Uploaded byrajeshkvn1
PPT, PDF5 views

Securityusefulpresesentationveryuseful22

very useful

Embed presentation

Download to read offline
Social Media COMPLIANCE ALLIANCE
2 Social Media: Definition  No bright line definition  Merriam-Webster:  forms of electronic communication (as Web sites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content (as videos)  Dictionary.com:  websites and other online means of communication that are used by large groups of people to share information and to develop social and professional contacts  Investopedia:  Internet-based software and interfaces that allow individuals to interact with one another, exchanging details about their lives such as biographical data, professional information, personal photos and up-to-the-minute thoughts
3 Social Media: What is it?  Social Networking: Facebook, Twitter, Instagram, Snapchat, Tumblr, YouTube  Professional Networking: LinkedIN  Special Interest: Pinterest  Blogs  Social Games: Words With Friends, Candy Crush  What about Zillow, Redfin and Trulia?  What about the livefeed capabilities that have been added to traditional social media – IG Live, FB Live, Periscope, etc.?  What about Messenger Capabilities?
4 What About Text Messages and Emails?  Text messaging and emails are generally not considered in the definition of social media  BUT – these communications may be subject to a number of laws and regulations that are discussed in the Guidance
5 FFIEC Guidance  This Guidance is not new – released 12/10/13  That means social media may have changed a lot (think snapchat, IG videos, FB and IG live) but the expectations are the same!  What are the highlights?  Social media governance and operational risk  Third parties  Monitoring: fraud and IT security  Existing regulations and their effects https://www.ffiec.gov/press/pr121113.htm
6 How About Some Updates?  FDIC Winter 2016 News Item: Consumer Guidance - encourages consumer awareness of:  Cyber Security – protection passwords  Public nature of social media interactions  Be diligent when giving third-party apps the ability to use your social media  Periodic searches of fake accounts with consumer’s name  CFPB – Privacy Impact Assessment 2015 – You can get an idea of what the CFPB expects by looking at how they indicate they use social media (also how they address ADA website accessibility)
7 How About Some Updates?  FRB launched a FB Page in August on 2016  Inundated with complaints about the Federal Reserve system  Mocked in the media  Clear example of the risk associated with the public nature of having a social media presence and the reality of public complaints and internet trolls  Federal Reserve Scam Communications – include fraudsters use of social media
8 What is Expected?  Banks are expected have a Risk Management Program for Social Media  “ A governance structure with clear roles and responsibilities whereby the board or senior management direct how using social media contributes to the strategic goals of the institution”  How is this accomplished?  Policies  Procedures  Training  These should be done in such a manner that will address not only guidance for use of social media by the bank, but also employees’ use of social media in which they are representing the bank.
9 Third Parties The guidance: The FFIEC is asking banks to consider if they have any control over the third party’s policies or actions. Risk mitigation in this area will continue to be critical Who are these third parties? The social networks themselves: Even if the social media site is owned and maintained by a third party, consumers will likely blame the bank for problems that occur on the social site. Consultants: Even if the social media site is owned and maintained by a third party (which is typically the case), consumers will likely blame the bank for problems that occur on the social site. Social media technology providers: These are the firms that provide the software to assist with the actual postings and the ability to post replies.
10 Monitoring  The guidance: Banks should consider the use of social media monitoring tools and techniques to identify heightened risk and how to respond in an appropriate manner.  These tools and techniques should consider the fraudulent use of the bank’s brand, not simply the monitoring and responding to complaints. This should be an area that is also addressed in the risk assessment.  The guidance does not require the bank to monitor and respond to every single internet communication, but it does not address when it is appropriate to NOT respond, which means how the bank filters for relevant communications will require complex, finely tuned tools.
11 Risk Management  It’s all about the risk management program.  The guidance is clear that the banks should have a risk management program in place that is commensurate with the size, complexity and breadth of the use of the social media outlets.  Keep in mind that if your bank uses social media on a very minimal basis, there should be an emphasis in the risk management program on how the bank will monitor for negative comments or complaints that could arise within the many social media platforms and how responses will be made.  Even if the bank isn’t utilizing social media to increase business (advertising, or even taking payments), there is still risk that should be addressed.
12 Risk Areas  The risk from social media use stems from:  Risk of harm to consumers  Compliance and legal  Operational  Reputation
13 What Rules Apply? How the bank uses social media will dictate which rules apply. If used to engage in lending, deposit services or payment activities, all applicable laws and regulations apply to those activities, no matter the media used. UDAAP and Fair Lending always apply as well.
14 What Rules Apply For Deposit Products?  Again, depending on how the bank uses the social media platform to further their deposit products.  If used to market and originate new accounts all applicable laws apply, right down to record retention.  For new deposit accounts, the requirements include:  Truth in Savings (Reg DD):  Disclosures about fees  APY (annual percentage yield)  Interest rate  Any other triggering terms (bonus, minimum to obtain bonus, effect of fees, etc.)  UDAAP  That being said, the one-click away disclosures can be used  Advertising and Notice of FDIC Membership whenever a bank advertises FDIC insured products
