Emerging Thoughts and Reactions to Federal Financial Institutions Examination Council Proposed Guidelines for Use of Social Media by Financial Institutions
Emerging Thoughts and Reactions to Federal Financial Institutions Examination Council Proposed Guidelines for Use of Social Media by Financial Institutions
1. March 25, 2013
BANKING AND FINANCIAL
INSTITUTIONS CLIENT UPDATE
Norman B. Antin
[T] 202-457-6514 Emerging Thoughts and Reactions to Federal
nantin@pattonboggs.com
Financial Institutions Examination Council Proposed
Jeffrey D. Haas Guidelines for Use of Social Media by Financial
[T] 202-457-5675
jhaas@pattonboggs.com Institutions
On January 22, 2013, the Federal Financial Institutions Examination
Kevin M. Houlihan
[T] 202-457-6437 Council (FFIEC) released proposed guidance regarding the use of social
khoulihan@pattonboggs.com media by federally regulated financial institutions. Our Financial
Institutions Practice Group issued a Client Alert on the FFIEC guidance
Joseph G. Passaic on January 25th, additional copies of which are available at our web site
[T] 202-457-6104 or upon request from any attorney identified to the left on this page. The
jpassaic@pattonboggs.com
significant role that social media will play in furthering the delivery
Mark R. Goldschmidt of products and services to the financial institutions sector cannot be
[T] 303-894-6132 minimized, and is one of the reasons for the issuance of early guidance
mgoldschmidt@pattonboggs.com from the FFIEC. Our Financial Institutions Practice Group is working with
clients on the development of programs, policies and best practices. We
Jonathan Pavony intend to continue to forward to our clients and friends Client Alerts on
[T] 202-457-6196
matters we believe will be of interest as this important area evolves and
jpavony@pattonboggs.com
as we move toward the promulgation of actual regulatory requirements.
David Teeples Based on conversations we have had to date with industry executives
[T] 214-758-3544 and social media specialists, we are able to share a variety of thoughts
dteeples@pattonboggs.com and reactions regarding (i) the effects of the guidelines on various uses
of social media, (ii) risk management considerations and (iii) emerging
best practices.
Effects of the Guidelines on Various Uses of Social Media
Marketing: Marketing through social media platforms is treated as
written advertising, and is subject to compliance with traditional
advertising law. When posts, content or forums are being used for
marketing purposes, institutions should make this point clear. Use of
consumer testimonials collected through social media channels should
be treated the same as any consumer testimonials, meaning they may
not be used without permission from the consumer and may not be used
out of context in a way that could be misleading. User-generated content
contests are subject to specific sweepstakes and advertising laws.
4837-8998-5299.2.
2. Customer Service: A best practice for customer service through social media platforms is to use social
media as a vehicle for identifying customers with problems, then to direct them to existing, more formal
channels for service rather than attempting to service needs through social media outlets themselves.
Institutions should be aware of the way different social media sites protect private information, and warn
customers not to provide personal information through channels that would make it publicly available.
Encouraging Customer Dialogue: Institutions should have clear and publicized policies about how they
will edit content on social media sites which invite participation. Editing out negative comments can lead to
liability by making the institution responsible for the veracity of the content that is left as an “editor” of the
content. Editing out profanity, threats or off-topic comments will not lead to this kind of liability, as long as
standards are made clear. Institutions should also clearly identify when the company itself is participating in
the dialogue.
Public Relations: Information provided through social media outlets should be treated like any other
press release, and is subject to commercial speech standards and rules regarding forward-looking
statements. When space is limited, as in Twitter posts, a one-click rule applies such that full disclosures need
not be provided in the post if a link is provided that will take a viewer to a screen on which the full disclosures
1
are provided.
Risk Management Considerations
FFIEC guidance notes that social media tends to be an informal and less secure environment, which
leads to increased risk, including reputational risk. Best practices for addressing this risk include creating a
social media governance team made up of individuals from each department who have enough seniority to
ensure social media usage aligns with the institution’s strategic goals, and creating and training all levels of
employees on clear policies governing the use of social media. It is important that institutions be complete
and comprehensive in communicating to their customer base and employees what the institution’s social
media presence will be, and in communicating to employees what is and is not acceptable in terms of
personal use of social media.
Advertising: Any promotional messages published through social media outlets are treated as written
advertisements. Institutions should be particularly aware of the audience targeted by social media platforms
and consider who is likely to respond and how they are likely to understand the messages conveyed. Unfair,
Deceptive or Abusive Acts and Practices (UDAAP) rules apply to information shared by institutions through
social media.
Fair Lending: Institutions should have clear policies for review and approval of all marketing messages,
including those published through social media, and should be aware of selective messaging and any
potential that information may be misleading. Institutions should be aware of the likelihood that marketing
efforts through social media platforms are targeted at a particular segment of the institution’s consumer
population, and behave accordingly.
1Full disclosures should be on the screen when the link is opened, and should not be at the bottom of a page which would require a
party to scroll down to see them. Each post should include its own one-click disclosures.
Patton Boggs LLP | Emerging Thoughts and Reactions to FFIEC Proposed Social Media Guidelines for Financial Institutions
4837-8998-5299.2.
3. Information Security and Fraud: The sense of familiarity associated with social media communications
can lead consumers and institutions to let their guard down. Institutions should be proactive about warning
customers that information posted on social media sites is available to the public at large. It is best practice to
continually track the information privacy practices of third-party social media sites actively used by an
institution.
Customer Complaints: Institutions should have a formalized procedure or mechanism (not just
guidelines) in place for responding to all complaints, including those received through social media channels.
Best practice is to use this procedure to respond to even those complaints posted to the public at large rather
than directed to the institution. Particular attention should be paid to any Community Reinvestment Act (CRA)
or fair lending-related complaint, and such complaints and responses should be documented and retained.
Archiving: Institutions do not need to track and archive every communication made through social
media channels. Information about an individual customer should be retained, which is why it is helpful to
push customers into existing channels that are documented and over which the institution has control. It is
also important to document and retain communications if the institution uses them for any purpose, such as
testimonials used for marketing or other types of information collection. There is no record retention
requirement specific to social media, but social media use is subject to rules for advertising, etc.
Employee Manual for Social Media Compliance
Best practice is to create a comprehensive employee manual for social media compliance, addressing
both personal and professional use of social media by employees. Suggested sections include: Your Identity
Online; Creating and Managing Content; Leaving Comments; Confidentiality and Privacy; Potential Conflicts
and Red Flags; and Building Your Virtual Footprint and Your Network.
Important takeaways for employees include:
• Your social media activity is trackable and traceable;
• Never use the company name or any other name associated with the company on a blog post unless you
have written permission to do so;
• Never post about the company anonymously. Be transparent, use your name and make clear your
affiliation with the company; and
• Never make false or misleading statements.
We are available to analyze your institution’s internal social media risk and to help develop a
comprehensive, effective social media risk management program.
This Client Alert provides only general information and should not be relied upon as legal advice. This Client Alert may
also be considered attorney advertising under court and bar rules in certain jurisdictions.
Patton Boggs LLP | Emerging Thoughts and Reactions to FFIEC Proposed Social Media Guidelines for Financial Institutions
4837-8998-5299.2.