When the FFIEC released its proposed guidelines for social media management in the banking sector, they also asked for feedback on three specific questions:
1. Are there other types of social media, or ways in which financial institutions are using social media, that are not included in the proposed guidance but that should be included?
2. Are there other consumer protection laws, regulations, policies or concerns that may be implicated by financial institutions’ use of social media that are not discussed in the proposed guidance but that should be discussed?
3. Are there any technological or other impediments to financial institutions’ compliance with applicable laws, regulations, and policies when using social media of which the Agencies should be aware?
Out of some 14,000± banks and credit unions in the U.S., the FFIEC heard from about 60 of them. The Financial Brand reviewed all the letters submitted to the FFIEC (so you don’t have to), and found the feedback falls into some common themes.
Yo! You Are Regulating Us to Death!
“Do we really need more regulation?” Laurie Goodlock, Director of Marketing at Farmers State Bank of Munith, asks with a think smear of incredulity. Goodlock lists all the regulations and regulators mentioned in the FFIEC proposal: CFPB, OCC, Federal Reserve, FDIC, NCUA, SLC, PRA, OMB, TILA/Reg Z, TISA/Reg DD, ECOA/Reg B, EOL, Fair Housing Act, EHOA, RESPA, FDCPA, UDAAP, FTC, EFTA, UCC, Reg CC, BSA/AML, CRA, GLBA, CAN-SPAM, TCPA, COPPA, FCRA, Reg E.
“We are regulated by all of these and more,” Goodlock reminds the FFIEC. “Do we really need another policy that references the other policies to which we already comply?”
Cheryl Whitehead with American First Financial Services says she’s struggled to survive the last five years after having more and more regulations heaped on her back. “Adding more laws and entities is getting ridiculous,” she complains. “Just enforce what’s already there!”
Fred Brown, Director of Marketing & Member Development at Northeast Family FCU, couldn’t agree more. “These proposed guidelines governing social media use by banks and credit unions are laughingly unnecessary,” he says. “Not to mention creating a great deal of extra time, trouble and work.
Denyette DePierro, Senior Counsel for the American Bankers Association is a bit more diplomatic with his wording. “The immediate need for social media guidance is unclear,” he wrote in an official letter to the FFIEC. “Many of the questions coming from industry over the past five years when bank use of social media was in its infancy have been resolved through experience,” he notes.
What the Heck Are We Supposed to Monitor?
The FFIEC’s proposed guidelines suggest financial institutions will be required to monitor social media messages, but there is little if any guidance on what should be monitored and managed.
One industry advocate wants the FFIEC to clarify that a financial institution’s monitoring should be based on the relevant risks given the size, complexity and activities of the institution.
Kelly McNamara, EVP/General Counsel for Discover Financial Services, thinks financial institutions should not be required to respond to customer feedback that is not provided directly to the institution nor through a social media outlet that is not controlled by the institution. “To do so would suggest that the institution must monitor the entirety of the internet for complaints, inquiries and feedback,” McNamara says with measureable concern. “This would place an undue burden on institutions, and put them in a difficult — if not impossible — position.”
Dorothea Henry, Social Media Experience Manager at Union First Market Bank, takes a hardnosed, pragmatic perspective: “Even with the most robust monitoring program available, no program or platform can circumvent private Twitter accounts, private Facebook pages, and similar user determined access to information. Additionally, even simple misspellings (i.e. ‘Unoin’ vs. ‘Union’) can render a consumer comment undiscoverable.”
“A financial institution might monitor its name, its logo, its physical images, its trademarks, the names of its proprietary products, the names of its executives, or some combination of these (or other items),” notes Thomas Kirby with American University Washington College of Law. “Others might monitor the use of obscenity, the inclusion of personal financial data in posts by the public, or other items. The potential universe for matters subject to monitoring could be unlimited. Additional guidance on monitoring would be helpful.”
Translation: What the @#$% will financial marketers be expected to monitor in social channels?
Come On… Let’s Be Reasonable About This
“Social media is a platform for enabling conversation. When our employees discuss a product with a someone at a branch or over the phone, they are not expected to reel off a list of disclosures or official advertising statements.”
The FFIEC’s social media guidelines broadly call for the inclusion of common product disclosures (FDIC/NCUA insured, EHL, EOL, etc.). Most financial marketers find this idea wholly unsavory and wildly impractical.
“Not every social networking site now enables — or will enable in the future — a practical, consumer-friendly way to include required language or logos,” says Beverley Rutherford, VP/Compliance at Virginia Credit Union.
Another commenter points out the obvious yet painful truth: “It is highly unlikely that social networking site creators keep financial institutions’ regulations top-of-mind when they are designing and updating their sites.”
Mark Rapp, SVP/Strategic Marketing at SchoolsFirst FCU points out that the NCUA exempts “advertisements that because of their type or character would be impractical to include the official advertising statement, including but not limited to, promotional items such as calendars, matchbooks, pens, pencils, and key chains” (12 CFR 740(c)(10)).
“We can reasonably interpret the NCUA provision to include certain forms of social media because it would be impractical to include the official advertising statement of NCUA,” Rapp astutely observes.
A similar rule exists for bankers.
