The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, is issuing this Guidance. The members are the Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve (Board), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), the Consumer Financial Protection Bureau (CFPB) (collectively, the Agencies), and the State Liaison Committee (SLC). The FFIEC is issuing, and the Agencies are adopting, this Guidance to address the applicability of existing federal consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks, savings associations, and credit unions, as well as by nonbank entities supervised by the CFPB (collectively, financial institutions). Various industry participants expressed a need for guidance in this area. The Agencies and SLC will use this Guidance to the extent consistent with their respective authorities. The Guidance is intended to help financial institutions understand potential consumer compliance and legal risks, as well as related risks, such as reputation and operational risks associated with the use of social media, along with expectations for managing those risks. The Guidance provides considerations that financial institutions may find useful in conducting risk assessments and crafting and evaluating policies and procedures regarding social media. Although this Guidance does not impose any new requirements on financial institutions, as with any process or product channel, financial institutions are expected to manage potential risks associated with social media usage and access.
Financial institutions are using social media as a tool to generate new business and interact with consumers. Social media, as any new communication technology, has the potential to improve market efficiency. Social media may more broadly distribute information to users of financial services and may help users and providers find each other and match products and services to users’ needs. To manage potential risks to financial institutions and consumers, however, financial institutions should ensure their risk management programs provide oversight and controls commensurate with the risks presented by the types of social media in which the financial institution is engaged, including, but not limited to, the risks outlined within this Guidance.