Financial Institutions and Social Media: Regulatory Review

Size: px

Start display at page:

Download "Financial Institutions and Social Media: Regulatory Review"

Esther Stokes
5 years ago
Views:

1 Financial Institutions and Social Media: Regulatory Review Bank Safety and Soundness Advisor Webinar April 23, 2013 Peter Luce, Washington, D.C

2 Agenda Proposed FFIEC Guidance Definition of Social Media Highlights from Guidance Regulatory Issue-Spotting Exercise: False Advertising laws, CDA, UDAAP, Reg Z Questions? 2

Financial Institutions and Social Media :Regulatory Review FFIEC social media definition: Any form of interactive online communication in which users can generate and share content through text,

3 Financial Institutions and Social Media :Regulatory Review FFIEC social media definition: Any form of interactive online communication in which users can generate and share content through text, images, audio and/or video, including micro-blogging sites (Facebook, Google Plus, MySpace and Twitter), forums, blogs, customer review websites and bulletin boards (e.g. Yelp), photo and video sites (Flickr and YouTube), sites that enable professional networking (LinkedIn), virtual worlds (e.g. Second Life) and social games (Farmville and CityVille). 3

4 Financial Institutions and Social Media :Regulatory Review FFIEC social media definition: Extremely broad definition (the entire Internet ) Presumed to include sites owned/ managed by financial institutions that permit users to post content 4

Financial Institutions: Social Media Forays Reputation Management: Avoiding Bad PR Proactively establishing voice /social media presence Complaint gathering Marketing/ Promotions: Public Relations

5 Financial Institutions: Social Media Forays Reputation Management: Avoiding Bad PR Proactively establishing voice /social media presence Complaint gathering Marketing/ Promotions: Public Relations Marketing/Promotions Brand-Building Product Education Next Wave: FIs leveraging social media credentials/infra structure to offer new products and services Social Mediaenabled products and services: P2P Payments In-Stream Payments Customer Forums Mobile 5

6 Financial Institutions and Social Media :Regulatory Guidance Highlights Contents of Proposed Guidance: Managing Reputational Risk: Even if an FI does not use SM, FIs should be prepared to proactively manage reputation Prevent fraud by monitoring SM Prevent user posting of personal data Monitor employee usage of SM Managing Compliance Risk: If FI uses SM, be sure that such use does not violate state/federal laws Review must include due diligence of 3 rd party vendors Operational Risk: Role of Third-Party SM vendors Systems review 6

7 Financial Institutions and Social Media :Regulatory Guidance Contents of Proposed Guidance: Key Take-Aways: Same laws, new environments: No New Laws to Learn But be prepared to apply the Usual Suspects in novel situations, and You Must Have a Plan: Update Existing Plans Conduct Employee Training 7

ECOA/Reg B TILA/Reg Z EFTA and Reg E NACHA/Article 4 of UCC: Check transactions Expedited Funds Availability Act/Reg CC Bank

8 Financial Institutions and Social Media: Regulatory Guidance Regulatory Compliance Checklist* Application security measures and risk assessments Evaluate whether new products and services comply with existing regulations: Truth in Savings Act/Reg DD ECOA/Reg B TILA/Reg Z EFTA and Reg E NACHA/Article 4 of UCC: Check transactions Expedited Funds Availability Act/Reg CC Bank Secrecy Act/Anti-Money Laundering Community Reinvestment Act requirements Financial Privacy: GLBA FCRA FDCPA UDAAP *Not exhaustive 8

9 Examples Examples from Proposed Guidance Truth In Savings Act/Part 707 of Reg DD: online advertisements must comply with applicable disclosure requirements: must not be inaccurate or misleading: Key terms must be explicit Provide links to more information 9

10 Examples Examples from Proposed Guidance Fair Lending Laws: ECOA, Reg B and Fair Housing Act: Advertising/Marketing must not discourage consumers on a prohibited basis from applying for credit Comply with Reg B timeframes for notification and with adverse action notices Record-keeping in compliance with Reg B Avoid collection of information regarding sex, age, national origin, race, or religion SM collects such info routinely monitor 3 rd Party collection of such data FHA prohibitions against discrimination Equal Housing opportunity requirements (logo must be displayed) 10

11 Examples Examples from Proposed Guidance Truth in Lending Act Reg Z: All SM Advertising/Marketing must comply with Reg Z Advertisements defined as any commercial message that promotes consumer credit What is/is not a Commercial message? Credit Terms can be located on separate table from advertisement page only if link to table is clear and conspicuous UI Design issues Must provide required disclosures 11

12 Examples Examples from Proposed Guidance Real Estate Settlement Procedures Act: All prohibitions against fee splitting, kickbacks, or things of value in exchange for referrals apply in SM context Fair Debt Collection Practices Act: No public disclosure that consumer owes a debt Don t use SM to make inappropriate contact (harassment, contact w/ relatives) Unfair Deceptive or Abusive Acts or Practices: Ensure that information communicated on SM is accurate, consistent, not misleading (communicated by whom?) Deposit/Share Insurance Must be properly disclosed on SM where required 12

13 Examples Examples from Proposed Guidance Payment Systems: Electronic Fund Transfer Act/Reg E: If FI engages in funds transfer transactions via SM, must ensure proper disclosures, error resolution procedures Check Transaction Rules: NACHA/Article 4/Expedited Funds Availability Act and Reg CC (availability of funds) Bank Secrecy Act/Anti-Money Laundering: 31 CFR Chapter X E-banking customers Virtual World Internet games that permit users to cash out 13