15 How About Lending Products?  Goes without saying, it depends on how it is used to further the bank’s lending product.  All applicable regulations apply, right down to timing of disclosures and record retention.  For lending products the requirements include:  All Fair Lending Laws:  Equal Credit (Reg B) - that includes not only the prohibition of discouraging applicants on a prohibited basis, but also timeframes for notifying applicants of the status of their application.  Fair Housing – that includes not only the prohibition of discouraging applicants, but also the requirement to prominently displaying the Equal Housing Opportunity logo.
16 Lending Requirements, Cont’d.  Truth-in-Lending (Reg Z) – all advertising provisions apply that apply to any other electronic advertisement that is delivered electronically.  RESPA – Section 8 prohibitions (fee splitting, giving or accepting a fee, kickbacks) and all the timing requirements. The bank should follow all electronic delivery requirements. This also includes error disputes under Reg E such as a billing error or a direct dispute about information.  Fair Debt Collection Practices  Fair Credit Reporting Act (FCRA)
17 Co-Marketing  Redfin, Trulia, Zillow, etc. – all have ways to market with Realtors  Who is paying for what?  What is the cost? Is it a flat rate or does it depend on the number of referrals?  Can an agent charge more simply because they are a “Top-Agent”?  Review the CFPB guidance on Marketing Services Agreements (MSA).
18 Nondeposit Investment Products  The Not-Not disclosure must be used when advertising or recommending investment products to retail customers. The bank must ensure that customers are fully informed that the products are not insured by the FDIC, are not deposits or other obligations of the bank and are not guaranteed by the bank, and are subject to investment risk, including possible loss of the principal invested.
19 Complaints  Although the guidance does not require a bank to monitor and respond to every internet communication there is an expectation to take into account the results of its own risk assessment to determine the appropriate approach to take regarding monitoring and responding to these communications, and more specifically to complaints.  That being said, keep in mind the reputation risk the bank could suffer by not responding to a complaint or disputes received through social media outlets.  **CRA: Public comments made via the social media sites that are run by the bank or on behalf of the bank should be kept in the bank’s public file. Especially as they pertain to the bank meeting the credit needs of the community.
20 Privacy  Compliance with Privacy regulations are as they relate to the GLBA requirements. For instance, if the bank takes applications via the social media site, the bank should also be giving access to the bank’s privacy policy.  There is reputation risk involved with the appearance of careless handling of the customer’s private information, so ensure the bank’s privacy policy and privacy requirements are addressed in the social media policies and procedures.
21 BSA Remember the requirements of BSA for an effective program for identifying, monitoring and reporting? This applies to all aspects of social media customers as well. E-banking and e-banking products in the context of social media. Which means, CIP as well as monitoring for suspicious activity. Also consider the emerging risk in the virtual world, which includes gaming and digital currencies.
22 Collection Efforts  Can we use Messenger/Social media to try to contact a customer who we are unable to contact?  FDCPA also applies to social media but FDCPA is limited in its scope as far as its applicability to banks collecting their own debt  Most states have a debt collection act that does follow the FDCPA as far as collection of a party’s own debt  Even without one, UDAAP and general reputation issues would arise if you use social media to publicly discuss debts (like on their Facebook wall) or to “harass” the debtor? The bank or the employee?  How far do you restrict employee use for personal and business use?  What are the limits?  What is your policy? Is it compliant?
23 Other Requirements to Consider: CAN-SPAM, COPPA & FCRA  If you use social media to gather consumer information or send unsolicited messages or respond to FCRA disputes, all of the regular rules apply!  While the bank can rely on the fact that most social media sites require people to be 13 or older to obtain access to the site, the bank should ensure that IF there is a collection of customer information, the bank is ensuring the consumer is 13 or over.
24 Employee Use of Social Media  Be aware that employee communications made via social media “could” be viewed by the public as reflecting the bank’s official policies, which could subject the bank to compliance, operation and reputation risk  Because of the risk involved, the bank should have policies and training to address employee participation in the use of social media sites  Important things to consider in an Employee Use Policy:  Who owns the contacts? The bank or the employee?  How far do you restrict employee use for personal and business use?  What are the limits?  What is your policy? Is it compliant?
25 Employee Use: NLRB and Social Media  Cannot have a policy which undermines an employee’s right under the NLRB:  It is an unfair labor practice for an employer to "interfere with, restrain or coerce employees in the exercise of rights guaranteed in Section 7 of this Act.”  Restricting employee from mentioning bank or working conditions  Restricting employees from friending each other  Prohibiting employees from discussing work related activities  Have a policy. Be specific on what the bank prohibits, and make sure it is not overbroad and make it clear that the policy does not interfere with employees’ rights.
26 Helpful Links FFIEC Guidance: https://www.consumerfinance.gov/policy-compliance/guidance/implementatio n-guidance/FFIEC-guidance-social-media / FDIC News Item: https:// www.fdic.gov/consumers/consumer/news/cnwin16/social_networking.html CFPB Use of Social Media: http://files.consumerfinance.gov/f/201509_cfpb_pia- use-of-social-media.pdf CFPB Social Media: Accessibility: https://www.consumerfinance.gov/accessibility/social-media/ Fed Scam Communications: https://www.federalreserveconsumerhelp.gov/consumeralerts/yellen-scam- emails-more
27 Questions? Thank you for your participation! We hope you found value in today’s presentation. If you have any additional questions, contact Compliance Alliance at 888-353-3933.

