On January 22, 2013, the Federal Financial Institutions Examination Council proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by depository institutions.  The proposed guidance would not impose additional compliance obligations on institutions.  Instead, the guidance is intended to help financial institutions understand potential consumer compliance, legal, reputation, and operational risks associated with the use of social media, along with expectations for managing those risks. 

The proposed guidance defines “social media” as “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.”  The FFIEC warns that social media can impact a depository institution’s risk profile by increasing the risk of harm to consumers, compliance and legal risk, operational risk, and reputational risk. 

To further mitigate these risks, the federal banking agencies expect an institution to have a risk management program that allows the institution to identify, measure, monitor, and control risks related to social media. The size and complexity of the program must be commensurate with the breadth of the institution’s involvement in social media, but in any event the program’s components should include:

  1. A governance structure with clear roles and responsibilities for the Board of Directors or senior management to direct how social media contributes to the strategic goals of the institution, establish controls, and assesses risk on an ongoing basis;
  2. Policies and procedures regarding the use of social media and monitoring for compliance with consumer protection laws and regulations;
  3. Due diligence for selecting and managing third-party service provider relationships in social media;
  4. An employee training program for official, work-related use of social media and other uses of social media;
  5. An oversight process for monitoring information posted to proprietary social media sites administered by the institution;
  6. Audit and compliance functions to ensure ongoing compliance with internal policies and applicable laws and regulations; and
  7. Parameters for appropriate reporting to the Board of Directors or senior management regarding the effectiveness of the risk management program.

The guidance also highlights the unique privacy risks raised by social media to institutions and their customers. In particular, the guidance notes the Gramm-Leach-Bliley Act, CAN-SPAM Act and Telephone Consumer Protection Act, Children’s Online Privacy and Protection Act, and Fair Credit Reporting Act as all posing unique compliance challenges to institutions using social media to advertise and provide financial products and services.

Comments to the proposed guidance must be submitted within 60 days of the guidance’s publication in the Federal Register. The FFIEC is requesting specific comment on the following three questions:

  1. Are there other types of social media, or ways in which financial institutions are using social media, that are not included in the proposed guidance but that should be included?
  2. Are there other consumer protection laws, regulations, policies or concerns that may be implicated by financial institutions’ use of social media that are not discussed in the proposed guidance but that should be discussed?
  3. Are there any technological or other impediments to financial institutions’ compliance with otherwise applicable laws, regulations, and policies when using social media of which the Agencies should be aware?
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and…

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and applications matters for banks and other financial institutions, the development of partnerships and platforms to provide innovative financial products and services, and a broad range of compliance areas such as anti-money laundering, financial privacy, cybersecurity, and consumer protection. He also works closely with banks and their directors and senior leadership teams on sensitive supervisory and strategic matters.

Mike plays an active role in the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as bitcoin and other cryptocurrencies, blockchain, big data, cloud computing, same day payments, and online lending. He has assisted numerous banks and fintech companies with the launch of innovative deposit and loan products, technology services, and cryptocurrency-related products and services.

Mike has advised a number of clients on compliance with TILA, ECOA, TISA, HMDA, FCRA, EFTA, GLBA, FDCPA, CRA, BSA, USA PATRIOT Act, FTC Act, Reg. K, Reg. O, Reg. W, Reg. Y, state money transmitter laws, state licensed lender laws, state unclaimed property laws, state prepaid access laws, and other federal and state laws and regulations.