In the
Social Media: Consumer Compliance Risk Management Guidance issued by the FFIEC in December 2013, under section III (Compliance Risk Management Expectations for Social Media), states, "A financial institutions should have a risk management program that allows it to identify, measure, monitor, and control the risks related to social media...."
It goes on to describe, "Components of a risk management program should include the following..." and lists 7 components expected to be in the social media risk management program - the second of those components is "Policies and procedures" and the final component is related to reporting - the reporting section states, "Parameters for providing appropriate reporting to the financial institution's board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives."
So, the guidance doesn't really give a specific approval frequency - just "periodic" - I would suggest the frequency of reporting would likely be based on your involvement in social media - but a minimum of annually is probably not a bad idea.
I hope this helps some.
Thanks,
Russ