Record keeping rules for mortgage lenders weren’t written with social media in mind. Complying with these rules for loan-related tweets, Facebook messages and LinkedIn communications suggests the proverbial square peg and round hole. Some regulatory agencies mention social media communications but lack rules for it, while others are silent on the subject.
Is social media an unsupervised digital opportunity to advertise and originate mortgages, or a regulatory compliance risk?
Social Media for Lenders Webinar featuring Lee Negroni
1. ANDREA LEE NEGRONI
Research assistance of Joya Raha, JD gratefully
acknowledged
AUGUST 4, 2015
Social Media:
Mortgage Regulators Respond
What are financial agencies saying (and doing) about
social media?
THE ARCHIVING PLATFORM
WELCOME! – OUR PROGRAM WILL BEGIN SHORTLY…
2. THE ARCHIVING PLATFORM
LET’S GET STARTED! - A FEW HOUSEKEEPING ITEMS BEFORE WE CONTINUE…
Social Media:
Mortgage Regulators Respond
What are financial agencies saying (and doing) about
social media?
ANDREA LEE NEGRONI
Research assistance of Joya Raha, JD gratefully
acknowledged
AUGUST 4, 2015
3. SPEAKERS FOR TODAY’S WEBINAR
ANDREA LEE NEGRONI, JD
MIKE PAGANI
SR. DIR. OF PRODUCT MARKETING & CHIEF EVANGELIST
6. THE
ARCHIVING
PLATFORM
• Founded by Steve Marsh in 2001
• Cloud-based comprehensive archiving
PLATFORM provider
• Headquartered in Portland, OR
QUICK FACTS:
OVER 20,000 COMPANIES
TRUST US WITH THEIR MOST VALUABLE DATA
7. CORE FEATURES AND SPECIALIZED MODULES
SUPERVISION DISCOVERY PERSONAL
ARCHIVE
THE ARCHIVING PLATFORM
(SEARCH, POLICIES, CASES + ADMIN & REPORTING)
7
9. Is social media an unsupervised opportunity to advertise and originate
loans, a regulatory compliance risk, or both?
• Recordkeeping rules weren't written for social media. Complying with these
rules for social media messages is complicated.
• We polled state regulators on their own social media activity, their monitoring
of social media use in the mortgage industry, and their views of the risks and
benefits of social media.
• Their views were neither comprehensive nor uniform.
What’s a lender to do?
WHAT’S A LENDER TO DO?
9
10. Step 1: Review existing guidance on social media for and by financial institutions.
• In 2013, the FFIEC summed up potential uses of social media by FIs, and
addressed its challenges:
• “Financial institutions may use social media in a variety of ways, including marketing,
providing incentives, facilitating applications for new accounts, inviting feedback from the
public, and engaging with existing and potential customers, for example, by receiving and
responding to complaints, or providing loan pricing.”
• “Since this form of customer interaction tends to be both informal and dynamic, and may
occur in a less secure environment, it can present some unique challenges to financial
institutions.”
START WITH 3 KEY STEPS!
10
11. Step 2: Adopt a social media policy for employees.
• Per the FFIEC Guidance:
• “Training and guidance should be provided to employees regarding official use of
social media – that is, when employees communicate on behalf of the financial
institution.” (The Guidance doesn’t address employee use of social media for
personal use, but sometimes business and personal uses overlap.)
• The policy should provide for monitoring of the institution’s social media postings
and presence.
START WITH 3 KEY STEPS!
11
12. Step 3: Add social media oversight and controls to the institution’s risk
management program.
• Again, from the FFIEC Guidance:
• “Financial Institutions should ensure their risk management programs provide
oversight and controls commensurate with the risks presented by the types of social
media in which the financial institution is engaged.
START WITH 3 KEY STEPS!
12
13. … and vital to business success!
• Social media are computer-mediated tools that allow people to create, share or
exchange information, ideas, pictures and videos in virtual communities and
networks. – Wikipedia
• “Social media has been broadly defined to refer to ‘the many relatively
inexpensive and widely accessible electronic tools that enable anyone to publish
and access information, collaborate on a common effort, or build relationships.” –
Murthy, Dhiraj (2013). Twitter: Social Communications in the Twitter Age.
