Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Financial Privacy

Financial Services Industry Group Issues Social Media Guidance

A financial services industry group released guidance this week on managing the risks associated with using social media, including data protection concerns.  The guidance, titled “Social Media Risks and Mitigation,” was released this week by BITS, a division of the Financial Services Roundtable, which represents 100 of the largest financial services companies.  The 71-page report details numerous risks that banks and other financial companies may face when using social media, including compliance, legal, operational and reputational risks.  These risks are discussed in the context of three types of social media use:

  • By a financial institution to communicate with or service the financial institution’s customers
  • By the financial institution’s employees in their personal or professional capacities
  • By the financial institution’s employees or contractors outside the office

The guidance thus addresses sector-specific regulatory requirements, such as Gramm-Leach-Bliley Act compliance and FINRA rules applicable to securities firms.  It also addresses concerns that are relevant to financial institutions as employers, such as bank employees’ personal use of social media.

The BITS report is particularly significant because it responds to a need for guidance in an industry that is increasingly using social media, but still lacks clear rules from regulators regarding such activities.  While FINRA has issued guidance on use of social media by firms subject to FINRA’s oversight, the federal banking agencies have not , to date, issued detailed guidance to the banking industry on banking compliance issues raised by use of social media.

Also, while targeted at the financial services sector, the report also has relevance to many other types of users of social media.  It gives guidance, for instance, on coordinating a company’s social media policies with its other policies, and performing a risk assessment to determine the risks a company’s social media activities could pose.