More Related Content

PDF
BAFT-IFSA Social Media and Banking Global Webinar - June 2013
byBerwin Leighton Paisner
 
PDF
FFIEC final Social Media Guidelines
byCliff Busse
 
PPTX
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
bySmarsh
 
PPTX
Addressing Specific Challenges And E Media In Fs Alpesh Doshi
byAlpesh Doshi
 
PDF
Social Media for Regulated Industries by SocialVolts whitepaper
bySocialVolt
 
PPTX
CMPLY Updated Regulatory Overview June 2014
byCMP.LY, Inc.
 
PPTX
Getting Results with Social Media While Staying 100% Compliant
byCatchFireCreative
 
PDF
Compliance implications of social media
byActiance, Inc.
 
BAFT-IFSA Social Media and Banking Global Webinar - June 2013
byBerwin Leighton Paisner
 
FFIEC final Social Media Guidelines
byCliff Busse
 
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
bySmarsh
 
Addressing Specific Challenges And E Media In Fs Alpesh Doshi
byAlpesh Doshi
 
Social Media for Regulated Industries by SocialVolts whitepaper
bySocialVolt
 
CMPLY Updated Regulatory Overview June 2014
byCMP.LY, Inc.
 
Getting Results with Social Media While Staying 100% Compliant
byCatchFireCreative
 
Compliance implications of social media
byActiance, Inc.
 

