While Facebook, Twitter, LinkedIn and other social media platforms have become an increasingly important tool for businesses across industries to meet their customers’ needs and expectations, financial institutions have been slow to embrace social media.  This is likely attributable to the highly regulated environment in which financial institutions operate, the unique risks associated with operating within it, and the lack of available guidance on how to navigate and mitigate such risks.

In an effort to address industry concerns, the California Department of Financial Institutions (“DFI”) – the licensing and regulatory agency that oversees California’s state-chartered financial institutions – recently conducted a survey of more than 340 financial institutions’ use of social media policies.  The survey revealed that 72 percent of the financial institutions surveyed did not have a social media plan, and 59 percent did not have a social media policy.  These findings suggest that either a significant number of financial institutions are not utilizing social media or they are doing so without the important framework needed to help ensure that they do not run afoul of their many regulatory requirements.

To that end, the DFI has published guidance on the development of social media policies.  It first addresses how a financial institution should go about developing a social media plan – specifically, by asking itself a variety of questions that form the basis for plan development, including:

  • What does your financial institution expect to gain from using social media?
  • Who are the target viewers?
  • What types of bank activities and postings are planned?
  • What types of social media do you plan to use and how do you plan to use them?
  • How will the activities be managed and by whom?

The DFI’s guidance also identifies the elements necessary for a financial institution’s creation of appropriate social media policies.  These include:

  • A description of approved social media activities;
  • Guidelines for personal use, if allowed;
  • Definition of permitted content;
  • Inclusion of applicable consumer protection laws and regulations requirements, if the institution’s products and services will be advertised;
  • Employee training; and
  • Identification of oversight responsibility.

The DFI’s three-part series was published in its December, February and March Monthly Bulletin.  The DFI plans to continue to cover these issues in subsequent bulletins.

The DFI is not the only regulatory body that is taking action in this area.  The Federal Financial Institutions Examination Council (“FFIEC”) – the interagency body tasked with prescribing uniform principles, standards, and report forms for the federal examination of financial institutions – has charged a task force with developing guidance on financial institutions’ use of social media.  In addition, the Financial Industry Regulatory Association (“FINRA”) – an independent regulator of securities firms – has published basic guidance in the form of two Regulatory Notices, one in January 2010 and the other in August 2011.

While greater input may be required from financial industry regulators as corporate usage of social media continues to evolve, the DFI frameworks and the guidance provided by FINRA are the pragmatic first steps needed by an industry that seems to have partly steered clear of this potentially large, growing, and indispensable channel for reaching its consumers.  Financial institutions should seriously consider reviewing these materials when creating their own plans and policies.