Put another way, the method of sending the information is usually irrelevant; what matters is the content.   Having a control framework in place for other marketing channels that can be expanded to include social media is an effective way of reducing risks.

Return on Investment. The FFIEC wants financial institutions to have “a periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.” 

This requirement does not need to be painful.  The value in using social media is not necessarily in dollars; it can be retention of members.  You can use tools in CU*BASE to monitor your member retention, and determine whether the costs of using social media return value whether your credit union does the work in-house or utilizes a vendor.   Documenting these findings to senior management and the board of directors is also important.

Formal Social Media Policies. All financial institutions will need to implement policies for use and monitoring of social media, and ensure compliance with consumer protection laws. 

There are many resources online to assist with the development of these guidelines.

Even credit unions who do not use social media should have a policy on how to respond to comments or complaints.  For example, in some states if the credit union threatens to sue someone for negative comments, they may run the risk of a SLAPP lawsuit (companies may not use a threat of a lawsuit to coerce people to remove comments unless it is prepared to show those comments are false).  In some states, credit unions may not discipline employees for legal off-duty behavior.

It is essentially inevitable that the FFIEC will be involved  in regulating any sort of new technology impacting credit  unions and members, and social media is no different.  However, this particular guidance does not need to be painful to implement.  Credit unions who go through this process and think through their goals are much more likely to have much more effective social media campaigns.

Jim Vilker of AuditLink is now a Board Advisor to Chatter Yak, a provider of effective and compliant social media marketing campaign.  Both our organizations are dedicated to helping you develop the best strategies for your social media marketing campaigns.  AuditLink will also produce our own social media best practices whitepaper once the FFIEC has published their guidance in final form.

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>