14 Examples Examples from Proposed Guidance Community Reinvestment Act: complaints against an FI lodged on SM count and must be maintained in public file CAN-SPAM Act, Telephone Consumer Protection Act: Unsolicited communications via SM and via mobile phones COPPA: don t assume SM has verified that users are older than 13 Privacy Laws: Gramm-Leach-Bliley Act and Data Security rules: Privacy, security of consumer information Integration of SM into online account experience/taking applications via SM Disclosure of privacy policies Fair Credit Reporting Act: Restrictions on solicitations using eligibility information, collection of medical information, etc. 14

15 Operational Risks Examples from Proposed Guidance Operational Risk: FFIEC Information Technology Examination Handbook Outsourcing Technology Services Information Security booklets Account takeovers Malware Use of SM to respond to security events 15

16 Issue-Spotting: EZ Bank EZ Street Web site EZ Bank EZ Street Web Site EZ Bank: Offers wide array of credit, debit, checking, insurance, home loan, and related rewards products and services Launched EZ Street Community Forum to permit customers and prospective customers to interact and post content regarding their experiences with EZ Bank s offerings Education or promotion? Or both? Moderated? Is incorrect content quickly removed? To what extent is EZ Bank responsible for userposted content? What legal issues should EZ Bank be aware of before launching the site? 16

17 Issue-Spotting: EZ Bank EZ Street Web site EZ Bank EZ Street Web Site False Advertising Laws and Application to User-Generated Content: Advertisers generally not responsible for independent claims made about products by third-party, however Lanham Act: statements about competitors products, use of marks State little FTC Acts Is user content independent claim or does it comprise Bank advertising and promotion? Do surrounding circumstances of consumer s statement promote Bank and does Bank shape or solicit user s statement? 17

18 Issue-Spotting: EZ Bank EZ Street Web site EZ Bank Web Site False Advertising Laws and Application to User-Generated Content: Does user statement overstate capabilities of product? Did Bank solicit the content? Does content give false impression of competitor product? Lanham Act test for false advertising claims: 3 Part Test Is it commercial speech? Made for purpose of influencing consumers to buy Sufficiently disseminated to relevant purchasing public 18

19 Issue-Spotting: EZ Bank EZ Street Web site EZ Bank EZ Street Web Site Communications Decency Act: No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider IP Exception: trademarks, copyrighted material Provider of Interactive Service vs. Information Service Provider distinction As host of EZ Street site, which is EZ Bank? Is EZ Bank neutral? Roommates.com case: site required users to include discriminatory info in ads posted to the site 19

20 Issue-Spotting: EZ Bank EZ Street Web site EZ Bank EZ Street Web Site UDAAP: No clear guidance from CFPB to date, but CDA protections may not apply No clear guidance from CFPB to date, but CDA protections may not apply Deceptive : Misleads or is likely to mislead Interpretation is reasonable under the circumstances to substantial minority Is material = information that is important to consumers Unfair : causes substantial injury + not reasonably avoidable Abusive : materially interferes with ability to understand or takes unreasonable advantage (in this context, and given past case law, abusive unlikely to apply) 20

21 Issue-Spotting: EZ Bank EZ Street Web site EZ Bank EZ Street Web Site Truth in Lending Reg. Z, Section 16: Advertisement Rules: Commercial message that promotes a credit transaction Must disclose finance charges, APRs, and fees, etc. Is a user post an advertisement? is EZ Bank merely owner of the medium under CDA, or is EZ Street a form of advertising? Reg Z definition of advertising very broad: directly or indirectly 21

22 Reaction Reactions: Unfair burdens on smaller FIs? Request for exemption from reporting requirements Devil in the details: ability to monitor locked SM accounts, question of unsolicited communication in SM setting Extend Reg Z One-Click Rule to SM Exceptions if no active SM presence? Are 3 rd Party SM providers really the same as 3 rd Party Service Providers? 22

Social Media and Payments: Regulatory Guidance Who will

Supervisory authority over nonbanks, defined as a company

services but does not have a bank, thrift, or credit

Money transmitting; check cashing, and related activities

23 Social Media and Payments: Regulatory Guidance Who will govern social media companies that deploy payments products and services? State and Federal Prudential Regulators State AGs CFPB: Supervisory authority over nonbanks, defined as a company that offers or provides consumer financial products or services but does not have a bank, thrift, or credit union charter Two of six CFPB-defined market areas: 1) Money transmitting; check cashing, and related activities and 2) prepaid cards CFPB also enforces UDAAP as it relates to third-party FI vendors/service providers 23

24 Questions? Peter Luce Payment Systems Group Davis Wright Tremaine LLP Washington, DC

This presentation is a publication of Davis Wright Tremaine LLP. Our purpose in making this presentation is to inform our clients and friends of recent legal developments.

25 This presentation is a publication of Davis Wright Tremaine LLP. Our purpose in making this presentation is to inform our clients and friends of recent legal developments. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations. Attorney advertising. Prior results do not guarantee a similar outcome. Davis Wright Tremaine, the D logo, and Defining Success Together are registered trademarks of Davis Wright Tremaine LLP Davis Wright Tremaine LLP 25

26 26