Credit Unions and Social Media: What’s Your Policy?
According to a 2012 poll by CUNA Mutual Group, 94% of credit unions are investing time and money in Facebook as part of their marketing strategy, and only 1% of credit unions were not planning on using social media in 2013[1] . Credit unions have been relatively quick to embrace social media as a marketing tool, but with good reason: social media is one of the most effective and efficient means of communicating with current and potential customers. Twitter, for example, can be used to market to new customers, update existing customers on promotions and other credit union news, advertise job openings, and find out what people are saying about your credit union. Consumers like Twitter because its 140-character limit means they get short, right-to-the-point messages that they can read at a glance and then move on with their day. The quick, informal nature of messages sent through social media platforms are what attracts consumers, but what if a credit union’s “tweet” or “status update” contains a message that triggers a disclosure requirement? That is just one of the concerns recently addressed by the Federal Financial Institutions Examination Council’s (FFIEC) proposed guidance regarding social media for banks, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau.
The FFIEC proposed guidance statement, officially titled “Social Media: Consumer Compliance Risk Management Guidance,” provides financial institutions with guidance regarding the intersection of social media and consumer protection statutes.[2] Much of the FFIEC’s proposed guidance deals with how consumer protection statutes are to be interpreted in specific scenarios involving social media. For example, the FFIEC advises that “if a financial institution offers residential mortgage lending and maintains a presence on Facebook, the Equal Housing Opportunity logo must be displayed on its Facebook page, as applicable.” More generally, however, the FFIEC’s proposed guidance advises that a financial institution should have a “risk management program” that permits it to “identify, measure, monitor, and control the risks related to social media.” The risk management program should also include the involvement of “compliance, technology, information security, legal, human resources, and marketing” departments. According to the FFIEC, these risk management programs should have the following components:
- A governance structure with clear roles and responsibilities;
- Policies and procedures regarding the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations, and guidance;
- A due diligence process for selecting and managing third-party service provider relationships in connection with social media;
- An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media;
- An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;
- Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance; and
- Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.
