FDIC Explains Social Media Guidance

Vendor Management, Consumer Privacy Primary Concerns

By , February 14, 2013.
FDIC Explains Social Media Guidance

Listen Now

Read Transcript

Federal regulators have issued draft guidance for the use of social media. What are the specific security risks? The FDIC's Elizabeth Khalil discusses how banking institutions can address emerging threats.

In January, the Federal Financial Institutions Examination Council issued a proposal for new guidance related to social media. Khalil, a senior policy analyst within the Supervisory Policy Branch of the Federal Deposit Insurance Corp.'s Division of Depositor and Consumer Protection, says regulators' primary concerns revolve around vendor management and consumer privacy.

Venues such as Facebook and Twitter are often used by criminals to gather personal information or to pose as financial institutions to con consumers. Additionally, phishing attacks often target social media accounts or use personal information from social media sites for speared attacks launched through other venues.

"Fraudsters go where the potential victims are," Khalil says, and social media sites are a prime breeding ground for fraud.

Third parties charged with building or maintaining social media sites such as Facebook pose additional challenges, she says.

"The institution should consider what types of social media it will be using, and the third parties, such as social media platforms, over which the financial institutions might have little or no control," Khalil says.

Banks should know how those parties handle and protect consumer data. "What information might be collected, and how might it be used?" she asks. "If there is a breach, and if consumer information is not handled with care, the financial institution could be held responsible."

Banking institutions should assess their social media risks in the same way they would assess risk involved with any platform or vendor, Khalil adds. Existing laws and regulations must be weighed, and consumer education about how institutions use social media is highly recommended.

Institutions already involved in social media should have policies already in place. The proposal for new guidance is just a roadmap for future considerations, she says.

"We are not imposing any new requirements," Khalil stresses. "This is guidance, not a regulation. And we are also not trying to discourage financial institutions from using social media."

During this interview, Khalil discusses:

  • Third-party breach and vendor management considerations;
  • Reputational risks, even for institutions that don't have their own social media presence;
  • Why more feedback from institutions related to the proposed guidance is needed.

Khalil serves as a subject matter expert in numerous areas, including mobile financial services, prepaid products, payments systems, and privacy and data security. She previously served as a senior associate in the financial institutions group at Hogan Lovells US LLP (formerly Hogan & Hartson), where she also was a member of the firm's privacy working group. Before joining Hogan, Khalil was a senior attorney with the Office of the Comptroller of the Currency. She is a member of the International Association of Privacy Professionals, the American Bankruptcy Institute, and the Federal Communications Bar Association.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Reversal of Fortune: DHS Funding Approved

Congress has voted to fund the Department of Homeland Security through September, the end of the...

Latest Tweets and Mentions

ARTICLE Reversal of Fortune: DHS Funding Approved

Congress has voted to fund the Department of Homeland Security through September, the end of the...

The ISMG Network