Credit Union Legal Update – Consumer Compliance Risks in Social Media
Consumer Compliance Risks in Social Media
A hot topic is social media, but it has its risks, especially potential consumer compliance risks.
Recently, the Federal Financial Institutions Examination Council (FFIEC), which includes NCUA, released new guidelines to help financial institutions, understand and successfully manage the potential risks regarding the use of social media. It is important for credit unions, including their boards of directors and senior management, to identify and manage risks in the use of social media, including compliance risks. Many social media activities are regulated by specific consumer protection and compliance laws, several of which are highlighted and explained in this article.
You might ask, what is social media? Although social media is commonly thought of in the context of friending, tweeting, or pinning, the FFIEC guidelines concluded that social media is any form of interactive on-line communication. For example, in addition to Facebook, Twitter, Pinterest, Instagram, blogging and member review forms, email and text messages can be included in the definition. Email and text messages, if they stand alone, do not fall technically under the FFIEC definition. However, they may be subject to consumer rules and regulations. We recommend that emails and text messages be included in a Credit Unions definition of social media.
To manage the compliance risk, credit unions should consider implementing many of our recommendations. Credit unions should strive to balance the risks of social media against the benefits. Senior management should keep their boards of directors advised of social media policies and procedures. Furthermore, there should be increased due diligence in managing of third-party relationships. Employee training is critical, and there should be regular audits and compliance monitoring. One of the most important aspects of social media is to listen and respond immediately to member complaints or comments.
In general, each credit union should ensure that it periodically evaluates and controls its use of social media and is in compliance with all applicable federal, state and local laws and regulations.
Marketing and Advertising
In the marketing of deposit or lending products, credit unions should strive to be in compliance with Regulation Z. All advertising media should provide clear and proper disclosures of actually available terms to address the requirements of the regulation. There should be a different advertisement for open-end credit versus closed-end credit.
In the marketing of deposit or lending products, Regulation D also applies. There are significant advertising requirements for deposit products. There should be recognition in the ads that the deposit or share insurance is with the National Credit Union Administration. The Equal Housing Lender symbol or logo should be apparent on the website or ad. Credit unions should include social media as part of their fair lending compliance procedures, since it is a hot topic for NCUA. Clearly, credit union compliance audits and monitoring is critical.
There are particular concerns for member privacy in dealing with social media products. Some members may not appreciate the risks in providing account information in a public social media forum. Credit unions should regularly monitor postings, and maintain procedures to address any public posting of confidential or sensitive information. Some of the specific laws dealing with consumer privacy are Gramm-Leach-Bliley; CAN-SPAM Act and Telephone Consumer Protection Act (especially those areas of these acts which establish requirements and procedures or prohibitions for sending spam) and unsolicited communications by telephone or text messages.
Another area of consumer privacy that is often overlooked in social media is the Childrens On-line Protection Act. This Act and the FTCs implementing regulation poses certain requirements on operators websites or on-line services directed at children under 13 years of age.
Clearly, there are key compliance risks in social media. The following list is just a sample of a few of the Risk Areas.
Compliance and Legal Risk
- Deposit and Lending
– Truth in Savings/Reg DD and NCUA Part 707
– Fair Lending: ECOA/Reg B and Fair Housing Act
– Truth in Lending/Reg Z
– Deposit Insurance or Share Insurance
– Fair Debt Collection Practices Act
- Payment Systems
- Dissatisfied members, negative public opinion
- Fraud and Brand Identity
- Third Party Concerns and working with third parties to provide social media services
- Privacy and Data Security
- Employee Use of Social Media Sites
- Consumer Complaints and Inquiries
- Gramm-Leach Bliley and Data Security Guidelines
- CAN-SPAM and Telephone Consumer Protection Act
- Childrens Online Privacy and Protection Act
- Fair Credit Reporting Act
In our view, the biggest risk to credit unions is reputation risk. With just one poor review or negative comment, years of credit union success can be undermined. Credit unions should be the watch dog for member complaints or negative reviews. The posting of critical, accusatory or inaccurate statements on a social media platform can be disastrous. The FFIEC does not require a Credit Union to monitor and respond to all postings. But, be on the watch for consumer compliance issues and member complaints. Remember act now and not tomorrow. – Andy Keeney
The contents of this publication are intended for general information only and should not be construed as legal advice or a legal opinion on specific facts and circumstances. Copyright 2019.