Banks and other financial institutions in the US have been told to establish a "risk management programme" for social media to ensure that key staff do not inadvertently release sensitive information.
The programme would ensure that they can "identify, measure, monitor, and control the risks related to social media", according to draft guidance from the Federal Financial Institutions Examination Council (FFIEC).
Report: Social media strategies are failing to connect with 'chameleon' consumers Mind your Ps and Qs when using social media for business Acas publishes employers guide to social media
"The risk management programme should be designed with participation from specialists in compliance, technology, information security, legal, human resources, and marketing," stated the FFIEC said in its draft guidance.
It added: "A financial institution that has chosen not to use social media should still be prepared to address the potential for negative comments or complaints that may arise within the many social media platforms described above and provide guidance for employee use of social media."
The document, called Social Media: Consumer Compliance Risk Management Guidance, calls for an "oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party". Furthermore, senior managers within banks need to be appointed with clear responsibilities for establishing controls and conducting "ongoing assessment of risk in social media activities".
The FFIEC recommended placing social media use under banks' compliance functions, as well as considering the implementation of "social media monitoring tools and techniques" not only to ensure that staff are compliant, but also to make sure that social media does not get used in the bank's name by third parties, such as fraudsters and people involved in "pump and dump" share scams, for example.
The report also highlighted how banks need a policy to govern employees' personal use of social media, governing anything that may "implicate(s) the financial institution".
At the same time, the FFIEC suggested that banks also need to be responsive to enquiries and complaints brought to their attention via social media, too, suggesting an active presence on social media.
