Social Media Use Creates Additional Concerns for Financial Institutions
Recent decisions by the National Labor Relations Board penalizing employers for disciplining employees for their social media use have given all employers good reason to review their social media policies. Now, new guidance issued by the Federal Financial Institutions Examination Council (FFIEC) pertaining to the risks posed to financial institutions through their use of social media to interact with current and potential customers gives financial institutions further impetus to reassess their social media policies and practices.
Unlike the NLRB, the FFIEC’s guidance is not intended to punish financial institutions or even to establish new compliance obligations. Instead, the FFIEC’s guidance seeks to help financial institutions identify and manage the risks that come with interacting with customers through the more informal, dynamic and less secure platforms social media provides. Specifically, the FFIEC identified three risk areas: compliance and legal risks, reputation risks, and operational risks.
Compliance and Legal Risks
Under the compliance and legal risks section, the guidance describes how the use of social media in marketing as well as in originating deposit and lending products and facilitating consumer use of payment system, may require taking additional steps to ensure that required disclosures are made, information is preserved, privacy is maintained, and timelines are observed as specified by applicable laws. These laws include the Truth in Savings Act, the Fair Lending Laws, the Truth in Lending Act, the Electronic Fund Transfer Act, and the Gramm-Leach-Bliley Act. In addition, the guidance warns that financial institutions should take steps to avoid unintentional violations of the Fair Debt Collections Practices Act or Section 5 of the Federal Trade Commission Act prohibiting unfair, deceptive or abusive acts or practices through social media communication. Further, the guidance advises financial institutions to ensure that their Bank Secrecy Act-mandated compliance programs include internal controls for both prospective customers being offered e-banking products and services through social media and existing customers engaging in electronic banking through social media.
In the section on reputation risks created by social media, the guidance highlights the difficulty of protecting brand identity and the prevalence of spoofed communications where “fraudsters masquerade as the institution” and reach out to customers for information or to spread malware. The guidance advises financial institutions to have procedures in place to promptly address the public posting of sensitive consumer information, consumer questions, or consumer complaints on the institution’s social media sites. While these situations may pose no direct legal risk, they can negatively impact the institution’s reputation if the institution fails to appropriately respond in a timely manner.
In the final section, the guidance notes that, when identifying, monitoring and managing, IT-related risks, financial institutions must consider the risks posed by the institution’s social media use, as social media platforms are particularly vulnerable to malware . Because financial institutions maintain sensitive customer information, the guidance suggests that that they establish protocols for responding swiftly to a data breach or account takeover. Such a protocol may include dissemination of information through social media as appropriate.
Financial institutions’ use of social media presents both opportunities and challenges. The FFIEC’s guidance provides a helpful first step in addressing the challenges by identifying the various risks social media use poses. As the guidance states, financial institutions can manage these risks through due diligence, oversight and control.
A full copy of FFIEC’s guidance on social media is available here: http://www.ffiec.gov/press/pr121113.htm.
Julie Reddig is an employment attorney at Lerch, Early & Brewer in Bethesda, Maryland who defends management in a broad range of matters and disputes involving employment and the workplace. For more information on social media policies, contact Julie at (301) 961-6099 or firstname.lastname@example.org.