How your bank can stay compliant on social media

It’s common for community banks to have a presence on one, two or up to half a dozen social media platforms to engage with customers. But what does being an active social media user mean for community banks from a compliance perspective?

By Mary Thorson Wright

Merriam-Webster singles out 2004 as a turning point for social media. That’s when we collectively began using the term, which that dictionary defines as “forms of electronic communication through which users create online communities to share information, ideas, personal messages, and other content.” It’s also the year Mark Zuckerberg launched “the facebook” out of his Harvard University dorm room.
As of January 2019, there were nearly 3.5 billion social media users, an increase of 288 million, or 9%, over the same period in 2018. These days, internet users spend an average of more than six and a half hours online each day. We’ve come a long way!

Quick stat

2.41 billion

active monthly users were on Facebook in the second quarter of 2019

Source: Facebook

Our use of social media platforms has jumped well beyond greeting friends and sharing a weekend photo in the past 15 years. And community banks’ use is no exception.

In 2013, the Federal Financial Institutions Examination Council (FFIEC) released social media guidance designed to help banks “understand potential consumer compliance and legal risks, as well as related risks such as reputation and operational risks, associated with the use of social media, along with expectations for managing those risks.”

While riding the social media train to maximize marketing and communication, financial institutions must stay keenly aware of compliance issues around these platforms and ensure controls are in place that mitigate the risks of their social media strategies.

Benefits and pitfalls

Social media channels offer savvy users powerful ways to engage existing and potential customers. These popular platforms can bring banks increased brand recognition; expanded opportunities for new customers; inbound traffic and data from individuals and businesses not currently familiar with your bank; more cost-effective marketing; and opportunities for highly visible, real-time customer service. While community banks have traditionally relied on word-of-mouth to develop professional and customer networks and get feedback on their standing in their communities, social media platforms have transformed the word-of-mouth concept into a powerful engine.

So what’s the catch? For community banks and third parties performing on their behalf, social media use requires diligent risk management oversight.

One critical difference between social media and other types of policy, procedural and operational actions is the speed and range at which social media messages travel. The inability to control unintended or erroneous social media messaging can be of critical concern for fair lending compliance and the requirements of the Unfair, Deceptive, or Abusive Acts or Practices Act (UDAAP). Think of toothpaste squeezed out of the tube: There’s no getting it back.

The four areas of social media risk

Prudent practice dictates that community banks consider the strategic, regulatory, financial and operational risks of using social media as a tool. These risks can be segmented into four areas:

    1. Outbound risk: Users of a community bank’s social media accounts might share personally identifiable or proprietary information. While generally inadvertent, controls over outgoing social media messaging can be challenging. Unvetted posts may carry unintended fair lending messaging or inaccurate or misleading information about products and services.
    2. Inbound risk: We generally trust the people we’re connected with on social media, but spoof attacks may trick bank customers into sharing information. Security screens and scam filters perform critical risk mitigation.
    3. Regulatory and legislative challenges: With more than 10,000 U.S. laws and regulations governing electronic communications, consumer protection and specific guidelines for social media, community banks must enforce applicable rules as they would other forms of communications. Social media channels evolve much faster than the laws and regulations governing marketing and advertising, so keeping up can be a challenge.
    4. User behavior: Bank staff should ask themselves these questions. How are we using social media and who is using it? Is it appropriate for our business? What online channel is the best for us? Do we have a proper social media plan and training in place? Are we monitoring social media use on a periodic basis?

Social media holds countless opportunities to solicit customers through nontraditional online venues, make remote communication feel like it’s face to face, and build loyal relationships.

Next steps

Go to to download the FFIEC’s social media guidance.

To reap these rewards, community banks should consider implementing a risk management program to identify, monitor and control risks related to compliance and regulatory requirements, social media guidelines and the use of social media platforms. The FFIEC guidance encourages developing such a program in collaboration with specialists in compliance, legal, technology, information security, human resources and marketing.


of the world’s population are active social media users

6.7 hours

The average amount of time the world’s internet users spend online daily


of the world’s daily internet time is spent on mobile devices

Source: We Are Social and Hootsuite Global Digital 2019 report

Mary Thorson Wright, a former Federal Reserve examiner, is a financial writer in Virginia.