Gartner Blog Network


New FFIEC Guidance on Social Media Risk Management Effective Immediately

by French Caldwell  |  December 13, 2013  |  1 Comment

The final guidance from the FFIEC on social media risk management for financial institutions has been promulgated.  It is effective immediately.  As I mentioned earlier this year, regulatory guidance of this sort is not optional.

I did a study recently on the public comments for my doctor in law and policy program at Northeastern University– if you’d like some rather poor entertainment I did a 7 minute youtube video summary of the analysis of public comments.  Through the analysis of public comments, perceptions of cost and complexity emerged as consistent themes.  Cost was expressed by the commenters in terms of both time and expense that would be needed to comply with the regulations, as well as technology investments that could be required.  Complexity was expressed as the breadth of proposed guidance with concerns that it attempted to offer a broad-brushed overlay on existing regulations without actually modifying the regulations. Examples of complexity cited in the public comments included having to comply with the proposed guidance as well as existing social media guidance from other regulators which could conflict, the question of the legality of monitoring employees’ personal use of social media, concerns with respect to ensuring consumer privacy, and the challenges with the means of presenting mandatory disclosures to consumers within the technical limits of social media.

While  the most common public comments from the financial institutions look to have been addressed in some fashion, it is indubitable that the guidance will require more strict attention to social media compliance, which will require more investments in time, process and, in some larger firms, technology.  One issue that remains particularly salient for Gartner clients is the issue of employee monitoring.

I am working through the final guidance with the goal of publishing a Gartner impact analysis.  After you read through the guidance, if you identify a particular aspect you would like to make sure is addressed, then please comment here in this blog.

Category: cloud  compliance  grc  public-policy-2  risk-management  social-technology  

Tags: compliance  financial-regulations  risk-management  social  

French Caldwell
VP and Gartner Fellow
15 years at Gartner
19 years IT industry

French Caldwell is a vice president and Gartner Fellow in Gartner Research, where he leads governance, risk and compliance research. Mr. Caldwell also writes and presents on knowledge management. His research includes analysis of the impact… Read Full Bio


Thoughts on New FFIEC Guidance on Social Media Risk Management Effective Immediately


  1. […] Read the rest here: New FFIEC Guidance on Social Media Risk Management Effective … […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.