Similar to Securityusefulpresesentationveryuseful22

PPT
Hootsuite Executive Sales Training: Financial Services and Social Media
bySocMediaFin - Joyce Sullivan
 
DOCX
Social Media: UK FCA Guidance Consultation Summary & Opinion
byDominic Crosthwaite
 
PDF
Auditing Social Media SOPAC2013
byKINSHIP digital
 
PPTX
Community Bank Social Media Compliance and PR
byBen Pankonin
 
PPSX
NAFCU - Keeping Your Marketing Pitches Compliant
byE Andrew Keeney
 
PDF
FFIEC Social Media Guidelines for Banks & Credit Unions
byICONiQ   
 
PPT
Social Media: People First! Visible-Banking.com @ MEFTEC 2009
byChristophe Langlois
 
PDF
Social Media Imperatives for Retail Banks
byCognizant
 
PDF
Social Media in Regulated Industries
byStrella Social Media
 
PDF
Visible banking workshop program social media and finance-madrid- reyes bolumar
byreyesbolumar
 
PDF
Visible Banking workshop program
byInversis Banco
 
PDF
Financial services social media
byCatherineSherwood: Real Communications
 
PDF
ING Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop fo...
byBusiness Development Institute
 
PPTX
Social Media Ethical Use for Finance & Insurance
byDeborah Gonzalez, Esq.
 
PDF
2011 Guide to Banks Using Social Media
bySocial Media Solutions LLC
 
PDF
Social Media and Compliance - Here's what you can (and cannot) do
byLoic Jeanjean
 
PDF
MBA Compliance Essentials Social Media and Digital Advertising Resource Guide
byMBAMortgage
 
PDF
"Revolutionizing Finance: The Future of E-Banking"
byHaripriyaJ17
 
PDF
Mastering the Art of Social Media in Regulated Industries
byBambu by Sprout Social
 
PDF
Compliant Practices for Social Media in Financial Services
byLinkedIn Sales Solutions
 
Hootsuite Executive Sales Training: Financial Services and Social Media
bySocMediaFin - Joyce Sullivan
 
Social Media: UK FCA Guidance Consultation Summary & Opinion
byDominic Crosthwaite
 
Auditing Social Media SOPAC2013
byKINSHIP digital
 
Community Bank Social Media Compliance and PR
byBen Pankonin
 
NAFCU - Keeping Your Marketing Pitches Compliant
byE Andrew Keeney
 
FFIEC Social Media Guidelines for Banks & Credit Unions
byICONiQ   
 
Social Media: People First! Visible-Banking.com @ MEFTEC 2009
byChristophe Langlois
 
Social Media Imperatives for Retail Banks
byCognizant
 
Social Media in Regulated Industries
byStrella Social Media
 
Visible banking workshop program social media and finance-madrid- reyes bolumar
byreyesbolumar
 
Visible Banking workshop program
byInversis Banco
 
Financial services social media
byCatherineSherwood: Real Communications
 
ING Presentation - BDI 7/26/11 Social Media Security & Compliance Workshop fo...
byBusiness Development Institute
 
Social Media Ethical Use for Finance & Insurance
byDeborah Gonzalez, Esq.
 
2011 Guide to Banks Using Social Media
bySocial Media Solutions LLC
 
Social Media and Compliance - Here's what you can (and cannot) do
byLoic Jeanjean
 
MBA Compliance Essentials Social Media and Digital Advertising Resource Guide
byMBAMortgage
 
"Revolutionizing Finance: The Future of E-Banking"
byHaripriyaJ17
 
Mastering the Art of Social Media in Regulated Industries
byBambu by Sprout Social
 
Compliant Practices for Social Media in Financial Services
byLinkedIn Sales Solutions
 

Recently uploaded

PPTX
How to Manage Checkout Policy & Customer Portal in Odoo 18 Website
byCeline George
 
PDF
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
PDF
PPT Daftar Bahan Kelas Bedah Kitab Matius Khotbah di Bukit
bySABDA
 
PPTX
ECP Demo ppt.pptx Visualizing and Identifying solid figures using concrete an...
byireneodechavez1
 
PPTX
How to Configure Dispatch Management System in Odoo 18 Inventory
byCeline George
 
PPTX
Guidelines for reporting social networks and personal networks data
byisidromj
 
PPTX
GRADE 8 - QUARTER 4 TYPES AND PARTS OF LETTER.pptx
byvillariasjazminercai
 
PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PPTX
EYE IRRIGATION AND INSTILLATION....pptx
byAneetaSharma15
 
PDF
RAJAT ARORA SIR PHYSICAL EDUCATION NOTES ALL CHAPTERS .pdf
bysumitkannoujiya74
 
PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
PPTX
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
PDF
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PDF
Types of Foot & Foot Modifications in Birds
byDr. Ramzan Virani
 
PPTX
How to Track Employee Skill Growth with Skills Evolution Report in Odoo 18
byCeline George
 
PPTX
Math 8 Quarter 4 Week 3 PRIMARY DATA.pptx
byshahanieabbat3
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
PDF
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
PDF
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
How to Manage Checkout Policy & Customer Portal in Odoo 18 Website
byCeline George
 
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
PPT Daftar Bahan Kelas Bedah Kitab Matius Khotbah di Bukit
bySABDA
 
ECP Demo ppt.pptx Visualizing and Identifying solid figures using concrete an...
byireneodechavez1
 
How to Configure Dispatch Management System in Odoo 18 Inventory
byCeline George
 
Guidelines for reporting social networks and personal networks data
byisidromj
 
GRADE 8 - QUARTER 4 TYPES AND PARTS OF LETTER.pptx
byvillariasjazminercai
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
EYE IRRIGATION AND INSTILLATION....pptx
byAneetaSharma15
 
RAJAT ARORA SIR PHYSICAL EDUCATION NOTES ALL CHAPTERS .pdf
bysumitkannoujiya74
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
Types of Foot & Foot Modifications in Birds
byDr. Ramzan Virani
 
How to Track Employee Skill Growth with Skills Evolution Report in Odoo 18
byCeline George
 
