Develop an Effective Social Media Policy

Manage the risks when your CU tweets, blogs, or chats.

February 14, 2011
KEYWORDS compliance , media , policy , social
/ PRINT / ShareShare / Text Size +

Welcome to the 21st Century. In the past 40 years the credit union movement has embraced technology to allow members access to ATMs, the automated clearinghouse network, and both online and mobile banking. And the advent of social media sites such as MySpace, LinkedIn, Facebook, and Twitter has opened new avenues for marketing and communication.

Social media uses Web-based technologies that allow you to access sites for information and social interaction. The social media phenomenon has given individuals and businesses the ability to reach both small and large audiences, and showcase expertise, influence opinion, and bond groups of like-minded individuals.

How big is it? There are, for example, more than 500 million active Facebook users.

Before you get started

Before launching any type of social media program, determine whether it fits your strategic plan and philosophy. Consider:

  • The size and complexity of your credit union;
  • The potential risks;
  • Whether you have sufficient staff resources to manage the program; and
  • A cost-benefit analysis.

Four areas of potential risk for social media use by credit unions include:

1. Legal risk. Possibilities include compliance problems, defamation lawsuits, copyright infringement, employment discrimination, and an easier way for attorneys to assemble class-action lawsuits.

2. Reputational risk. Poorly worded statements or a single typo can result in months, even years, of negative public opinion in cyberspace—and posted complaints can generate a bad image.

3. Regulatory risk. Since the advent of websites, anything published online that’s visible to the general public may be considered advertising subject to compliance mandates—just one of a host of potential regulatory pitfalls.

4. Security risk. Incoming and outgoing communications increase the risk of system intruders.

Numerous federal laws and regulations can affect the contents of your social media information and member interactions. For example:

  • NCUA's security, advertising, and privacy rules;
  • Truth in Savings Act (NCUA’s Part 707);
  • Truth in Lending Act (Regulation Z);
  • Children’s Online Privacy and Protection Act (COPPA);
  • Electronic Funds Transfer Act (Reg E);
  • Expedited Funds Availability Act (Reg CC);
  • Fair lending laws (Equal Credit Opportunity Act, Fair Housing Act)
  • Electronic signatures (E-Sign Act).

This brief list shows why it’s important to have adequate staff to manage and monitor your program. Staff also must periodically review with the board whether your social media policy is sufficient. And there may be other federal laws and state rules to be aware of as you launch into this brave, new world.

Credit unions also must maintain sufficient security controls and regularly monitor them. Conduct regular website reviews, information technology risk assessments, and system-intrusion testing.


  • The importance and sensitivity of information that will appear on the site;
  • The likelihood of outside break-ins and insider misuse;
  • Risks posed by electronic connections with business partners; and
  • Possible liability if things go wrong.

Next: A social media policy

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory ( will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive