OCC Bulletin 2013-39| December 17, 2013
Social Media - Consumer Compliance Risk Management Guidance: Final Supervisory Guidance
Chief Executive Officers of All National Banks and Federal Savings Associations, Federal Branches and Agencies, Department and Division Heads, All Examining Personnel, and Other Interested Parties
The Office of the Comptroller of the Currency (OCC), in collaboration with the other members of the Federal Financial Institutions Examination Council (FFIEC), today published in the Federal Register final supervisory guidance titled “Social Media: Consumer Compliance Risk Management Guidance” (guidance).
Technological advancements allow financial institutions to use social media in a variety of ways, including marketing; facilitating applications for new accounts, products, or services; and engaging with existing and potential customers. Because this form of customer interaction tends to be both informal and dynamic, and may occur in a less secure environment, it can present unique risks to financial institutions. This guidance is meant to help financial institutions identify potential risks to ensure they are aware of their responsibilities to address these risks within their overall risk management program.
- addresses the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media.
- identifies potential risk areas including consumer compliance and legal risks, as well as related risks, such as reputation and operational risks, associated with the use of social media.
- outlines compliance risk management expectations that allow financial institutions to identify, measure, monitor, and control risks related to social media. An effective risk management program includes
- a governance structure with clear roles and responsibilities and appropriate reporting to senior management and the board.
- policies and procedures on the use and monitoring of social media and compliance with all applicable laws and regulations.
- processes for selecting and managing third-party relationships and monitoring information posted to proprietary social media sites.
- employee training.
Note for Community Banks
This final supervisory guidance is applicable to all OCC-supervised institutions. The size and complexity of the risk management program should be commensurate with the breadth of a bank’s involvement in social media.
Please direct questions regarding the guidance to Kimberly Hebb, Director for Compliance Policy, or Eric Gott, Compliance Policy Specialist, at (202) 649-5470.
Grovetta N. Gardineer
Deputy Comptroller for Compliance Policy