Financial institutions have significantly increased their online presence and suite of services in recent years, and, in response to that trend, on January 17, 2013, the Federal Financial Institutions Examination Council (FFIEC) issued proposed guidance on risk management for financial institutions impacted by social media. The guidance seeks public comment and addresses the application of laws, regulations and policies to the social media activities of banks, savings associations, credit unions and other nonbank entities supervised by the Consumer Financial Protection Bureau. While it does not impose additional obligations on financial institutions, the guidance assists financial institutions in efforts to ensure that internal risk management practices adequately address the compliance and legal risks, reputation risks, and operational risks posed by social media. The guidance seeks to promote institutional awareness of responsibilities to identify, measure, monitor and control such risks within overall risk management programs.
Described in the guidance as “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video,” social media includes platforms such as Facebook, Twitter, Yelp, YouTube and LinkedIn that enable interactive and dynamic communication. Social media can prove useful to financial institutions as it facilitates the broad distribution of information, helps match financial products and services to customers, increases brand awareness, assists in advertising, and provides tools for collecting information on a variety of customer segments. Occurring in less formal and potentially unsecure environments, interactions over social media may pose challenges to financial institution compliance with existing laws.
Customer comments and complaints may arise in a variety of social media platforms, even if a financial institution has chosen not to participate in social media. The guidance points out that all financial institutions should have risk management programs that address social media. Effective risk management programs may include the following:
The guidance notes that social media can pose a variety of risks to financial institutions, including (1) compliance and legal risks; (2) reputation risks; and (3) operational risks. Compliance and legal risks arise from the potential for nonconformance with the law, prescribed practices, internal policies or ethical standards. These risks may be heightened due to the relatively emerging nature of social media, particularly when a financial institution’s practices have not kept pace with the changing marketplace. Many laws do not specifically address social media, necessitating the application of the law through the lens of acceptable practices via other media. From a compliance and legal risk perspective, financial institutions should pay particular attention to the impact of social media in connection with laws and standards implicating the following:
As the guidance stresses, social media also implicates reputational risk, or the risk arising from negative public opinion. Regardless of whether a financial institution has violated the law, negative publicity can harm the standing of the financial institution. Thus, financial institutions should manage social media with attention to any possible privacy, transparency or other consumer protection concerns. In particular, financial institutions should pay attention to reputational risks in connection with the following:
Further, financial institutions should remain cognizant of operational risks, or the risk of loss resulting from failed or inadequate processes, people or systems. In the context of social media, this may include account takeovers, malware and other breakdowns in security. Financial institutions should have procedures in place to deal with these issues as they relate to social media.
The FFIEC seeks comments on the guidance, which is available at http://www.ffiec.gov/press/Doc/FFIEC%20social%20media%20guidelines%20FR%20Notice.pdf. All comments must be received on or before March 25.
Financial institution use of social media may offer a wide variety of opportunities and benefits while potentially posing broad challenges from a regulatory and risk management perspective. If you would like to discuss the impact of social media on your institution, please do not hesitate to contact Christopher S. Connell, Nicholas Deenis or Laura E. Souchik.
Christopher S. Connell is a Partner in Stradley Ronon’s Philadelphia office, where he focuses his practice on real estate and banking law. In his banking practice, Mr. Connell counsels financial institutions on federal and multistate compliance and licensing for banking, securities, trust and insurance products; chartering, organization and initial public offerings for de novo banks; and securities matters for public company financial institutions. He also represents financial institutions in merger and acquisition and capital raising activities. In his real estate practice, Mr. Connell focuses on investment, development and commercial projects. He advises companies and nonprofit entities in all industries and of all sizes on various real estate issues, including land development and zoning matters, acquisitions and divestitures, construction and leasing.
Nicholas Deenis is a Partner in firm’s Malvern, PA office. He handles a wide range of legal disputes. He focuses his practice on complex litigation, including class actions and RICO claims, UCC litigation, insurance defense litigation, fidelity and surety bond claims, employment litigation and labor matters, health care law and general commercial litigation. He has a broad base of experience in all types of litigation matters, and has practiced extensively in both federal and state courts, regionally and throughout the country. Mr. Deenis represents national and local banks, focusing primarily on claims under Articles 3, 4, and 4A of the Uniform Commercial Code and the Electronic Funds Transfer Act. He has extensive litigation experience in check fraud and related claims and counsels banks on an ongoing basis regarding such check fraud claims and electronic transfers. He has extensive experience in defending banks, mortgage lenders and servicers, auto finance companies, and other financial services companies in a wide variety of state and federal consumer protection claims, including the Fair Credit Reporting Act, the Truth-in-Lending Act and Regulation Z, the Real Estate Settlement Procedures Act, the Fair Debt Collection Practices Act, the Equal Credit Opportunity Act, and state unfair trade practices and consumer protection laws.
Laura E. Souchik is an Associate in firm’s Philadelphia office. She advises a broad range of public and private companies on mergers and acquisitions, securities, finance, and corporate organization and compliance matters.