Those pesky small print terms and conditions associated with your credit card? You know the ones – pages and pages of legal jargon that can leave even the most brilliant lawyer rethinking his career choices? Naturally, 140 characters won’t even cover the title on most financial institutions’ terms and conditions. And is there really a place for Pinterest in the government financial regulations?
The FFIEC is less interested in Twitter’s limitations, but it’s most certainly interested in how banks, credit card companies and other financial entities go about the business of communicating policy changes via social media. It’s also interested in how it uses sites like Facebook, Twitter and LinkedIn to woo new customers – and it’s willing to lay down new laws to ensure no lines are crossed.
In late January, the Federal Financial Institutions Examination Council (“FFIEC”) issued new proposals associated with risk management guidance when it comes to how they use social media. These rules affect banks, credit unions, credit card companies and any other sector that’s umbrella’d under the Consumer Financial Protection Bureau. What’s being proposed is an across the board effort to identify, measure and ultimately control the way social media* is used in these instances. It’s also considering the potential weaknesses that could be exposed in the industry, specifically with privacy.
*Note: For these purposes of this column, we’ll go with the way FFIEC defines social media: It says it is a “form of interactive online communication in which users can generate and share content through text, images, audio, and/or video”.
The suggestions include financial companies create and maintain in real time real time the strategies, policies and even to some degree board meeting minutes when applicable in an online bulletin board. For those companies that do not engage in social media, the suggestion is the same: prepare a method of addressing negative comments and complaints via social media, but don’t cross the line, which many are hoping that ‘line” will be better defined.
There are very few companies in any sector that do not use social media to some extent. President Obama happily tweets his requests for the American people to stand up to Republicans, American Express offers a lot of perks and other opportunities for its card members and even Honey Boo Boo has Facebook pages where she spews her good ol’ fashioned 8 year old thoughts.
Remember, the Truth in Savings Act and similar laws don’t provide any type of guidance or exceptions when it comes to the use of social media. This means banks are required, by law, to disclose details about fees, interest rate, and other terms when promoting things like savings accounts. Usually, something as simple as a link to a separate page will satisfy the requirements.
Employees Wild Weekends
Ah – and then there are the employee accounts. The investment banker who posted photos of the three women he went on a date with over the weekend? At the same time? Yeah. Those employees. These employees’ personal accounts that tell the tale can also reflect on their employers, so the guidance calls for banks to adopt policies on “employee participation in social media that implicates the financial institution” are being considered as well.
When it comes to privacy, remaining in compliance with different banking laws and of course, the liability of failing to cover the international considerations, the potential pitfalls are many. These are all reasons as to why these new regulations are being proposed. A few of the recommendations include:
A governance structure with definitive roles and responsibilities for senior management to ensure the use of social media to contributes to the strategic goals of the institution while establishing controls and ongoing assessment of risk;
Policies and procedures that address the use and monitoring of social media and compliance with federal consumer protection laws, regulations, and guidance, including methodologies to address risks from online postings, edits, replies, and retention;
Due diligence processes that would select and then oversee any third party providers – and this is where banks and the credit card companies they do business with could result in problems if the laws are construed differently.
Employee training programs for those institutions policies and procedures. This would include work related use of social media, and other uses of social media. Under this rule, the considerations would include an oversight process that monitors all information that is funneled through social media sites like Facebook, LinkedIn and others. An auditing and compliance manual to keep those compliance issues at bay and definitive parameters put into place that report to senior management and perhaps even various boards.
In its efforts, the FFIEC has honed in on areas it says presents potential risk for financial institutions, including compliance with the Truth in Savings Act/Regulation DD and Part 707, the Equal Credit Opportunity Act/Regulation B, the Fair Housing Act, the Truth in Lending Act/Regulation Z, the Real Estate Settlement Procedures Act, the Fair Debt Collection Practices Act, and issues related to deposit insurance.
These new recommendations take those into consideration and provides compliance issues as they relate to social media. Specifically, it could include “the use of social media to facilitate a consumer’s use of payment systems, including compliance with the Electronic Fund Transfer Act/Regulation E and rules applicable to checks, such as Article 4 of the Uniform Commercial Code and the Expedited Funds Availability Act/Regulation CC.” Then, of course, there are those secretive considerations, which the FFIEC also discusses risk associated with the Bank Secrecy Act/Anti-Money Laundering Programs, the Community Reinvestment Act, and Privacy concerns under the Gramm-Leach Bliley Act.
Do you have something to say about these proposals? The FFIEC is hoping you do. It has requested the public provide its own feedback and comments on these proposals. You have until March 25, 2013. In addition to general comments, the FFIEC is also hoping you’ll address your thoughts to the following questions:
- Are there other types of social media, or ways in which financial institutions are using social media, that are not included in the proposed guidance but that should be included?
- Are there other consumer protection laws, regulations, policies, or concerns that may be implicated by financial institutions’ use of social media that are not discussed in the proposed guidance but that should be discussed?
- Are there any technological or other impediments to financial institutions’ compliance with otherwise applicable laws, regulations, and policies when using social media of which the regulators and other banking agencies should be aware of?
Wondering how public sentiment is moving so far? You should know that’s it’s running about 7 to 1 against further regulations to date. That could change, though. It’s still early.
The FFIEC is an inter agency body that promotes “uniformity in the supervision of financial institutions” among the Federal Reserve Board, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency and the Consumer Financial Protection Bureau. It was established by the Financial Institutions Regulatory and Interest Rate Control Act of 1978. While regulations are backed by the force of law, FFIEC guidance provides suggestions on how to conduct business within existing regulations.
So what do you think? Is this necessary or is FFIEC trying to fix something that’s not broken? We’d love to hear your thoughts.