Math 8 Quarter 4 Week 3 PRIMARY DATA.pptx
byshahanieabbat3
 
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 

Securityusefulpresesentationveryuseful22

  • 1.
  • 2.
    2 Social Media: Definition No bright line definition  Merriam-Webster:  forms of electronic communication (as Web sites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content (as videos)  Dictionary.com:  websites and other online means of communication that are used by large groups of people to share information and to develop social and professional contacts  Investopedia:  Internet-based software and interfaces that allow individuals to interact with one another, exchanging details about their lives such as biographical data, professional information, personal photos and up-to-the-minute thoughts
  • 3.
    3 Social Media: Whatis it?  Social Networking: Facebook, Twitter, Instagram, Snapchat, Tumblr, YouTube  Professional Networking: LinkedIN  Special Interest: Pinterest  Blogs  Social Games: Words With Friends, Candy Crush  What about Zillow, Redfin and Trulia?  What about the livefeed capabilities that have been added to traditional social media – IG Live, FB Live, Periscope, etc.?  What about Messenger Capabilities?
  • 4.
    4 What About TextMessages and Emails?  Text messaging and emails are generally not considered in the definition of social media  BUT – these communications may be subject to a number of laws and regulations that are discussed in the Guidance
  • 5.
    5 FFIEC Guidance  ThisGuidance is not new – released 12/10/13  That means social media may have changed a lot (think snapchat, IG videos, FB and IG live) but the expectations are the same!  What are the highlights?  Social media governance and operational risk  Third parties  Monitoring: fraud and IT security  Existing regulations and their effects https://www.ffiec.gov/press/pr121113.htm
  • 6.
    6 How About SomeUpdates?  FDIC Winter 2016 News Item: Consumer Guidance - encourages consumer awareness of:  Cyber Security – protection passwords  Public nature of social media interactions  Be diligent when giving third-party apps the ability to use your social media  Periodic searches of fake accounts with consumer’s name  CFPB – Privacy Impact Assessment 2015 – You can get an idea of what the CFPB expects by looking at how they indicate they use social media (also how they address ADA website accessibility)
  • 7.
    7 How About SomeUpdates?  FRB launched a FB Page in August on 2016  Inundated with complaints about the Federal Reserve system  Mocked in the media  Clear example of the risk associated with the public nature of having a social media presence and the reality of public complaints and internet trolls  Federal Reserve Scam Communications – include fraudsters use of social media
  • 8.
    8 What is Expected? Banks are expected have a Risk Management Program for Social Media  “ A governance structure with clear roles and responsibilities whereby the board or senior management direct how using social media contributes to the strategic goals of the institution”  How is this accomplished?  Policies  Procedures  Training  These should be done in such a manner that will address not only guidance for use of social media by the bank, but also employees’ use of social media in which they are representing the bank.
  • 9.
    9 Third Parties The guidance:The FFIEC is asking banks to consider if they have any control over the third party’s policies or actions. Risk mitigation in this area will continue to be critical Who are these third parties? The social networks themselves: Even if the social media site is owned and maintained by a third party, consumers will likely blame the bank for problems that occur on the social site. Consultants: Even if the social media site is owned and maintained by a third party (which is typically the case), consumers will likely blame the bank for problems that occur on the social site. Social media technology providers: These are the firms that provide the software to assist with the actual postings and the ability to post replies.
  • 10.
    10 Monitoring  The guidance:Banks should consider the use of social media monitoring tools and techniques to identify heightened risk and how to respond in an appropriate manner.  These tools and techniques should consider the fraudulent use of the bank’s brand, not simply the monitoring and responding to complaints. This should be an area that is also addressed in the risk assessment.  The guidance does not require the bank to monitor and respond to every single internet communication, but it does not address when it is appropriate to NOT respond, which means how the bank filters for relevant communications will require complex, finely tuned tools.
  • 11.
    11 Risk Management  It’sall about the risk management program.  The guidance is clear that the banks should have a risk management program in place that is commensurate with the size, complexity and breadth of the use of the social media outlets.  Keep in mind that if your bank uses social media on a very minimal basis, there should be an emphasis in the risk management program on how the bank will monitor for negative comments or complaints that could arise within the many social media platforms and how responses will be made.  Even if the bank isn’t utilizing social media to increase business (advertising, or even taking payments), there is still risk that should be addressed.
  • 12.
    12 Risk Areas  Therisk from social media use stems from:  Risk of harm to consumers  Compliance and legal  Operational  Reputation
  • 13.
    13 What Rules Apply? Howthe bank uses social media will dictate which rules apply. If used to engage in lending, deposit services or payment activities, all applicable laws and regulations apply to those activities, no matter the media used. UDAAP and Fair Lending always apply as well.
  • 14.
    14 What Rules ApplyFor Deposit Products?  Again, depending on how the bank uses the social media platform to further their deposit products.  If used to market and originate new accounts all applicable laws apply, right down to record retention.  For new deposit accounts, the requirements include:  Truth in Savings (Reg DD):  Disclosures about fees  APY (annual percentage yield)  Interest rate  Any other triggering terms (bonus, minimum to obtain bonus, effect of fees, etc.)  UDAAP  That being said, the one-click away disclosures can be used  Advertising and Notice of FDIC Membership whenever a bank advertises FDIC insured products
  • 15.
