Pub. 8 2013-2014 Issue 6

March | April 2014 15 Extraordinary Service for Extraordinary Members. Employees must receive training and guidance regarding the proper use of social media, particularly when employees communicate officially on behalf of the financial institution. Monitoring “An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party.” The final guidance requires financial institutions to moni- tor communications on sites maintained by or on behalf of the institutions. In addition, monitoring also must include any sites presenting a risk to the bank as identified in the risk assessment process. Audit & Compliance “Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws and regulations, and incorporation of guidance as appropriate.” In Section IV, Risk Areas, the guidance examines many different laws and regulations that may apply to the use of social media. While this information can be very helpful from an audit and compliance standpoint, it is not intended to be an exhaustive list. Reporting “Parameters for providing appropriate reporting to the financial institution’s board of directors or seniormanagement that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.” Good reporting is essential to effective governance. Reports must be developed and delivered in a manner to ensure the goals and objectives are being met and risk is being identified and addressed. Conclusion Financial institutions should have a social media risk management program designed specifically for their institution, taking into account size, complexity, social media activities, and third-party relationships. The riskmanagement program should be designed with participation from all applicable areas such as compliance, technology, information security, legal, human resources, and marketing.  Russ Horn is president of CoNetrix, a provider of information technology consulting, IT/GLBA audits and security testing, Aspire IT hosting, and the developer of tandem, a security and compliance software suite designed to help financial institutions create and maintain their Information Security Programs. Visit CoNetrix at www.conetrix.com . Expertly representing our clients in all aspects of banking and lending law. 1700 Farnam Street, Suite 1500 • Omaha, NE • www.bairdholm.com