“Requiring us to include the words ‘Federally insured by NCUA’ or ‘Member FDIC’ or ‘Equal Housing Opportunity Lender’ will make it difficult to convey our messaging, especially on Twitter,” says Jenny Huschka, Digital Marketing Manager at Wings Financial Credit Union. “I propose the ‘one-click’ rule be enforced instead that will require a link to the promo/information and that page will include the above information. I see no reason to include it in tweets.”
You’re Giving Us a Moving Target
The FFIEC specifically asked financial marketers how “social media” should be defined, and if there were any additional types of social media that should be considered for inclusion in new regulations. Many commenters felt it was foolish to even try defining something as nebulous and organic as social media.
A representative with Discover Financial Services says the FFIEC’s interpretation of “social media” is vague and overly expansive, which could lead to requirements that institutions cannot, because of the changing and expanding nature of social media, comply with. Discover feels that any regulations in social media be limited to channels within an institution’s geographic footprint, and only in those channels in which the institution has a voluntary presence.
Nicole Muryn with BITS, the technology policy division of The Financial Services Roundtable, encouraged regulators to amend their definition of social media accordingly:
“Social media is a form of online communication in which users can generate content through text, images, audio and/or video which is widely shared to a social network for which membership is open to the public. Social media does not include online communications such as emails and instant messages sent directly to individual consumers or groups of consumers, nor does it include banner advertisements shown on social media sites.”
“Sites like MySpace or Pinterest gain quick acclaim as ‘the next big thing,’ then fade into obscurity within months,” points out Brady Johnson, Compliance Officer at Randolph-Brooks FCU. “Spending time and resources on determining the appropriate compliance for a medium that may dissolve and disappear in a matter of weeks or months is not a good use of resources.”
“Addition, the more-established sites have a habit of making large-scale changes without prior notice to their users,” Johnson continues. “For example, Facebook may make a change to their layout or their privacy settings without prior notification that may cause everyone’s social media profiles to become out of compliance with no advance notice.”
Ummm, Our Other Regulators Have Already Covered This
Nicole Muryn with BITS notes that both the SEC and FINRA have each issued guidance on the use of social media. “We urge the FFIEC to clarify that the guidance does not apply to securities activities of financial institutions, and to take care not to contradict guidance issued by other financial services regulatory agencies.”
Melissa MacGregor with the Securities Industry and Financial Markets Association agrees: “To avoid unnecessary duplication, confusion and conflict, SIFMA encourages the Council to expressly exclude Securities Firms from the entities subject to the final guidance adopted by the FFIEC.”
William Emerson, the CEO of Quicken Loans also shares concerns that additional rules regarding social media activities could run against the current laws, creating duplicative or inconsistent standards that create unnecessary compliance issues that will in turn create avoidable confusion for a consumer.
Smaller Institutions Beg for Clemency
The League of Southeastern Credit Unions (LSCU) bemoaned the hyper-regulated environment in which financial institutions now operate, begging the FFIEC to minimize the burdens associated with gathering and reporting social media information, especially those placed on smaller institutions.
“While gathering risk management data related to social media could be complicated for most credit unions, it will be especially difficult for credit unions that do no already have an established social media presence.”
LSCU is asking the FFIEC to exclude credit unions from social media risk assessments and reporting requirements.
Banks and credit unions seeing eye to eye on anything is about as rare as bi-partisanship in Congress. But on the subject of social media regulation, the American Bankers Association agrees with CUNA and other credit union associations: smaller institutions — particularly those not engaged in social media should receive special regulatory consideration, if not outright exclusion.
“A social media risk management program should be commensurate with the breadth of the financial institution’s involvement in social media, but also scalable and resource appropriate for the size of the institution,” the ABA wrote in its letter to the FFIEC.
Banks and credit unions aren’t alone in this view; mortgage lenders are joining in the chorus of voices seeking pity on smaller financial institutions.
Pete Mills, a spokesperson for the Mortgage Bankers Association, says the massive volume of social media communications can only be monitored with sophisticated filtering software which is cost prohibitive for most smaller financial services firms.
Thanks, But Let Us Decide What Is Or Isn’t a ‘Complaint’
The FFIEC guidelines say “a financial institution should have monitoring procedures in place to address the potential for complaints. To properly control these risks, financial institutions should ensure that inquiries, complaints or comments are addressed in a timely and appropriate manner.”
The American Bankers Association thinks the government doesn’t have any business butting in. Financial institutions should be free to decide want constitutes a “complaint” on the social web, and whether a response is warranted or not.
“The FFIEC should not define a ‘complaint’ for social media purposes,” the ABA says. “Within social media communications, the definition of a complaint should be determined by an institution’s policies, procedures, and reasonable interpretation of the governing regulations. This flexibility in implementation is essential as new social media-based modes of communication are developed.”
Sounds reasonable enough. Banks and credit unions are free to respond or ignore complaints in other channels, so what makes social media so exceptional?
Indeed that is the crux of the larger argument against the FFIEC’s proposals: Banks and credit unions have been successfully monitoring, managing and mitigating the risks associated with the same marketing and advertising issues in other channels for decades. Are new regs really needed?