Blog article
See all stories »

What the FFIEC social media guidance can teach UK firms

What is this all about?

The FCA plans to publish new social media guidance for UK financial service companies in 1Q14.

This follows the final version release of the Official FFIEC Guidelines for Social Media in Banking in the US just before Christmas 2013.

Current FCA social media guidance around social media extends the guidance for financial promotions to communications on social channels but provides little insight into specific social media risks for firms.

While we don’t know as yet what the new FCA guidance will cover, the FFIEC release provides some useful insight into social media best practice for risk mitigation that can be applied by UK financial service institutions.

The extent of the guidance

The FFIEC Guidance proposes a combination of expectations, considerations and advice for financial services organisations. Broadly this breaks down as:

1.Financial institutions are expected to manage risks associated with all types of consumer and customer communications, no matter the medium

2.The Guidance provides considerations that financial institutions may find useful in conducting risk assessments and crafting and evaluating policies and procedures regarding social media

3.Financial institutions are expected to use the Guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their involvement in social media

What does this mean in practice?

So, according to the FFIEC:

  • Financial service institutions should have a risk framework
  •  This framework should reflect the institution’s level of social media activity. If the institution is not active on social media, this will be relatively light, compared to an institution operating an advanced social media strategy – however, some sort of risk management consideration should still exist
  • There are no new requirements that apply directly to social media (above and beyond existing compliance requirements) BUT the guidance offers some best practice advice and some important considerations for financial service institutions crafting their risk frameworks

Why is this relevant for UK firms?

So, why does this matter to you?

  • This is equally important for UK financial service institutions that want to manage risk effectively
  • Regardless of the final content of the forthcoming FCA guidelines, all UK financial service institutions should be proactively managing the risks associated with social media, whether they are active on social media or not
  • Social media is global. Over time we would expect to see a convergence of regulation and rules so that there is a global consistency in the way customer communications are managed.

What you need to do

More than anything, what the FFIEC guidance encourages is some common sense due diligence for financial service firms with regard to social media.

If you are a financial service firm, and you want to use social media properly, treat it as you would any other business project and get the following elements in place:

But what sort of things should you take into consideration? Fortunately the FFIEC advice provides some insight here too.

Recommendations from the FFIEC guidance

The main recommendations from the FFIEC guidance (in plain English) are:

  1. Make sure that all your communications are compliant
  2. Have a social media strategy
  3. Monitor social media activity around your brand
  4. Have processes, guidelines and training that provide the appropriate controls
  5. Have an audit trail
  6. Measure and report you activity against your strategic goals

Let’s have a look at these in more detail to see what they entail and what they might mean for you.

1. Make sure that all your communications are compliant

The FCA social media guidelines already cover compliance around financial promotions and state that the rules are generally… “media-neutral, and they focus on the content of the financial promotion, rather than the medium used to communicate it. Therefore, applying the rules to financial promotions made using new media is no different to financial promotions using any other medium.”

Questions for you

  • Are your employees aware of their responsibilities with regard to compliance on social media?
  • Does your risk management include employee training on social media in a professional capacity?

2: Have a social media strategy

The FFIEC suggests you should have “a governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution.”

Don’t assume that because you’re organisation does not use social media that this recommendation does not apply to you. Even if you are not active on social media, this should be because you have made a decision not to be active for clear, well documented business reasons.  It should not be an omission or oversight.

Questions for you

  • Does your organisation have a formal social media strategy that supports your business strategy and outlines clear goals for activity?
  • Does this strategy go right to the top of your organisation with clear governance and accountability for direction and implementation sitting with the senior exec of your organisation?

3: Monitor social media activity around your brand

The FFIEC suggest that monitoring should be appropriate to provide the level of oversight commensurate with the institution’s social media activity.

Questions for you

  • Do you monitor your own social spaces to spot customer posts that could expose you to potential reputational or privacy risk?
  • Even if you do not manage any social media spaces as an organisation, others may still be talking about you online. This puts you at risk of fraud, brand hijacking or PR crises. Are you aware of the risks here? Do you monitor for this? And have you considered how you would respond if any of these things happened?
  • If you have third parties managing your spaces do you have oversight on the posts they are making on your behalf to ensure they are compliant?

4: Have processes, guidelines and training that provide the appropriate controls

If you are monitoring, you will need the appropriate controls in place so that you know how and when to act to mitigate the risks identified. According to the FFIEC this might include policies and procedures, employee training and other guidance relevant to your activities.

Questions for you

  • If a customer posts a negative comment or complaint, what is your policy and process for handling this?
  • How will you act if someone posts personal details online, creating a privacy risk?
  • Do you have escalation processes in place?
  • Do your staff training, policies and guidelines provide sufficient guidance that staff know what they can and can’t say on social media in a professional or personal capacity?

5: Keep an audit trail

According to the FFIEC you should include “audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws and regulations”.

Questions for you

  • Are you tracking your conversations on social media and keeping records of conversations?
  • Do you have a robust approach to complaints identification and handling on social media?
  • Are you able to manage and report on customer issues originating in social media in the same way as those in other media?

6: Measure and report you activity against your strategic goals

The FFIEC also states that you should provide “appropriate reporting to the financial institution’s board of directors or senior management that enables periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives”.

This does not mean you must show the ROI for your social media activity, it just means you should know why you are doing what you are doing and if it is working.

Questions for you

  • Do you have a measurement framework in place that lets you track how your social media is delivering against your strategy?
  • Do you report on this and have processes in place to ensure that insights from this are acted on and your strategy and tactical activity on social media are evolved accordingly?


The FFIEC guidelines are obviously not obligatory for UK financial service firms.

However, adopting their recommendations would certainly put you in a good place with regard to your understanding of the risks social media poses your organisation and the mitigations you can take.

And this is a good position for your business to be in ahead of the new FCA social media guidelines this spring.




Comments: (0)

Member since




More from member

This post is from a series of posts in the group:

Social Banks

Social Banks is a group that aims to discuss trends and debate as the financial services take their first steps into social media. Twitter, Facebook, LinkedIn etc..debate all here.

See all

Now hiring