The Federal Financial Institutions Examination Council (FFIEC) is seeking feedback on proposed guidance to help financial institutions manage the risks of interacting with consumers through social media. The FFIEC, which comprises several financial regulatory agencies, published a notice in the Federal Register on January 23, 2013, seeking comments within 60 days.

One of the trickiest aspects of providing social media guidance is making sure that the definition of "social media" is broad enough to encompass the variety of ways in which consumers interact, but limited enough to not include e-mails, texts, or other types of communication. The FFIEC explained that social media is a "form of interactive online communication in which users can generate and share content through text, images, audio, and/or video" and that "[s]ocial media can be distinguished from other online media in that the communication tends to be more interactive." The FFIEC mentioned several examples of social media, including Facebook, Yelp, and LinkedIn, as well as virtual worlds such as Second Life and social games such as FarmVille.

The FFIEC said its proposal is needed to assist financial institutions in controlling risks presented by social media, specifically those resulting from interactions that are informal and occur in a less secure environment, as well as the risks of social media campaigns that may not receive the care and attention of a traditional advertising campaign. In addition, the FFIEC acknowledged that financial institutions using social media have the potential to improve market efficiency due to the broader distribution of information among consumers.

In designing an adequate risk management program for social media, the FFIEC noted that the program needs the involvement of several departments of an institution—compliance, technology, information security, legal, human resources, and marketing (as well as public relations, not mentioned by the FFIEC). Specifically, the risk management program should include:

  • Having governance that incorporates individuals from each department who have enough seniority to be able to ensure social media aligns with the financial institution's strategic goals
  • Developing or updating policies and procedures to address social media, especially concerning consumer protection laws, regulations, and guidance
  • Establishing due diligence processes for managing third-party providers of social media programs
  • Training employees in appropriate use of social media, on and off the job
  • Monitoring of information posted to proprietary social media sites
  • Protecting against reputational harm
  • Incorporating social media into regular compliance and audit protocols as well as in reports to the board of directors or senior management

The proposed guidance discusses several consumer financial regulations and highlights sections of the regulations that require special consideration in the context of social media. For more details on specific regulatory language that applies, please refer to this chart. The basic rule of thumb, however, is that social media use by financial institutions should comply with all of the same requirements—disclosures, timing of responses, privacy, etc.—that the financial institution applies to any advertising, consumer application, or transaction it allows online.

Ballard Spahr attorneys are available to advise financial institutions on the use of social media to communicate with consumers to ensure compliance with consumer financial services laws, as well as related privacy laws. The firm's Consumer Financial Services Group is nationally recognized for its guidance in structuring and documenting new consumer financial services products as well as its experience with the full range of federal and state consumer credit laws. 

Members of the Consumer Financial Services Group who are also part of the Privacy and Data Security Group focus on financial privacy by design—evaluating new products and services and communications channels to ensure that financial institutions are meeting their privacy and data security obligations. 

For more information, please contact CFS Practice Leader Alan S. Kaplinsky at 215.864.8544 or kaplinsky@ballardspahr.com, CFS Practice Leader Jeremy T. Rosenblum at 215.864.8505 or rosenblum@ballardspahr.com, or John L. Culhane, Jr., at 215.864.8535 or culhane@ballardspahr.com.


 Copyright © 2013 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.

 

 

 

 

 

 

 

 

 

 

 

Related Practices

Consumer Financial Services
Mortgage Banking
Privacy and Data Security

CFPB

Visit CFPB Monitor, our blog on the Consumer Financial Protection Bureau >

Subscribe to the blog via e-mail >