Before jumping head first into social media, financial institutions would be well-advised to consider adopting a social media policy that both achieves its goals and protects it from legal risks.  In addition to the legal issues that every business faces when engaging in social media, a financial institution faces very specific set of regulations that require careful consideration.  When creating a social media policy for a financial institution, the following ten issues, laws and regulations should be considered. 

  1. Privacy:  One of the greatest risks associated with a financial institution’s use of social media is the protection of private information.  Among other things, the Gramm Leach Bliley Act (GLBA) requires financial institutions to protect the personal information of its customers.  When posting or communicating over social media, financial institutions and their employees must remember that the information being published can be accessed by the public at large and personal information cannot be disclosed.  Also, if the financial institution is collecting information over social media, certain privacy disclosures must be made, including an opportunity to opt out of any disclosure of a customer’s information to third parties.  Finally, the GLBA includes protections against “pretexting” or the practice of obtaining private information under false pretenses.
  2. Informal Posts May Be “Advertising”:  The FDIC broadly defines the term advertisement as “a commercial message, in any medium, that is designed to attract public attention or patronage to a product of business.”  Regulation Z, discussed below, defines an advertisement as “a commercial message in any medium that promotes, directly or indirectly, a credit transaction.”  226.2(a)(2).  Regulation DD defines advertisement to include any “commercial message, appearing in any medium, that promotes directly or indirectly the availability or terms of. . . a new or existing account.”   In each case, the definition is broad and could include informal communications in the form of tweets, blogs and comments.
  3. Required Advertising Statements:  If a financial institution is engaging in advertising over social media, there are a variety of technical requirements that must be followed.  For example, the FDIC requires an official advertising statement and/or the FDIC logo be used.  12 CFR § 328.3.  Another example requires banks advertising loans for dwellings to include the “equal housing lender logotype” and/or indicate that the bank makes such loans without regard to race, color, religion, national origin, sex, handicap, or familial status.  12 CFR § 328.3.  Similarly, the National Credit Union Administration (NCUA) requires an official advertising statement from its members on their website and in advertising.  12 CFR § 740.5.
  4. False and Deceptive Advertising:  The new Bureau of Consumer Financial Protection is now charged with the power to prohibit “unfair, deceptive or abusive acts or practices” with respect to consumer financial products and services.  Financial institutions engaging in social media should be careful not to run afoul of deceptive advertising laws.  The prohibition against deceptive advertising by financial institutions is nothing new.  Section 5 of the FTC Act (15 U.S.C. § 45) prohibits “unfair or deceptive acts or practices” in commerce.  The FTC Act excludes banks from FTC enforcement authority.  However, for some time, banking regulators have interpreted the enforcement ban against the FTC to mean that banking regulators themselves should enforce Section 5 under Section 8 of the Federal Deposit Insurance (FDI) Act (12 U.S.C. § 1818), which permits “the appropriate Federal banking agency” to bring enforcement actions against banks that are “violating or [have] violated, or … [are] about to violate, a law, rule or regulation.”
  5. Endorsements: The FTC has released guidelines concerning the use of endorsements and testimonials in advertising.  These guidelines were developed to help advertisers comply with the FTC Act.  The guidelines require disclosures regarding any material connection to the endorser, including celebrities, bloggers, experts and consumers.  In addition, advertisements must only reveal typical results and cannot hide behind a safe harbor disclosure that “results are not typical.”  There are many social media forums available where persons can post comment about a financial institution or its products.  Financial institutions should make clear to employees that if they make any comments about the financial institution, its products, or services in social media, they must disclose their relationship with the company.
  6. Securities Laws:  Employees may jeopardize private securities offerings by engaging in conduct only permitted by licensed brokers, releasing information too soon (“gun-jumping”), making untrue statements of material fact, performing insider trading, or other misuses of confidential information that violate securities laws.  See also Securities Exchange Commission Guidance on the Use of Company Web Sites, 17 CFR Parts 241 and 247 [Release Nos. 34-58288, IC-28351; File No. S7-23-08], effective date August 7, 2008.
  7. Advertising Consumer Credit:  The Truth in Lending Act (Regulation Z) assures the meaningful disclosure of consumer credit and lease terms, including those in advertisements, so that consumers can easily compare terms and shop wisely for credit.  If you or your employees are engaging in communications regarding credit or lease terms over social media, then the requirements of Regulation Z apply.  Also, a record of any communication of this kind must be retained for 2 years.
  8. Advertising Deposit Accounts:  The Truth in Savings Act (Regulation DD) contains certain requirements for any commercial message in any medium that promotes, directly or indirectly, deposit accounts.  If a communication of this type is sent over social media or otherwise, it may not be misleading or inaccurate.  Regulation DD also prohibits any description of an account as “free” or “no cost” (or contain a similar term) if any maintenance or activity fee may be imposed on the account.  If the advertisement states a rate of return, it must be expressed as an annual percentage yield and certain other disclosures must be made.  There are some exemptions for advertisements that are made electronically, but some disclosures are still required.  Finally, if a communication of this type is sent, a record of the message must be retained for 2 years.
  9. Loan Application Communications:  The Equal Credit Opportunity Act (Regulation B) provides certain requirements for any organization that regularly extends credit, including banks, small loan and finance companies, retail and department stores, credit card companies, and credit unions. Everyone who participates in the decision to grant credit or in setting the terms of that credit, including real estate brokers who arrange financing, must comply with the ECOA.  Among other things, the Act prohibits lenders from discouraging borrowers from applying or rejecting an application because of race, color, religion, national origin, sex, marital status, age, or because an applicant receives public assistance.  This Act requires all records related to a loan application be maintained for 25 months (ie: complaints or comments regarding the loan must be retained).  Thus, any communications made over social media related to a loan application must be preserved in some way.
  10. Communications Regarding Community Reinvestment:  The Community Reinvestment Act (Regulation BB)  is intended to encourage depository institutions to help meet the credit needs of the communities in which they operate, including low- and moderate-income neighborhoods.  However, there are some provisions that require communications, whether over social media or otherwise, be preserved.  Specifically, Regulation BB provides that a bank shall maintain a public file that includes “all written comments received from the public for the current year and each of the prior two calendar years that specifically relate to the bank's performance in helping to meet community credit needs, and any response to the comments by the bank, . . . .”  If a community bank or its employees are engaging conversations over social media regarding community credit needs, efforts should be undertaken to preserve those comments and responses.