• Credit Unions and Social Media: What’s Your Policy?
  • May 20, 2013 | Author: Douglas Hattaway
  • Law Firm: Weltman, Weinberg & Reis Co., L.P.A. - Columbus Office
  • According to a 2012 poll by CUNA Mutual Group, 94% of credit unions are investing time and money in Facebook as part of their marketing strategy, and only 1% of credit unions were not planning on using social media in 20131. Credit unions have been relatively quick to embrace social media as a marketing tool, but with good reason: social media is one of the most effective and efficient means of communicating with current and potential customers. Twitter, for example, can be used to market to new customers, update existing customers on promotions and other credit union news, advertise job openings, and find out what people are saying about your credit union. Consumers like Twitter because its 140-character limit means they get short, right-to-the-point messages that they can read at a glance and then move on with their day. The quick, informal nature of messages sent through social media platforms are what attracts consumers, but what if a credit union’s “tweet” or “status update” contains a message that triggers a disclosure requirement? That is just one of the concerns recently addressed by the Federal Financial Institutions Examination Council’s (FFIEC) proposed guidance regarding social media for banks, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau.

    The FFIEC proposed guidance statement, officially titled “Social Media: Consumer Compliance Risk Management Guidance,” provides financial institutions with guidance regarding the intersection of social media and consumer protection statutes.2  Much of the FFIEC’s proposed guidance deals with how consumer protection statutes are to be interpreted in specific scenarios involving social media. For example, the FFIEC advises that “if a financial institution offers residential mortgage lending and maintains a presence on Facebook, the Equal Housing Opportunity logo must be displayed on its Facebook page, as applicable.” More generally, however, the FFIEC’s proposed guidance advises that a financial institution should have a “risk management program” that permits it to “identify, measure, monitor, and control the risks related to social media.” The risk management program should also include the involvement of “compliance, technology, information security, legal, human resources, and marketing” departments. According to the FFIEC, these risk management programs should have the following components:

    • A governance structure with clear roles and responsibilities;
    • Policies and procedures regarding the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations, and guidance;
    • A due diligence process for selecting and managing third-party service provider relationships in connection with social media;
    • An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media;
    • An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;
    • Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance; and
    • Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.

    Some credit unions, especially those not already using social media platforms, may think that the burden of establishing and maintaining such a risk management program will outweigh the potential benefits of social media. However, the FFIEC proposed guidance states that a “financial institution that has chosen not to use social media should still be prepared to address the potential for negative comments or complaints that may arise within the many social media platforms...and provide guidance for employee use of social media.” While the FFIEC proposed guidance suggests that a financial institution that has minimal engagement with social media will not be required to have a robust risk management program, it is not clear whether a financial institution that does not use social media can avoid the program altogether.

    While the FFIEC’s proposed guidance is not at the implementation stage yet, credit unions may want to start developing a social media risk management program or drafting a social media policy. As the Credit Union National Association’s comment letter to the FFIEC’s proposed guidance points out, “in practice credit union examiners do look to guidance during the credit union examination process.3

    1 http://www.cuinsight.com/2012-the-year-credit-unions-took-the-social-media-leap.html
    2 http://www.ffiec.gov/press/pr012213.htm
    3 http://www.cuna.org/Legislative-And-Regulatory-Advocacy/DownLoads/rcl-032513/