1 / 27

Social Media

Social Media. COMPLIANCE ALLIANCE. Social Media: Definition. No bright line definition Merriam-Webster:

norbertm
Download Presentation

Social Media

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Social Media COMPLIANCE ALLIANCE

  2. Social Media: Definition • No bright line definition • Merriam-Webster: • forms of electronic communication (as Web sites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content (as videos) • Dictionary.com: • websites and other online means of communication that are used by large groups of people to share information and to develop social and professional contacts • Investopedia: • Internet-based software and interfaces that allow individuals to interact with one another, exchanging details about their lives such as biographical data, professional information, personal photos and up-to-the-minute thoughts

  3. Social Media: What is it? • Social Networking: Facebook, Twitter, Instagram, Snapchat, Tumblr, YouTube • Professional Networking: LinkedIN • Special Interest: Pinterest • Blogs • Social Games: Words With Friends, Candy Crush • What about Zillow, Redfin and Trulia? • What about the livefeed capabilities that have been added to traditional social media – IG Live, FB Live, Periscope, etc.? • What about Messenger Capabilities?

  4. What About Text Messages and Emails? • Text messaging and emails are generally not considered in the definition of social media • BUT – these communications may be subject to a number of laws and regulations that are discussed in the Guidance

  5. FFIEC Guidance • This Guidance is not new – released 12/10/13 • That means social media may have changed a lot (think snapchat, IG videos, FB and IG live) but the expectations are the same! • What are the highlights? • Social media governance and operational risk • Third parties • Monitoring: fraud and IT security • Existing regulations and their effects https://www.ffiec.gov/press/pr121113.htm

  6. How About Some Updates? • FDIC Winter 2016 News Item: Consumer Guidance - encourages consumer awareness of: • Cyber Security – protection passwords • Public nature of social media interactions • Be diligent when giving third-party apps the ability to use your social media • Periodic searches of fake accounts with consumer’s name • CFPB – Privacy Impact Assessment 2015 – You can get an idea of what the CFPB expects by looking at how they indicate they use social media (also how they address ADA website accessibility)

  7. How About Some Updates? • FRB launched a FB Page in August on 2016 • Inundated with complaints about the Federal Reserve system • Mocked in the media • Clear example of the risk associated with the public nature of having a social media presence and the reality of public complaints and internet trolls • Federal Reserve Scam Communications – include fraudsters use of social media

  8. What is Expected? • Banks are expected have a Risk Management Program for Social Media • “ A governance structure with clear roles and responsibilities whereby the board or senior management direct how using social media contributes to the strategic goals of the institution” • How is this accomplished? • Policies • Procedures • Training • These should be done in such a manner that will address not only guidance for use of social media by the bank, but also employees’ use of social media in which they are representing the bank.

  9. Third Parties The guidance: The FFIEC is asking banks to consider if they have any control over the third party’s policies or actions. Risk mitigation in this area will continue to be critical Who are these third parties? • The social networks themselves: • Even if the social media site is owned and maintained by a third party, consumers will likely blame the bank for problems that occur on the social site. • Consultants: • Even if the social media site is owned and maintained by a third party (which is typically the case), consumers will likely blame the bank for problems that occur on the social site. • Social media technology providers: • These are the firms that provide the software to assist with the actual postings and the ability to post replies.

  10. Monitoring • The guidance: Banks should consider the use of social media monitoring tools and techniques to identify heightened risk and how to respond in an appropriate manner. • These tools and techniques should consider the fraudulent use of the bank’s brand, not simply the monitoring and responding to complaints. This should be an area that is also addressed in the risk assessment. • The guidance does not require the bank to monitor and respond to every single internet communication, but it does not address when it is appropriate to NOT respond, which means how the bank filters for relevant communications will require complex, finely tuned tools.

  11. Risk Management • It’s all about the risk management program. • The guidance is clear that the banks should have a risk management program in place that is commensurate with the size, complexity and breadth of the use of the social media outlets. • Keep in mind that if your bank uses social media on a very minimal basis, there should be an emphasis in the risk management program on how the bank will monitor for negative comments or complaints that could arise within the many social media platforms and how responses will be made. • Even if the bank isn’t utilizing social media to increase business (advertising, or even taking payments), there is still risk that should be addressed.

  12. Risk Areas • The risk from social media use stems from: • Risk of harm to consumers • Compliance and legal • Operational • Reputation

  13. What Rules Apply? • How the bank uses social media will dictate which rules apply. • If used to engage in lending, deposit services or payment activities, all applicable laws and regulations apply to those activities, no matter the media used. • UDAAP and Fair Lending always apply as well.

  14. What Rules Apply For Deposit Products? • Again, depending on how the bank uses the social media platform to further their deposit products. • If used to market and originate new accounts all applicable laws apply, right down to record retention. • For new deposit accounts, the requirements include: • Truth in Savings (Reg DD): • Disclosures about fees • APY (annual percentage yield) • Interest rate • Any other triggering terms (bonus, minimum to obtain bonus, effect of fees, etc.) • UDAAP • That being said, the one-click away disclosures can be used • Advertising and Notice of FDIC Membership whenever a bank advertises FDIC insured products

  15. How About Lending Products? • Goes without saying, it depends on how it is used to further the bank’s lending product. • All applicable regulations apply, right down to timing of disclosures and record retention. • For lending products the requirements include: • All Fair Lending Laws: • Equal Credit (Reg B) - that includes not only the prohibition of discouraging applicants on a prohibited basis, but also timeframes for notifying applicants of the status of their application. • Fair Housing – that includes not only the prohibition of discouraging applicants, but also the requirement to prominently displaying the Equal Housing Opportunity logo.

