UPDATE 1/22/2014 – Compliance Framework Checklist added (scroll down) Originally proposed back in January 2013, and following a comment period in which they received and evaluated 81 official comments, the FFIEC has at last released their final guidance for financial institutions engaging in social media activities. I expect all the regulatory agencies to adopt it […]
FFIEC Issues Proposed Social Media Guidance
(UPDATED – Added link to public comments) Just out, this document is really a request for comments on the proposed guidance, but final guidance is likely to follow this very closely…and very quickly. As many financial institutions are probably getting their social media policies together now (or updating existing policies), this is a must read. […]
Managing Social Media Risk – LinkedIn Edition
By now everyone has heard about the breach at LinkedIn, where 6.5 million email password hashes were leaked (over half of which have been cracked, or converted into plain text). Those who read this blog regularly know how I feel about social media in general: “So managing social media risk boils down to this: You […]
2012 Compliance Trends, Part 1 – Training
This post will begin a series of 5 topics that I consider to be good candidates for increased regulatory scrutiny in the coming year. For each topic, I will make the case for increased scrutiny based on 3 criteria: Recent audit and examination experience, Regulatory changes, and Recent events. In keeping with my policy of […]
Risk Managing Social Media – 4 Challenges
Twitter, LinkedIn, Facebook, Google+…the decision to establish an on-line presence is a very popular topic these days, and it is extremely easy to do, but effectively managing social media risk can be frustratingly complicated. In many ways. it just doesn’t lend itself to traditional risk management techniques, so the standard pre-entry justification process is much […]
Trust and Risk Online
In a recently released paper by the Brookings Institute, they address the issue of trust in an increasingly on-line business environment. They focus on the difficulty of establishing, maintaining and verifying identity on-line, and how the trust relationship between on-line services and consumers is being threatened by weaknesses in this identity layer component. Although the […]