Social media is seen as an important part of many modern business plans, including those of banks and credit unions. Social media sites enable virtual communities allowing business owners to deepen business relationships, attract new clients, and monitor what community members say about the business. According to a survey conducted by the American Bankers Association in 2019, 84% of survey participants stated they "agree" or "strongly agree" with the statement "social media is important to my bank."

Why do banks and credit unions use social media?

There are a number of reasons a financial institution may choose to use social media. Five common reasons include:

  1. Communication. Social media is used to get information out to the public. Since so many individuals have social media accounts and use them daily, posting on social media sites like Facebook, Twitter, LinkedIn, YouTube, and Instagram can be a valuable and cost-effective way to distribute information.
  2. Sales and Marketing. Brand visibility is important for financial institutions, and social media provides a good way to increase recognition.
  3. Complaint Monitoring. With ease of access and audience, some unhappy clients may go to social media to air their business complaints. An active complaint monitoring plan is a good way to discover issues and resolve problems proactively.
  4. Recruiting. Certain professional networking social media sites (e.g., LinkedIn, Glassdoor, Indeed, etc.) have proven to be an effective way to find and attract qualified employment candidates.
  5. Customer Service. As social media lends itself to a more personal, informal relationship than traditional phone or email support, engaging clients via social media may be a beneficial customer service choice for financial institutions.

What does guidance say about social media?

While there are many benefits to using social media to attract and/or interact with clients, risk and compliance issues also exist for financial institutions.

As new social media risks began to emerge (e.g., spoofed accounts, unauthorized disclosure, regulatory noncompliance, etc.), the Federal Financial Institutions Examination Council (FFIEC) issued a Social Media: Consumer Compliance Risk Management Guidance. In the guidance, the FFIEC discussed the need for financial institutions to have a risk management plan in place to identify, measure, monitor, and control risks related to social media. While the guidance did not issue any new requirements related to social media, it does describe how many existing requirements and supervisory expectations are associated with the use of social media. 

Download Social Media Compliance Checklist

What is a social media risk management plan?

According to the guidance, a good social media risk management plan should include the following key components:

  1. Governance Structure. The use of social media should be overseen by the financial institution's Board of Directors and senior management with a clear definition of roles, responsibilities, and goals for the social media strategy.
  2. Policies and Procedures. Expectations should be set and compliance guidelines should be defined around the use and monitoring of social media.
  3. Vendor Management. A process should exist to ensure third parties related to social media are selected and managed appropriately.
  4. Employee Training. Employees should be educated on the institution's policies and procedures, with a specific focus on permissible and impermissible activities related to social media.
  5. Monitoring. A process should be in place to oversee information posted by or about the institution on social media sites.
  6. Audit and Compliance. To ensure ongoing compliance with the institution's policies and procedures, as well as applicable laws and regulations, an audit and compliance process should be followed.
  7. Reporting. Delivering timely (e.g., monthly, quarterly, as needed, etc.) reports to the Board of Directors and senior management regarding social media activities can help determine if the institution is achieving stated goals.

Next Steps 

To take your social media compliance practices to the next level, check out Tandem, a cybersecurity governance, risk, and compliance (GRC) application. With products like Risk Assessment, Policies, Vendor Management, and Audit Management, you can create and oversee the components of your social media risk management program. Learn more about how Tandem can help you at

Download Social Media Compliance Checklist