Many financial institutions were slow to jump on the social media bandwagon. But by now, even the stodgiest bank has a Facebook page.
Others – from small community banks and credit unions to national banking behemoths – have entire departments devoted to wooing Millennials and other web-savvy customers with the latest social media marketing techniques. LinkedIn, Twitter, Google+, YouTube, blogs, online forums and even social games such as FarmVille are being used to win customers, launch new products and enhance communications.
But the increased use of social media by financial institutions is raising concerns among regulators about potential privacy and data breaches, as well as compliance with federal banking laws.
Some banks have cobbled together their own guidelines to address these issues. Others have hired consultants to help them craft social media protocol.
Addressing the patchwork of policies, the Federal Financial Institutions Examination Council (FFFIEC) – the group of regulators charged with overseeing financial institutions – last month issued proposed guidance for the use of social media by banks, savings associations, credit unions and nonbank entities supervised by the Consumer Financial Protection Bureau.
As a first step, the regulators suggest, financial institutions should establish a social media risk management program, with input from experts in compliance, technology, information security, legal, human resources and marketing.
A mandatory part of any social media program, the proposed guidance says, should be assessing the applicability of federal consumer protection and compliance laws to social media activity. For example, banks that use social media to promote credit products and originate new accounts should ensure that those efforts comply with the Truth in Savings Act and Fair Lending Laws, such as the Equal Credit Opportunity Act and the Fair Housing Act.
Some of the council’s recommendations could crimp banks’ use of social media to advertise credit products. Any social media communication promoting a credit product, for example, is subject to regulations relating to the advertising of credit products.
That means that tweeting about a new credit card account or private education loan would require full disclosure of interest rates and costs – potentially pushing the bank’s tweet well over the 140-word maximum.
Another potential social media pitfall for banks is the negative feedback they may find on their own Facebook pages. While encouraging customers’ online comments may seem like a great idea, derogatory remarks about a particular teller or customer experience posted online can quickly damage a bank’s reputation.
Even banks and credit unions that hire outside firms to manage their social media marketing efforts should be vigilant about monitoring Internet interactions, the FFIEC notes. After all, it’s the bank – not the marketing firm administering the bank’s Facebook page – that is going to face the public’s wrath and potential liabilities if customer information is hijacked from a bank’s Facebook site.
Financial institutions have until March 25 to submit comments. After the guidance is finalized, it will be passed on to state regulators, and financial institutions will be expected to use it to manage social media risks.
In addition to general comments, the FFIEC is asking financial institutions to suggest other types of social media, or ways in which financial institutions are using social media, to include in the guidance.
Trying to regulate social media, which is constantly evolving, may prove as foolhardy as trying to catch a cloud, either real or virtual.
But for the sake of their customers and their own reputations, it’s worth banks’ time to make the effort.