    15 How About LendingProducts?  Goes without saying, it depends on how it is used to further the bank’s lending product.  All applicable regulations apply, right down to timing of disclosures and record retention.  For lending products the requirements include:  All Fair Lending Laws:  Equal Credit (Reg B) - that includes not only the prohibition of discouraging applicants on a prohibited basis, but also timeframes for notifying applicants of the status of their application.  Fair Housing – that includes not only the prohibition of discouraging applicants, but also the requirement to prominently displaying the Equal Housing Opportunity logo.
  • 16.
    16 Lending Requirements, Cont’d. Truth-in-Lending (Reg Z) – all advertising provisions apply that apply to any other electronic advertisement that is delivered electronically.  RESPA – Section 8 prohibitions (fee splitting, giving or accepting a fee, kickbacks) and all the timing requirements. The bank should follow all electronic delivery requirements. This also includes error disputes under Reg E such as a billing error or a direct dispute about information.  Fair Debt Collection Practices  Fair Credit Reporting Act (FCRA)
  • 17.
    17 Co-Marketing  Redfin, Trulia,Zillow, etc. – all have ways to market with Realtors  Who is paying for what?  What is the cost? Is it a flat rate or does it depend on the number of referrals?  Can an agent charge more simply because they are a “Top-Agent”?  Review the CFPB guidance on Marketing Services Agreements (MSA).
  • 18.
    18 Nondeposit Investment Products The Not-Not disclosure must be used when advertising or recommending investment products to retail customers. The bank must ensure that customers are fully informed that the products are not insured by the FDIC, are not deposits or other obligations of the bank and are not guaranteed by the bank, and are subject to investment risk, including possible loss of the principal invested.
  • 19.
    19 Complaints  Although theguidance does not require a bank to monitor and respond to every internet communication there is an expectation to take into account the results of its own risk assessment to determine the appropriate approach to take regarding monitoring and responding to these communications, and more specifically to complaints.  That being said, keep in mind the reputation risk the bank could suffer by not responding to a complaint or disputes received through social media outlets.  **CRA: Public comments made via the social media sites that are run by the bank or on behalf of the bank should be kept in the bank’s public file. Especially as they pertain to the bank meeting the credit needs of the community.
  • 20.
    20 Privacy  Compliance withPrivacy regulations are as they relate to the GLBA requirements. For instance, if the bank takes applications via the social media site, the bank should also be giving access to the bank’s privacy policy.  There is reputation risk involved with the appearance of careless handling of the customer’s private information, so ensure the bank’s privacy policy and privacy requirements are addressed in the social media policies and procedures.
  • 21.
    21 BSA Remember the requirementsof BSA for an effective program for identifying, monitoring and reporting? This applies to all aspects of social media customers as well. E-banking and e-banking products in the context of social media. Which means, CIP as well as monitoring for suspicious activity. Also consider the emerging risk in the virtual world, which includes gaming and digital currencies.
  • 22.
    22 Collection Efforts  Canwe use Messenger/Social media to try to contact a customer who we are unable to contact?  FDCPA also applies to social media but FDCPA is limited in its scope as far as its applicability to banks collecting their own debt  Most states have a debt collection act that does follow the FDCPA as far as collection of a party’s own debt  Even without one, UDAAP and general reputation issues would arise if you use social media to publicly discuss debts (like on their Facebook wall) or to “harass” the debtor? The bank or the employee?  How far do you restrict employee use for personal and business use?  What are the limits?  What is your policy? Is it compliant?
  • 23.
    23 Other Requirements toConsider: CAN-SPAM, COPPA & FCRA  If you use social media to gather consumer information or send unsolicited messages or respond to FCRA disputes, all of the regular rules apply!  While the bank can rely on the fact that most social media sites require people to be 13 or older to obtain access to the site, the bank should ensure that IF there is a collection of customer information, the bank is ensuring the consumer is 13 or over.
  • 24.
    24 Employee Use ofSocial Media  Be aware that employee communications made via social media “could” be viewed by the public as reflecting the bank’s official policies, which could subject the bank to compliance, operation and reputation risk  Because of the risk involved, the bank should have policies and training to address employee participation in the use of social media sites  Important things to consider in an Employee Use Policy:  Who owns the contacts? The bank or the employee?  How far do you restrict employee use for personal and business use?  What are the limits?  What is your policy? Is it compliant?
  • 25.
    25 Employee Use: NLRBand Social Media  Cannot have a policy which undermines an employee’s right under the NLRB:  It is an unfair labor practice for an employer to "interfere with, restrain or coerce employees in the exercise of rights guaranteed in Section 7 of this Act.”  Restricting employee from mentioning bank or working conditions  Restricting employees from friending each other  Prohibiting employees from discussing work related activities  Have a policy. Be specific on what the bank prohibits, and make sure it is not overbroad and make it clear that the policy does not interfere with employees’ rights.
  • 26.
    26 Helpful Links FFIEC Guidance: https://www.consumerfinance.gov/policy-compliance/guidance/implementatio n-guidance/FFIEC-guidance-social-media / FDICNews Item: https:// www.fdic.gov/consumers/consumer/news/cnwin16/social_networking.html CFPB Use of Social Media: http://files.consumerfinance.gov/f/201509_cfpb_pia- use-of-social-media.pdf CFPB Social Media: Accessibility: https://www.consumerfinance.gov/accessibility/social-media/ Fed Scam Communications: https://www.federalreserveconsumerhelp.gov/consumeralerts/yellen-scam- emails-more
  • 27.
    27 Questions? Thank you foryour participation! We hope you found value in today’s presentation. If you have any additional questions, contact Compliance Alliance at 888-353-3933.