• Social media originated as strictly a personal tool … but were later adopted by
businesses that wanted to take advantage of a popular new communication
method to reach out to customers, for example, by informing them of sales and
offering them special coupons. – Investopedia
SOCIAL MEDIA IS A COMMUNICATION TOOL
13
14. # Today’s consumers demand dynamic, fast interaction
# Consumers want to do business on their smartphones & tablets
# Consumers are influenced by their peers
# Lenders can achieve repeat exposure to customers & keep tabs on customers
# Lenders can leverage opportunities to influence and engage users by sharing information
# Social media is constantly changing & adding tools that benefit lenders (such as geo-
location and sentiment analysis)
# Social media can establish a company as a credible knowledge leader
# Social media use is highly correlated with a company’s financial performance
# Proficient social messengers can gain a competitive advantage over competitors with
less effective social media programs
LENDERS NEED TO “LIKE” SOCIAL MEDIA
14
See: Mortgage Lenders Use of Social Media, CohnReznick, June 2014, at
http://www.cohnreznick.com/sites/default/files/pdfs/CRMortgageLenders_SocialMedia_June2014.pdf
15. From the State of Washington
Laws & Rules:
Consumer Loan Act, RCW Ch. 31.04
Administrative Rules, WAC Ch. 208-620
Recordkeeping Requirements: A licensee shall keep ... such books, accounts, records,
papers, documents, files, and other information as will enable the director to determine ...
(compliance) ... The director shall have free access to such ... information wherever
located.
Record Retention Period: 3 years after final entry on a loan.
What General Records Must be Maintained: ... the books, accounts, records, papers,
documents, files, and other information relevant to a loan or servicing of a loan ...
RECORDKEEPING: A PRIMER
15
16. From the State of Washington
(a) All loan agreements or notes and addendums, riders, or other documents that supplement the final loan agreements;
(b) All forms of loan applications, written or electronic (e.g., Fannie Mae 1003);
(c) The initial rate sheet or other supporting rate information;
(d) The last rate sheet, or other supporting rate information, if there was a change in rates, terms, or conditions prior to settlement;
(e) Rate lock agreements and the supporting rate sheets or other rate supporting document;
(f) All written disclosures required by [Washington law] and federal laws and regulations (e.g., GFE, TILA disclosures, ECOA disclosures, affiliated business arrangement
disclosures, and RESPA servicing disclosure);
(g) Documents and records of compensation paid to employees and independent contractors;
(h) An accounting of all funds received in connection with loans with supporting data;
(i) Settlement statements (the final HUD-1 or HUD-1A);
(j) Broker loan document requests (also known as loan document request or demand statements) that include prepayment penalties, terms, fees, rates, yield spread
premium, loan type and terms;
(k) Records of any fees refunded to applicants for loans that did not close;
(l) All file correspondence and logs;
(m) All mortgage broker contracts with lenders and all other correspondence with the lenders;
(n) All documents used to support the underwriting approval;
(o) All documents that evidence a financial commitment made to protect a rate of interest during a rate lock period.
SPECIFICALLY, WHAT RECORDS MUST BE MAINTAINED?
16
17. From the State of Washington
• What Advertising Records Must be Maintained: ... newspaper & print advertising,
scripts of radio and television advertising, telemarketing scripts, direct mail advertising,
and advertising distributed by delivery, facsimile or computer network.
• What is Advertising? ...s ales or promotional materials used in connection
with the business, including newspapers, magazines, leaflets, flyers, direct
mail, indoor or outdoor signs or displays, point-of-sale literature or
educational materials, other printed materials; radio, television, public
address system, or other audio broadcasts; or internet pages.
Advertising on the internet or any electronic form (including text
messages): ... includes in any medium where a licensee holds itself out to
provide licensed services.
Prohibited: Advertising rates or fees as the "lowest" or "best." (Rates
described as "lowest," "best," cannot be proven when advertised.
Therefore, they are a false or deceptive representation.)
ADVERTISING RULES
17
18. From the State of Washington
• Permitted? Yes, if the licensee maintains the electronic display equipment and
makes it available to the regulator for examination or investigation.
• The hardware or software needed to display the record must be maintained for the
retention period.
• Hard Copies May Still Be Required: The lender must provide hard copy records
upon request.
ELECTRONIC RECORDKEEPING
18
19. From the State of Washington
• Q1: Where does record keeping compliance fall on the spectrum of compliance issues?
• All violations are considered serious.
• Q2: Where does non-compliance fall on the spectrum of compliance problems?
• Record keeping violations are common, mainly involving failure to provide all required
documents to a particular borrower, rather than system-wide failures.
• Q3: What is the most common record keeping non-compliance?
• Failure to keep copies of documents, failure to completely fill out documents, and failure
to maintain records for the required period.
REGULATOR’S COMMENTS
19
20. From the State of Washington
• Q4: Does the agency use electronic or e-discovery tools to reveal compliance or plan to?
• No; off the shelf programs have been investigated but there are no immediate plans to
adopt them. Loan files are reviewed in hard-copy, PDF form, or through a database.
