Previous Page  19 / 24 Next Page
Show Menu
Previous Page 19 / 24 Next Page
Page Background





Employee Training

“An employee training program that incorporates the institu-

tion's policies and procedures for official, work-related use of

social media, and potentially for other uses of social media,

including defining impermissible activities.”

Employees must receive training and guidance regarding

the proper use of social media, particularly when employees

communicate officially on behalf of the financial institution.


“An oversight process for monitoring information posted to

proprietary social media sites administered by the financial

institution or a contracted third party.”

The final guidance requires financial institutions to

monitor communications on sites maintained by or on behalf

of the institutions. In addition, monitoring must also include

any sites presenting a risk to the bank as identified in the risk

assessment process.

Audit and Compliance

“Audit and compliance functions to ensure ongoing compli-

ance with internal policies and all applicable laws and regula-

tions, and incorporation of guidance as appropriate.”

In Section IV, Risk Areas, the guidance examines many

different laws and regulations that may apply to the use of

social media. While this information can be very helpful from

an audit and compliance standpoint, it is not intended to be an

exhaustive list.


“Parameters for providing appropriate reporting to the finan-

cial institution's board of directors or senior management that

enable periodic evaluation of the effectiveness of the social

media program and whether the program is achieving its

stated objectives.”

Good reporting is essential to effective governance. Re-

ports must be developed and delivered in a manner to ensure

the goals and objectives are being met and risk is being identi-

fied and addressed.


Financial institutions should have a social media risk manage-

ment program designed specifically for their institution, taking

into account size, complexity, social media activities, and third

party relationships. The risk management program should be

designed with participation from all applicable areas, such as

compliance, technology, information security, legal, human

resources, and marketing.

Russ Horn is the president for CoNetrix. CoNetrix is a provider of

information technology consulting, IT/GLBA audits and security

testing, Aspire IT hosting, and the developer of tandem, a security

and compliance software suite designed to help financial institu-

tions create and maintain their Information Security Programs. Visit

CoNetrix at

Paul Pickett, CPA


Not all of a bank’s assets are found on its balance sheet.

More than 100 banks in the Southeast, large and small, depend on Elliott Davis

for personal attention, industry experience and services, including external and

internal audit, SEC reporting, taxation and compliance. Our financial services

practice is 90 professionals strong, with a 60-year reputation for helping banks

operate stronger, wiser, better. Let us know how we can be an asset to you.

Georgia • North Carolina • South Carolina • Virginia