The document discusses key statutory and regulatory pillars for managing social media and digital advertising compliance risks. It summarizes the FFIEC's guidance which defines social media broadly and treats social media posts as regulated advertising. The guidance identifies several laws and regulations that present compliance concerns for social media advertising, including the FTC Act's unfair or deceptive acts provisions, the Mortgage Acts and Practices (MAP) Rule, the Secure and Fair Enforcement for Mortgage Licensing Act, Regulation RESPA, Regulation Z, fair lending laws, and the Gramm-Leach-Bliley Act. The document reviews requirements and implications of these various laws and regulations for social media advertising by financial institutions.

1. David Stein
Of Counsel
Bricker & Eckler, LLP
Social Media and
Digital Advertising
Resource Guide
MBA COMPLIANCE ESSENTIALS℠
mba.org/compliance
ONE VOICE. ONE VISION. ONE RESOURCE.
16708
m
ba.org/com
pliance

2. COPYRIGHT
©2016 Bricker & Eckler LLP. This book is being provided to you with a limited license
for use solely within your organization. This book, its contents and the link to it may be
accessed by up to fifteen (15) members of your organization for each such person’s
internal use of the materials. However, these materials may not be downloaded,
reproduced, forwarded, or otherwise distributed in any form or by any means outside of
your organization. Your organization will, however, be entitled to comply with a
subpoena or other validly issued administrative or judicial process that may request
information from the book, to the extent required by law. Unauthorized reproduction,
forwarding, distribution or display of this copyrighted work is subject to criminal and civil
penalties under federal law. For information about extending this license to additional
members of your organization, please contact:
David Upbin
Associate Vice President, Education Operations and Programming, and MBA Strategy
Mortgage Bankers Association
1919 M Street, NW
Washington, DC 20036
(202) 557-2931
www.mba.org
If you would like to order additional copies of this publication or would like to inquire
regarding discounts for quantity purchases, please contact MBA.
m
ba.org/com
pliance

3. DISCLAIMER
PLEASE TAKE NOTE: These materials have been produced by Bricker & Eckler LLP.
These materials provide an overview of the guidelines and considerations for the use of
the internet, social media and mobile/digital marketing. These materials are designed to
provide the reader with a general overview and understanding of the provisions of state
and federal guidelines along with model policies and procedures and other materials to
help bolster planning and implementation of compliance management. These materials
are not intended to and do not provide legal advice, and do not create an attorney-client
relationship between the recipient and the firm of Bricker & Eckler LLP or its attorneys.
Legal and regulatory guidelines described herein are, in many instances, paraphrased,
and subject to interpretation. Formal interpretation of applicable guidelines may reveal
different understandings or conclusions that may be applicable to a particular set of
facts. The materials are not a substitute for consultation with qualified legal counsel
regarding the manner in which the laws and regulations referenced herein may be
interpreted and applied to particular facts or to particular business models. These
materials are for informational and educational purposes only, and are not a solicitation
and should not be construed as such.
m
ba.org/com
pliance

4. i
TABLE OF CONTENTS
Page No.
I. INTRODUCTION.................................................................................................. 1
II. STATUTORY AND REGULATORY PILLARS...................................................... 2
A. FFIEC’S Social Media Compliance and Risk-Management
Guidance ................................................................................................... 2
B. UDAP & UDAAP (FTC Act) and (Dodd-Frank Act) .................................... 4
1. Unfair .............................................................................................. 5
2. Deceptive ........................................................................................ 5
3. Abusive ........................................................................................... 6
4. Examination of UDAP and UDAAP by the FTC and CFPB ............. 6
5. Quick Comparison of CFPB and FTC Metrics................................. 8
C. Map Rule (Regulation N) ........................................................................... 9
1. Application to Lenders..................................................................... 9
2. MAP Rule Prohibitions .................................................................. 10
3. Enforcement.................................................................................. 12
4. Enforcement Actions Related to the MAP Rule............................. 17
5. Vendor Implications....................................................................... 19
6. Applying the MAP Lessons to Digital Marketing............................ 20
7. FTC MAP Rule Enforcement Actions............................................ 21
D. Secure and Fair Enforcement for Mortgage Licensing Act....................... 28
1. NMLS Unique Identification Number............................................. 29
2. Fictitious Names............................................................................ 32
E. Real Estate Settlement and Procedures Act of 1974 and Regulation
X .............................................................................................................. 35
1. Kickbacks and Endorsements....................................................... 35
2. Applying RESPA Actions to Social Media..................................... 36
3. Servicing Rules, FDCPA and Customer Service........................... 40
F. Truth-In-Lending Act’s Regulation Z ........................................................ 41
1. Advertising of Terms ..................................................................... 41
m
ba.org/com
pliance