• Q5: How does the agency examine communications between the mortgage company and
its customers via social media, like Facebook, LinkedIn?
• Examiners review social media communication that does not require an account
number or approval for access. Without access, the agency may request the
information from the licensee.
• Q6: Are social media communications subject to record retention requirements?
• Failure to keep copies of documents, failure to completely fill out documents, and
failure to maintain records for the required period.
REGULATOR’S COMMENTS
20
21. From the State of Washington
• Q7: Does the agency have, or plan to have, rules on record keeping for social media?
• No; the existing rules apply to social media.
• Q8: How do rules apply to electronic communications that could "disappear" (e.g.,
Snapchat)?
• There are no specific rules relating to these.
• Q9: When a mortgage company has multiple loan officers, how does the regulator examine
communications via smart phones & social media?
• We examine the communications we find or are made aware of.
REGULATOR’S COMMENTS
21
22. • The previous sentence sums up the current approach to social media
messages and their retention:
• “We examine communications we find or are made aware of.”
• The Texas Banking Department said the same about social media
use by money transmitters:
• “If a consumer complaint is received, the Department will investigate.”
• Regulators don’t seem to be anticipating problems but say will
address them when & if they occur.
PROACTIVE, REACTIVE, …OR?
22
23. • Some regulators are mum; others doubt lenders and borrowers use
social media except for advertising; and a handful discourage it.
• An Arizona official “couldn’t envision” loan-related communications via social
messages, other than advertising.
• Indiana’s regulator has “no plans to expand oversight to include social media.”
• Minnesota has “not made any adjustments” for solicitation, advertising, or negotiation of
mortgages through social media.
• Maryland says social media is “currently under review.”
• Utah’s regulator expressed “concern” about loan officers communicating with borrowers
via social media.
• A Rhode Island official called social media messages “that IT stuff,” for review in “the
future.”
…INACTIVE?
23
24. • New Jersey Banking Department
• Social media communications should be “retained like any other records of a
transaction,” or records of advertising and solicitation activities.
• New York Department of Financial Institutions
• “does not prohibit mortgage brokers or their employees from utilizing social
media sites” if it does not violate federal or state laws.
OTHER AGENCIES ARE STRAIGHTFORWARD
24
25. • Brokers must “establish policies and procedures governing the use of
social media sites by employees.”
• Policies should include direction on the information that may be
posted, examples of postings that could trigger violations, and
penalties for noncompliance.
• A broker with multiple MLOs is responsible for monitoring their social
media activities.
• NY ordered ride-sharing companies to submit their social media policies -- will
mortgage companies be next?
SOCIAL MEDIA POLICIES FOR NY MORTGAGE BROKERS
25
26. • Social media is firmly on the radar of securities regulators. Consider
four areas for social media legal compliance identified by the Ohio
Division of Securities:
1. Record Retention
2. Advertisements
3. Suitability (broker-dealers) & Fiduciary Duty (investment advisers)
4. Supervision
• Record retention in the Ohio securities industry applies to
recommendations or advice, including communications via social
media and blogs.
See Ohio Securities Bulletin, Issue 2, 2014 at http://com.ohio.gov/documents/secu_Bulletin2014FourthQuarter.pdf
ARE SECURITIES REGUALTORS ESTABLISHING PROTOTYPES FOR MORTGAGE REGULATION?
26
27. • The SEC leads mortgage regulators in considering appropriate use of social
media.
• The SEC relaxed a ban on solicitation and advertising of offerings, saying
website postings might meet disclosure requirements. The SEC looks at
websites, media outlets and other information sources when reviewing
registration statements. Investment advisers have been penalized for “tweeting”
recommendations.
• Common concerns in the securities and mortgage industries:
• What constitutes “solicitation?”
• Can you tweet rates & terms?
• Are adequate disclosures provided on social platforms?
See “Guide to Social Media and the Securities Laws, by David M. Lynn, Morrison & Foerster, June 23, 2015 at http://www.bdiaregulator.com/2015/06/the-
guide-to-social-media-and-securities-law/
THE SEC IS ALSO OUT FRONT…
27
28. • New York regulators are concerned about encrypted communications,
which might permit FIs to delete records or make them unavailable for
inspection unless regulators have access to the messaging platform.
• Some platforms market disappearing message features:
• “…Communications disappear for good once they are read or after 24 hours,
whichever comes first … It can be a message … to a business associate in a
negotiation. Or it can be a blast to any number of associates or followers knowing that,
unlike other apps, your message won’t have your name on it or live on the internet
forever.”
