SOCIAL MEDIA RISK: KEEPING UP WITH THE JONESES WHILE MANAGING RISK Session Outline • Review of FFIEC Guidance • Application of Guide to Social Media Use • Group Discussion using Real World Examples The Business Case How are banks using social media? • Marketing • Information • Onboarding customers What other benefits? What is Social Media? • Interactive online communication where users can create and share content • Text and email are not included unless sent through social media channels How do Financial Institutions Use It? Ways include: • marketing • incentives • account openings • customer reviews • customer complaint resolution • loan pricing Why the Big Deal? • Vast opportunities for direct customer interaction in marketing, support, and research • risks: lack of control; informal, dynamic forum; hard to oversee usage by bank's employees • benefits: increased brand awareness, advertising, customer interactions, customer research The Regulatory Context Social media risk impacts: • • • • Safety and soundness Compliance/Consumer Protection BSA/AML Technology Operation FFIEC Guidance • Addresses applicability of federal consumer protection and compliance in social media activities • Imposes no new requirements • A guide to existing requirements, supervisory expectations and risk management FFIEC Guidance Key Issues • • • • Consumer privacy and transparency Risk from brand identity fraud - spoofing Improper behavior of host sites or other third party Employees who communicate with consumers or for their personal use where they reference the FI. What are the Overall Risks? • Risk of harm to consumers • Consumer compliance and other legal risks • Operational risks • Reputational risks FFIEC Guidance - Regulatory Compliance Issues • • • • • • • • • • Truth in Savings, Reg DD Fair Lending – Reg B, ECOA, FHA Equal Housing Lender, CRA, RESPA Truth in Lending, Reg Z Fair Debt Collections Practices Act Advertisement of insured products Nondeposit Investment Products UDAP, BSA/AML Reg E, check transactions customer feedback/complaints/privacy Conducting a Social Media Risk Assessment • Evaluate all current uses, and related technology, data security, data privacy and regulatory compliance risks • Repeat for any new or modified uses, use to develop social media risk management program Developing a Social Media Risk Management Program • Initial Program Design should take regulatory and risk mitigation into account • Up-to date technology and practices should be built in at all levels. Bank has to work with its own and social media platform’s technology service providers to implement. • Robust monitoring programs implemented and fully utilized • Communication among program participants is key. • All applicable Bank compliance programs need to take Social Media Program into account and vice versa. Specific Compliance Practices • Privacy/PCI Compliance/Security/Data Integrity • risk mitigation practices and controls • review of all social media content and activities for compliance with applicable law Technology-Oriented Risks • Data security (FI/social media channel provider) • Data privacy • Third party vendors/risk management challenges Group Discussion • Real world examples of FI social media activities and related regulatory compliance, data privacy and technology issues • How participation does/does not vary by size • How CFPB-regulated non-bank entities are using social media and what special challenges they might present • What happens if Facebook succeeds in its quest to be everyone’s Single Sign-On? For further questions, contact: Linda Odom, Bryan Cave LLP linda.odom@bryancave.com (202) 508-6331 (office) (434) 284-1952 (mobile)