5. ii
2. TILA-RESPA Integrated Disclosure Rule “TRID” .......................... 43
G. Fair Lending Laws ................................................................................... 45
H. Gramm-Leach-Bliley Act/Data Security.................................................... 48
1. Social Media Connections Lead to Phishing ................................. 50
2. CFPB Policy on Data Security....................................................... 52
I. Intellectual Property Laws........................................................................ 52
III. APPLICABILITY OF LEGAL GUIDELINES TO THE MANAGEMENT OF
SOCIAL AND DIGITAL MEDIA........................................................................... 55
A. FTC’s “.com Disclosures and How to Make Effective Disclosures in
Digital Advertising”................................................................................... 55
1. FTC General Guidance................................................................. 55
a. When is a disclaimer, explanation or disclosure
needed? ............................................................................. 55
b. “Clear and Conspicuous” is the key test............................. 56
2. Managing Technology to Clearly Communicate............................ 57
3. Clear and Conspicuous Explanations Must Accompany
Claims that Could be Misconstrued............................................... 59
4. The Elements of an Effective Digital Disclosure............................ 60
5. Space-Constrained Advertisements.............................................. 61
B. Main Hurdles of Space-Constrained Digital Advertisements.................... 62
1. Proximity ....................................................................................... 62
a. Scrolling.............................................................................. 62
b. Using Hyperlinks to Make Disclosures ............................... 62
c. When is a Hyperlink Never Sufficient? ............................... 64
d. Retweets ............................................................................ 64
e. Limited-Space Banner Ads................................................. 65
2. Creating an Effective Hyperlink..................................................... 65
a. Essential Components of a Hyperlink................................. 66
b. Do Not Ignore the Metrics................................................... 68
3. Prominence................................................................................... 68
4. Multi-Media Advertisements.......................................................... 69
5. Recap — Space-Constrained Advertisements.............................. 70
m
ba.org/com
pliance

6. iii
C. FTC’s Endorsement Guides..................................................................... 72
1. Like-gating .................................................................................... 73
2. Notice to Consumers..................................................................... 74
3. “Likes” and Followers as Deceptive Activities ............................... 75
4. Social Media Advertisements........................................................ 75
5. Invitations to Endorse.................................................................... 76
6. Material Connection ...................................................................... 77
D. FTC’S Policy Statement on Deceptively Formatted Advertisements
(Native Ads)............................................................................................. 78
E. Internet Review Sites............................................................................... 83
1. Astroturfing.................................................................................... 83
2. Reputation Management............................................................... 85
F. Third-Party Activities and Advertisements ............................................... 87
1. Vendor Management Should Be a Priority .................................... 88
2. Risky Behavior .............................................................................. 91
a. Presidential Endorsement of Activities? ............................. 91
b. Using a Government Program Web Address Is an
Unfair or Deceptive Act or Practice. ................................... 94
c. Using the President’s Image and Failing to Disclose in
Advertisement that the Company Is Not Associated
with or Approved by the Government Is an Unfair or
Deceptive Act or Practice. .................................................. 95
d. Using the Word “Federal” in the Company Name and
Web Address Found to Be an Unfair or Deceptive Act
or Practice. ......................................................................... 96
e. Using Web Addresses, Company Names and Toll-
Free Numbers that Sound or Look Like Those Used in
a Government Program is an Unfair or Deceptive Act
or Practice. ......................................................................... 97
G. The CFPB’s Required Quality-Control Plan............................................. 98
Internal Analysis is Required ................................................................... 99
H. Advice Through Websites, Blogs and Social Media............................... 100
I. Record Retention................................................................................... 101
m
ba.org/com
pliance

7. iv
J. Risk-Management Requirements and Implications................................ 101
1. Establishing a Risk-Management Program ................................. 102
2. Integration with Compliance Management System ..................... 102
3. Governance Structure................................................................. 103
K. Employment and Labor Law .................................................................. 104
1. Employee Speech is Protected ................................................... 104
2. Employment Policies Related to Social Media ............................ 104
APPENDIX A — Model Digital Marketing Risk Management Program
APPENDIX B — Model Compliance Checklists
m
ba.org/com
pliance

8. AUTHOR BIOGRAPHY AND INFORMATION ABOUT THE FIRM
David K. Stein is chair of Bricker & Eckler LLP’s Banking & Financial Services practice
group. A veteran in the financial services industry, David has spent more than two
decades counseling large and small lenders, banks and financial institutions.
Having previously led an organization with a complex marketing staff and several
hundred loan originators who were tasked to create thousands of mortgage leads per
day, David took an early interest in the use of social media and digital marketing
platforms, which led to the development of best practices for social media and internet
compliance.
The core of David’s law practice is banking and financial services. He provides counsel
and advice in compliance management, social media, marketing and sales practices,
fair lending, data security, and the defense of regulatory enforcement actions and civil
litigation.
David has served on various committees for the MBA and is a nationally recognized
speaker on matters involving legal and compliance issues facing banks and consumer
financial services companies.
Bricker & Eckler, LLP
As a nationally known firm, Bricker & Eckler has provided legal counsel to the financial
services industry for over 70 years. Banking and consumer financial services law is a
key component of our foundation. Our attorneys provide cutting-edge legal services to
banks and lenders of all sizes, from the nation’s largest banks and servicers to
independent bankers from coast to coast. The firm is large enough to provide effective
and sophisticated counsel, while also delivering highly personalized service and access
to our most experienced attorneys.
Our firm and attorneys have established valuable relationships with key industry
participants throughout the United States. From state and federal legislators and
regulators to leaders of trade groups and large institutions, we are both well-known and
well-trusted by many clients and colleagues in this field.
m
ba.org/com
pliance