EMERGING ISSUES
28
29. • Despite scarce rules, enforcement will occur (focused on misrepresentation,
missing documents and fraud)
• Arizona acted against mortgage brokers who failed to include interest rates & license
numbers in advertising and failed to maintain original documents in mortgage files.
• The Florida Office of Financial Regulation identified social media (and crowdfunding sites)
as a persistent threat of online fraud.
• Washington brought enforcement actions against Quicken Loans, Mortgage Investors
Corporation, Academy Mortgage Corporation and Nations Lending Corporation based on
unfair, misleading or deceptive advertising practices, failure to monitor advertisements, and
failure to maintain advertising records.
• Utah fined lending managers and loan originators displaying unapproved signage
(amounting to misleading advertising) and failure to secure records with borrowers’
personal information.
• Virginia imposed a $250,000 fine against licensees falsely stating or implying affiliation with
a government agency or a depository institution.
ENFORCEMENT
29
30. • Electronic recordkeeping is accepted, but e-records preferences vary.
One size solutions don’t fit all!
• The Virginia Bureau of Financial Institutions doesn’t want to review
separate PDF images for a single document or separate PDF
documents for a single loan.
• Nevada mortgage licensees must submit advertising for pre-
approval.
• Not efficient for social media messaging ... about 350,000 tweets are sent
every minute. Tweet now or forever hold your peace.
See The Virginia Compliance Connection, Vol. 1, 2015 at https://www.scc.virginia.gov/bfi/news/cc/15_vol1.pdf
RECORDS ODDITIES
30
31. • Mortgage regulators accept electronic record keeping with conditions, subject to non-uniform
rules; there’s no “one size fits all” records compliance strategy. A records vendor (archivist)
should understand and promote compliance.
• Expect records rules to change as social media gains ground.
• Regulators consider social messages to be advertising, but are much less familiar with how
social media is used to conduct transactions. As their knowledge increases, they will
eventually attempt to examine social messages underlying loan transactions.
• The default rule is “keep everything,” including social messages, which may be examined
based on complaints. Keep (and monitor) complaint records!
• The scarcity of “rules” doesn’t mean regulators like social media in the mortgage space; they
may deem it deceptive and take enforcement action based on unfairness.
• As lenders adopt social media, mortgage regulators may take pointers from securities
regulators, so lenders should watch developments and social media guidance in the
securities industry.
CONCLUSIONS
31
32. THE ARCHIVING PLATFORM
Q&A
Social Media:
Mortgage Regulators Respond
What are financial agencies saying (and doing) about
social media?
33. THE ARCHIVING PLATFORM
THANK YOU!
Social Media:
Mortgage Regulators Respond
What are financial agencies saying (and doing) about
social media?
Editor's Notes
And as a technology provider, we have continued to diversify our solution offerings to provide multiple deployment options and to account for this incredibly dynamic space. Social networks are evolving, tools used to communicate are evolving, and our challenge is to give clients the ability to use the tools they want, how they want.
We provide more than just email archiving compliance – we also now do email encryption, data loss prevention, instant messaging, text message BlackBerry archiving just to name a few.
We truly provide an end-to-end solution
The Smarsh Management console has become a one stop shop for all your electronic communication archiving and monitoring administration
Smarsh is a managed service provider (Software-as-a-Service) of integrated solutions. Develops its own proprietary archiving, compliance and secure messaging software.
Consolidate. The Smarsh Management Console is your administration destination. There is no need to log into separate applications for your encryption software, another to view your "quarantined" pre-review messages and then another for your email supervision system.
Enforce policy-based encryption. Messages that meet your firm's customized criteria will be automatically sent with smarshEncrypt.
Communicate back-and-forth with clients confidentially within smarshEncrypt. Intellectual property, sensitive client financial information or private health information, for instance, can be transmitted in accordance with emerging state and Federal data protection and data breach mandates and regulations.
Outlook? BlackBerry? iPhone? CRM? No problem. Incorporate encryption and data-leak prevention policy enforcement with any email system and with any tool used to send email.
Track the entire life cycle of an email message through your compliance audit system. Start with the original ("pre-encrypted") message and track all actions taken on it.
In addition to technology, one of the most important parts of our service is the ongoing interaction with an account manager
-training
-education on upcoming compliance issues and how to address them
-we have a dedicated account management team that proactively reaches out to clients to provide these benefits
Re-framed and re-launched
Historically we’ve been great at supervision: team-based review, intelligent policy engine, interface designed for efficiency.
Review Sucks
June we launched the makings of a minimal viable product around e-discovery. Growing market, with huge upside. Legal, IT
Audience is suddenly at the table
Search Speeds, Policy Engine, User Experience matters at the workflow or offering level