French Caldwell

A member of the Gartner Blog Network

French Caldwell
VP and Gartner Fellow
15 years at Gartner
19 years IT industry

French Caldwell is a vice president and Gartner Fellow in Gartner Research, where he leads governance, risk and compliance research. Mr. Caldwell also writes and presents on knowledge management. His research includes analysis of the impact… Read Full Bio

Coverage Areas:

New FFIEC Guidance on Social Media Risk Management Effective Immediately

by French Caldwell  |  December 13, 2013  |  1 Comment

The final guidance from the FFIEC on social media risk management for financial institutions has been promulgated.  It is effective immediately.  As I mentioned earlier this year, regulatory guidance of this sort is not optional.

I did a study recently on the public comments for my doctor in law and policy program at Northeastern University– if you’d like some rather poor entertainment I did a 7 minute youtube video summary of the analysis of public comments.  Through the analysis of public comments, perceptions of cost and complexity emerged as consistent themes.  Cost was expressed by the commenters in terms of both time and expense that would be needed to comply with the regulations, as well as technology investments that could be required.  Complexity was expressed as the breadth of proposed guidance with concerns that it attempted to offer a broad-brushed overlay on existing regulations without actually modifying the regulations. Examples of complexity cited in the public comments included having to comply with the proposed guidance as well as existing social media guidance from other regulators which could conflict, the question of the legality of monitoring employees’ personal use of social media, concerns with respect to ensuring consumer privacy, and the challenges with the means of presenting mandatory disclosures to consumers within the technical limits of social media.

While  the most common public comments from the financial institutions look to have been addressed in some fashion, it is indubitable that the guidance will require more strict attention to social media compliance, which will require more investments in time, process and, in some larger firms, technology.  One issue that remains particularly salient for Gartner clients is the issue of employee monitoring.

I am working through the final guidance with the goal of publishing a Gartner impact analysis.  After you read through the guidance, if you identify a particular aspect you would like to make sure is addressed, then please comment here in this blog.

1 Comment »

Category: Cloud compliance GRC public policy Risk Management Social Technology     Tags: , , ,

1 response so far ↓