  16. Lending Requirements, Cont’d. • Truth-in-Lending (Reg Z) – all advertising provisions apply that apply to any other electronic advertisement that is delivered electronically. • RESPA – Section 8 prohibitions (fee splitting, giving or accepting a fee, kickbacks) and all the timing requirements. The bank should follow all electronic delivery requirements. This also includes error disputes under Reg E such as a billing error or a direct dispute about information. • Fair Debt Collection Practices • Fair Credit Reporting Act (FCRA)

  17. Co-Marketing • Redfin, Trulia, Zillow, etc. – all have ways to market with Realtors • Who is paying for what? • What is the cost? Is it a flat rate or does it depend on the number of referrals? • Can an agent charge more simply because they are a “Top-Agent”? • Review the CFPB guidance on Marketing Services Agreements (MSA).

  18. Nondeposit Investment Products • The Not-Not disclosure must be used when advertising or recommending investment products to retail customers. The bank must ensure that customers are fully informed that the products are not insured by the FDIC, are not deposits or other obligations of the bank and are not guaranteed by the bank, and are subject to investment risk, including possible loss of the principal invested.

  19. Complaints • Although the guidance does not require a bank to monitor and respond to every internet communication there is an expectation to take into account the results of its own risk assessment to determine the appropriate approach to take regarding monitoring and responding to these communications, and more specifically to complaints. • That being said, keep in mind the reputation risk the bank could suffer by not responding to a complaint or disputes received through social media outlets. • **CRA: Public comments made via the social media sites that are run by the bank or on behalf of the bank should be kept in the bank’s public file. Especially as they pertain to the bank meeting the credit needs of the community.

  20. Privacy • Compliance with Privacy regulations are as they relate to the GLBA requirements. For instance, if the bank takes applications via the social media site, the bank should also be giving access to the bank’s privacy policy. • There is reputation risk involved with the appearance of careless handling of the customer’s private information, so ensure the bank’s privacy policy and privacy requirements are addressed in the social media policies and procedures.

  21. BSA Remember the requirements of BSA for an effective program for identifying, monitoring and reporting? • This applies to all aspects of social media customers as well. E-banking and e-banking products in the context of social media. Which means, CIP as well as monitoring for suspicious activity. • Also consider the emerging risk in the virtual world, which includes gaming and digital currencies.

  22. Collection Efforts • Can we use Messenger/Social media to try to contact a customer who we are unable to contact? • FDCPA also applies to social media but FDCPA is limited in its scope as far as its applicability to banks collecting their own debt • Most states have a debt collection act that does follow the FDCPA as far as collection of a party’s own debt • Even without one, UDAAP and general reputation issues would arise if you use social media to publicly discuss debts (like on their Facebook wall) or to “harass” the debtor? The bank or the employee? • How far do you restrict employee use for personal and business use? • What are the limits? • What is your policy? Is it compliant?

  23. Other Requirements to Consider: CAN-SPAM, COPPA & FCRA • If you use social media to gather consumer information or send unsolicited messages or respond to FCRA disputes, all of the regular rules apply! • While the bank can rely on the fact that most social media sites require people to be 13 or older to obtain access to the site, the bank should ensure that IF there is a collection of customer information, the bank is ensuring the consumer is 13 or over.

  24. Employee Use of Social Media • Be aware that employee communications made via social media “could” be viewed by the public as reflecting the bank’s official policies, which could subject the bank to compliance, operation and reputation risk • Because of the risk involved, the bank should have policies and training to address employee participation in the use of social media sites • Important things to consider in an Employee Use Policy: • Who owns the contacts? The bank or the employee? • How far do you restrict employee use for personal and business use? • What are the limits? • What is your policy? Is it compliant?

  25. Employee Use: NLRB and Social Media • Cannot have a policy which undermines an employee’s right under the NLRB: • It is an unfair labor practice for an employer to "interfere with, restrain or coerce employees in the exercise of rights guaranteed in Section 7 of this Act.” • Restricting employee from mentioning bank or working conditions • Restricting employees from friending each other • Prohibiting employees from discussing work related activities • Have a policy. Be specific on what the bank prohibits, and make sure it is not overbroad and make it clear that the policy does not interfere with employees’ rights.

  26. Helpful Links FFIEC Guidance: https://www.consumerfinance.gov/policy-compliance/guidance/implementation-guidance/FFIEC-guidance-social-media/ FDIC News Item: https://www.fdic.gov/consumers/consumer/news/cnwin16/social_networking.html CFPB Use of Social Media: http://files.consumerfinance.gov/f/201509_cfpb_pia-use-of-social-media.pdf CFPB Social Media: Accessibility: https://www.consumerfinance.gov/accessibility/social-media/ Fed Scam Communications: https://www.federalreserveconsumerhelp.gov/consumeralerts/yellen-scam-emails-more

  27. Questions? Thank you for your participation! We hope you found value in today’s presentation. If you have any additional questions, contact Compliance Alliance at 888-353-3933.

More Related