The Federal Financial Institutions Examination Council, whose members include the federal agencies that oversee banks, savings and loans, credit unions and other regulated financial institutions, has issued a guidance document summarizing applicable laws and regulations as related to use of social media to guide federal and state regulators, as well as the regulated businesses. The recommendations include:
- Financial Institutions should have a social media risk management program, including policies, training and compliance audits.
- If social media promotes products and new accounts, it must comply with all consumer protection laws and regulations, including mandatory disclosures (e.g., Truth in Savings Act, Fair Lending laws, Fair Housing Act, Truth in Lending Act etc.)
- Use of social media platforms to facilitate payments requires compliance with laws regarding electronic payments such as the disclosure requirements of Reg E and anti-money-laundering program requirements apply.
- Gramm-Leach-Bliley Act privacy and data security rules apply.
- The Fair Credit Reporting Act’s solicitation and eligibility requirements apply.
While the document is devoid of specific examples of what would and would not be permitted with regard to common types of social media use, it provides a helpful summary of the applicable laws and regulations institutions must comply with when advertising, transacting or otherwise communicating with consumers in any medium and reinforces that these obligations must be taken into consideration when developing policies and procedures regarding social media use by regulated entities and their employees and agents. The guidance follows public comments and is in response to requests from the agencies for industry-wide guidance, and has been adopted by the Office of the Controller of the Currency, the Board of the Federal Reserve, the Federal Deposit Insurance Corporation, the National Credit Union Administration and the Consumer Financial Protection Bureau.
A full copy of the “Social Media: Consumer Compliance Risk management Guidance” is here.