Managing Banking Compliance in the Social Media World

1. Managing Banking Compliance in the Social Media World Heartland Compliance Association February 2012

2. Managing Banking Compliance in the Social Media World Social media sites are considered written media like your own website or other communications Advertising and other rules apply Interactive content needs more attention than just posting a statement on your website Appropriate supervision of the social network Manage content

3. Managing Banking Compliance in the Social Media World Advertising FDIC membership statement should be included if promoting a product or the bank NonDeposit Investment Products advertising should be segregated from insured product advertising Include the NOT, NOT, NOT disclosure if mentioning insurance products Reg DD – watch if a post contains a triggering term such as an APY, then other disclosures should be provided

4. Managing Banking Compliance in the Social Media World Advertising Reg Z – watch if a post contains a triggering term, then other disclosures should be provided Open-end and closed-end rules including HELOCs Teaser rates or payments Credit card promotions Equal Housing Lender logo should be included if posting about a residential real estate loan product

5. Managing Banking Compliance in the Social Media World UDAP – unfair or deceptive statements Reg B – Equal Credit Opportunity Act Potential for communicating a loan decision Potential for discouraging or steering an applicant Complaints and Comments If CRA related then should include in public file Record retention

6. Managing Banking Compliance in the Social Media World Information Security – customer information is still private after hours Post fraud warnings on your page not just your bank website Personal and sensitive information often made known on social media page Risk of identity theft or other fraud Social site’s security vulnerabilities to phishing and other types of attacks

7. Managing Banking Compliance in the Social Media World Reputation risk management Establish a social media policy Written direction to guide the purpose of social media participation Comply with applicable law Who has access? Official use only or personal use When can access? During work day or after hours

8. Managing Banking Compliance in the Social Media World Establish a social media policy What to allow to be posted on the Bank’s page? General information or product specific advertising Ratings and reviews of service Describe customer posting standards Is Bank is responsible for comments by its customers Ability to censor or remove false or abusive posts?

9. Managing Banking Compliance in the Social Media World Establish a social media policy Who interacts with customers or commenters Some or all employees? Who has a business need for access What to respond to? False or misleading statements Criticism can be a useful tool

10. Managing Banking Compliance in the Social Media World Establish a social media policy What about personal sites? Same reputation and advertising concerns Train and ensure employees speak for themselves on their personal pages, not the bank What can the employee post about themselves on their personal page Can “friend” bank customers or not