The use of social media by supervised entities – draft UKNF position paper
The Polish Financial Supervision Authority (PFSA) has published a draft position paper on the use of social media by supervised entities and their employees. PFSA aims to unify the rules of using social media by financial institutions. The document refers, in particular, to archiving social media activity, cyber security issues, and the role of compliance. The draft position will be subject to public market consultation.
In response to the increasing popularity of the use of social media in marketing the activities of financial institutions, the PFSA has published a draft position paper in this regard, aimed at standardizing the rules of communication with social media users. The position applies to both supervised entities and their employees.
Below are the main provisions of the document:
- it was recommended to develop and implement an internal policy on the use of social media by a financial institution and its employees (regulating the rules on the use of business devices and the possible use of private devices for social media activity by all employees of supervised entities; indicating the group of persons authorized to set up and use social media accounts; rules related to the preservation of information security; a catalog of social media that may be used in the activities of supervised entities),
- it is recommended to publish on the website of the supervised entity the basic principles of using social media in its activities,
- standards have been introduced for the use of advertising or promotion of services (similarly to the use of other communication channels, information should be provided in a reliable, clear, and not misleading manner),
- basic rules of using hashtags and QR codes have been presented,
- it was recommended to introduce an internal practice of handling negative comments posted by third parties under posts on entities’ websites, blogs, social media on all aspects of supervised entities’ activities,
- recommendations were put in place to liaise with a specialist third party concerning the maintenance of a supervised entity’s social media account,
- guidance is provided on the storage and archiving of social media posts,
- recommendations are made to the compliance units of supervised entities on how to deal with individual categories of social media posts,
- cyber-security principles are outlined (two-step verification of logins to social media accounts; the need for applications to secure unauthorized access to such accounts – e.g. with EPP/EDR class software).
The draft position is available on the PFSA website: