Blog  |  May 30, 2019

A Beginner’s Guide to Social Media Compliance for Financial Institutions

Social media channels provide financial institutions with a unique opportunity to engage in helpful two-way communication with customers, prospects, employees and critics.

However, communicating with customers through social media carries its own regulatory and compliance concerns, especially for financial institutions. Is social media considered advertising? Which regulations dictate what institutions can and can’t say? The answers are not cut and dried, but understanding the compliance framework around social media is a critical first-step toward lowering your organization’s risk.

Know These Key Social Media Regulations

First and foremost, your social media content must meet federal regulations. And although marketing laws do not directly address social media requirements for financial institutions, many existing laws and regulations specific to the financial sector treat the internet—including social media sites—as a marketing channel. This means that all requirements that would apply to your organization’s website also apply to your social media accounts. So how do you go about leveraging social media while ensuring proper compliance?

Here are a few key regulations to keep in mind:

  • Reg B: This regulation prohibits discrimination against certain credit applicants. Images and statements should be carefully reviewed to avoid discouraging creditworthy applicants or implying your institution primarily serves a certain class of people. Given the dynamic and inherent nature of social media, it’s critical to implement ongoing, frequent monitoring for activity that could violate Reg B. Training programs should ensure all employees know how to properly respond to certain inquiries regarding loans.
  • Reg Z (Truth-in-Lending Act): The Reg Z compliance requirement applies to all commercial messages that promote credit transactions. Further caution and adequate training are necessary when advertising interest rates or specific credit terms through social media, since employees’ interaction with consumers about credit products also can trigger specific disclosures. And if a communication of this type is sent, you must keep a record of the message for two years.
  • Reg DD (Truth-in-Savings Act): This rule applies to any commercial message, in any medium, that promotes deposit accounts. The rules are intended to ensure advertisements are not misleading, inaccurate or misrepresentative of the institution’s deposit contract. Reg DD also sets forth rules for responding to certain inquiries about deposit accounts, specifically inquiries about interest rates. Advertisements through social media that include deposit rates trigger the same disclosures as those applicable to your website and print media.
  • Gramm-Leach-Bliley Act: This regulation requires security of customer information. You must ensure that confidential account data is not exposed when attempting to provide customer service or assist with products. Also, insurance disclosures should appear if the bank mentions insurance products in its posts.

It would be wise to conduct a thorough review of these five critical regulations to determine if your social media efforts measure up.

Best Practices for Social Media Compliance

So now that you know your institution is on the hook for the aforementioned regulations, how do you remain compliant? Unfortunately, few of these regulations give clear-cut, practical action items. However, there are some best practices that can keep your social media outreach in the good graces of regulators.

  • Conduct a Social Media Risk Assessment: Before jumping into social media, you should complete a risk assessment to predict your compliance exposure. This assessment will reveal the controls needed to protect against threats from both technology failure and human mistakes while meeting regulator expectations. Of course, the risk assessment itself won’t stop events from occurring, but awareness and identification of threats enables you to establish controls and processes that minimize your risk.
  • Approve Your Content: Depending on your social media strategy, your institution might post a few times over the course of a week or multiple times per day. Regardless of the frequency or platform, set up an approval process to ensure all posts meet regulatory guidelines.
  • Create an Employee Social Media Policy: A social media policy should cover an employee training program, training schedule and rules of engagement.
  • Provide an Audit Trail: Keep a record of all Facebook, Twitter, YouTube and LinkedIn posts for required timeframes. Further, preserve any consumer communication on lending or credit terms, promotions for deposit accounts, loan application information or public comments received about a bank’s performance, typically for two years.
  • Don’t Forget to Disclose: Social media testimonials are subject to truth-in-advertising laws, so include clear disclosures from bloggers or consumers if they are being compensated in any way. Employees must also disclose their status if they make comments about your institution or its products or services online. All social media landing pages should display the FDIC logo and, if you provide mortgage loans, disclose “equal housing lender” statements.
  • Get a Pro in Your Corner: If you’re still overwhelmed, or if you’d rather take a hands-off approach to social media regulatory upkeep, partner with a third-party social media compliance platform that can manage your institution’s social media compliance while enhancing your strategy.

For some, the risks in social media can seem overwhelming, but understanding the key regulations and utilizing these best practices ensures that you are prepared to handle any issues that arise. With these steps in place, social media can be a direct, exciting channel for communicating your bank’s value to the community.

Want More Info on Compliance on the Web?

Are you looking for more information on internet compliance in general? Check out our Website Compliance Gamechangers white paper to make sure your institution is updated with the latest online requirements.

Craig Lippmann currently serves as CSI’s director of strategic alliances and partnerships. 

Get In Touch

Are you looking for the edge to outperform the competition? CSI is a full-service technology and compliance partner.

Let’s talk