Before taking a single step, Garcia said a financial institution needs a policy and procedures plan that outlines the dos and don'ts that will govern the institution's social media presence. Such guidance is not only common sense from an operational standpoint, but is also mandated by federal regulations, he noted.

“Social media today has become social business,” Garcia said. “Five years ago the industry was still gaining traction. Today, it collectively accounts for two billion people trading information online and through social media platforms that are publically traded.”

With more financial institutions are moving into interactive social media, care should be taken to ensure posted information and communications are in full compliance with regulations from FFIEC and other agencies, Garcia said.

An institution may inadvertently disclose personal information prohibited by a number of banking laws, and that could endanger the consumer and the institution.

As a matter of record, FFIEC described social media as “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.” The council does not consider email and text messages as part of the social media milieu.

“In summary, the FFIEC guidance does not impose any new requirements on financial institutions, but instead is a guide to help financial institutions understand the applicability of existing requirements and supervisory expectations associated with the use of social media,” Garcia said.

That guidance requires credit unions and banks to establish a social media risk management program that includes all staff, board members and third-party relationships, provides employee training for appropriate social media usage, contains an oversight process with audit and compliance functions, and defines parameters that define appropriate reporting procedures to senior staff and board.

“FFIEC guidance is descriptive but not prescriptive in defining what must be done,” Garcia said. ”Is FFIEC asking for an ROI on our social media efforts? No, but you must be able to measure program parameters at a basic level if only to show management that you're not wasting time on this technology.”

The FFIEC also outlined compliance demands designed to protect both institutions and consumers in compliance, legal, operational and reputational areas as they relate to social media, Garcia said. All steps aim to protect the consumer by providing proper due diligence, oversight and controls to ensure proper disclosures and fair trade practices.

As financial institutions become more interactive in social media plans that increasingly involve interactions with consumers, a growing number of regulations come into play involving security of information, electronic transaction requirements, privacy concerns and fraud.

There are other areas, too, that pose risks for institutions that may not necessarily be covered by regulation, Garcia said.

The institution may suffer reputational risk due to negative experiences and information posted by consumers who feel they have been mishandled by the credit union or bank. Those should be addressed pro-actively and appropriately before the negative rhetoric spreads too far, Garcia said.

Negative impressions can also be spread from within, either deliberately or inadvertently, by employees uninformed or untrained in the ways social media usage is dictated by company policy.

As noted earlier, social media policies and procedures should be established and employees adequately trained as to what information they can and can't communicate while on the job.

“If they are using computers at work, those guidelines should be easy to enforce,” Garcia said. “However, if they are saying things on their own time using their own equipment yet still identifying themselves with the bank or credit union, then that become a matter for HR.”

All social media emanating from the credit union or bank as well as postings that mention the institution, either favorably or unfavorably, should be monitored, with the proper response made by the person empowered by position to do so, Garcia suggested.

“Social media is not about selling, but about engaging your customer or member,” he said. “If you have a social media presence and are interacting with a consumer in any fashion, be sure to archive the information.”

As mobile technology, the favorite of Millenials everywhere, becomes even more dominant, social media issues will likely become even more compelling, Garcia said.

“The phrase 'Don't leave home without it' used to refer to a credit card. Now, it refers to your phone because your phone is your credit card.”