9. 1
I. INTRODUCTION
This MBA Compliance Essentials Resource Guide addresses how to manage and govern
the challenges posed by social media and the digital marketing of residential mortgage
products and services. Digital media can take many forms, such as traditional internet
web functions, mobile media, social media platforms, interactive uses and those that are
yet to be developed. Depository and non-depository financial institutions have embraced
digital marketing.
The media is changing, and the laws are adapting
From traditional advertisements (print media such as newspapers, magazines and direct-mail
pieces) or multi-media (radio and television), to modern digital platforms such as social
media, internet banners, pop-up ads, online video, and mobile applications, financial
institutions have never had more options to market their products and services to consumers.
Unfortunately, federal and state advertising guidelines were generally designed to broadly
apply to advertisements across all media. Lawmakers and regulators have not specifically
addressed many of the nuances presented by mobile/digital advertising, nor have regulators
fully explained how existing legal obligations can be met within these new platforms. When
they have done so, they are often provided in a haphazard manner.
Risk lies within every posting
To give a brief glimpse of the risks of mobile/digital advertising, these simple illustrations
demonstrate some of the risks that are faced on a daily basis: A “tweet” regarding the latest
mortgage interest rates could violate the Truth-In-Lending Act’s Regulation Z. A “like” on
Facebook could be construed as an illegal kickback in violation of the Real Estate
Settlement and Procedures Act and Regulation X. A status update on LinkedIn, describing
the details of a successful loan closing, could violate the Gramm-Leach-Bliley Act’s privacy
and safeguards obligations. A loan originator who offers advice on an internet blog or
forum may inadvertently violate the Equal Credit Opportunity Act. There is no doubt that the
rewards of mobile/digital marketing are great, but the risks can be a legal minefield.
This Guide
The purpose of this Resource Guide is to review and organize applicable statutory and
regulatory authorities so that financial institutions can evaluate the risks and rewards of
advertising on digital media platforms and create an appropriate plan for compliance in
the information age. The appendices include a model digital marketing risk-management
program, as well as policies and procedures and model compliance checklists, to help
financial institutions establish an effective system of governance and control.
Most of the discussion in this Guide focuses on federal regulations. Please note, while
few states have yet to address mobile/digital media issues in their laws and regulations,
they may begin to do so in the near future. Readers are encouraged to monitor state
regulators to ensure that advertising, regardless of its platform, complies with applicable
state requirements.
m
ba.org/com
pliance

10. 2
II. STATUTORY AND REGULATORY PILLARS
A. FFIEC’S Social Media Compliance and Risk-Management Guidance
Posts on the internet and social media are the equivalent of regulated advertising
according to the Federal Financial Institutions Examination Council (FFIEC). The
FFIEC is an interagency body created by federal law in 1979 to establish uniform
principles and standards for the examination of financial institutions.1
Current members of the FFIEC are appointed from the Board of Governors of the
Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the
Consumer Financial Protection Bureau (CFPB), the National Credit Union
Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and a
representative from the State Liaison Committee (SLC).2
The purpose of the FFIEC is
to promote consistent supervision and examination of federally and state-regulated
financial institutions.3
On December 11, 2013, the FFIEC issued formal guidance on social media.4
That
guidance applies to micro-blogging sites (Facebook, Twitter, SnapChat, etc.) and to
forums, blogs, customer-review websites, bulletin boards, photo and video sites,
professional networking sites, virtual worlds, and social games.5
Although social media
is difficult to define, and is constantly changing, the guidance casts a wide net, and
broadly defines social media as “a form of interactive online communication in
which users can generate and share content through text, images, audio, and/or
video.”6
This definition sounds like just about anything that exists on the internet or that
is available through mobile devices.
The FFIEC’s broad definition seems to have been intended to ensure that financial
institutions construct thorough risk management practices to address the consumer
compliance, legal, reputational and operational risks posed by social media advertising.7
Indeed, according to the guidance, advertising financial products and services via social
media presents a multitude of risks that require their own system of governance and
oversight. The following laws and regulations are certainly in the “danger zone” for
compliance concerns8
:
 “Unfair, or deceptive acts of practices” provision of Section 5 of the Federal
Trade Commission (FTC) Act
1
12 U.S.C. § 3301 (2014).
2
12 U.S.C. § 3303 (2014).
3
12 U.S.C. § 3301.
4
FED. FIN. INST. EXAMINATION COUNCIL, SOCIAL MEDIA: CONSUMER COMPLIANCE RISK MANAGEMENT GUIDANCE (2013),
available at
http://www.ffiec.gov/press/PDF/2013_Dec%20Final%20SMG%20attached%20to%2011Dec13%20press%20release.
pdf [hereinafter FFIEC GUIDANCE].
5
FFIEC GUIDANCE at 2–3.
6
Id. at 2.
7
Id. at 4.
8
Id. at 8–12.
m
ba.org/com
pliance