Financial Industry Guidance on the Use of Social Media

Sunday, August 14, 2011

David Navetta

A7290c5bd7bc2aaa7ea2b6c957ef639b

Banks and other financial institutions face unique issues when it comes to the use of social media. 

Faced with conflicts between social media platform rules, customer expectations, self-regulatory standards, and the strict regulations that govern the industry, guidance has been needed. 

The industry received some of that guidance recently through a whitepaper issued by BITS, the technology arm of The Financial Services Roundtable whose members are 100 of the largest financial institutions in the U.S.

The report addresses the compliance, legal, operational, and reputational risks – and related mitigation strategies – of using social media in connection with a financial or banking operation.  Regarding compliance, the report discusses the myriad of compliance areas relevant to banks, including marketing, privacy and security. 

For example, because social media web sites and web activities are deemed advertising by regulators, the report warns of the risks of failing to comply with various marketing laws and regulations applicable to the banking industry, including state Unfair and Deceptive Acts or Practices Acts and Prize and Gift Acts, as well as others that require additional steps for financial institutions, such as Truth in Lending, Truth in Savings, and FDIC membership rules. 

The paper predicts even stronger and more subjective requirements to come under the Dodd–Frank Wall Street Reform and Consumer Protection Act.  Risks of non-compliance vary widely – from litigation and reputation risk, regulatory enforcement actions and in some cases civil money penalties.

On the issues of privacy and security, financial institutions walk a tightrope when using social media.  The report warns that protected data could be exposed much more readily as consumers interact with bank staff on social networks.  The increasingly real-time nature and features of many social media sites pose additional risks because staff must know the report-recommended policies, remember them, and act accordingly – all in near real-time. 

This is all in addition to the risks of third parties, who could try to use such features to try to expose information and may be more likely to succeed given the conversational nature of the platforms and features. 

Also, since social media sites and companies often make changes to those policies as they add new features or expand their partnerships with other online companies, the report warns banks to be vigilant in monitoring the privacy policies and practices of the various social media sites they use.

The report discusses generally the requirement under the FTC’s endorsement guidelines’ that online publishers “disclose relationships with advertisers when they receive free products for review, compensation or other consideration.”  The requirement seems simple, but administration and enforcement of it can become complex. 

So, the report urges financial institutions to develop policies and practices for educating associates, bloggers and other endorsers regarding disclosure requirements, including guidelines about the required disclosure format. 

These new policies should also be confirmed consistent with the myriad of other policies that likely exists, and even some that may not be entirely obvious, including any Code of Conduct/Ethics Policies, Sarbanes-Oxley Policies, Marketing/Brand/Logo Enforcement Policies, Risk Management Policies, Employment Verification/ Professional Reference Policies and various others.

Although it is no substitute for clear rules from the federal banking agencies and other regulators about banks’ use of social media, the BITS report helps summarize the issues to spot when navigating banks’ use of social media and how to begin resolving potential conflicts. 

The report is targeted to the financial industry, but because it covers use of employees’ information and resolution of institution’s internal policies, it could be a helpful read for those companies outside of the industry, as well. 

Read the report here.

Cross-posted from InfoLawGroup

Possibly Related Articles:
7090
General Security Awareness
Financial Services
Compliance Social Media Financial Guidelines BITS Financial Services Roundtable
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.