8 Things Every Title Professional Should Know in 2015: #5 Understanding Social Media Compliance
Here again, social media has found its way into your professional world and this time, it’s a little more anti-social than usual. With CFPB regulations just 2 short months away, we already know compliance is a big deal. In 2015, compliance also applies to social media and how it’s used it in your everyday business functions. First, let’s get a general definition of what social media is on the table.
Social media is any platform hosted online that curates content, allows users to share said content and provides a platform for discussion.
Now that we know what it is, let us discuss how you will and will not be using ‘social media’ in the coming months.
This week, The Atlantis Organization will be exploring the final guidance released by the CFPB’s Federal Financial Institution Examination Council. Whether your office is big or small, understanding the new implications social media use will have in your office and on your workflow are crucial to productivity. According to the FFIEC’s Consumer Compliance Risk Management Guidance for Social Media within TRID,
“Social media is a dynamic and constantly evolving technology and thus any definition for this technology is meant to be illustrative and not exhaustive.”
That translates to:
The definition of social media is subject to a very loose interpretation and subject to change as our culture and society changes. So, the grey area of these policies are meant to leave you puzzled and this ‘guidance’ can be just that – a guide through the world of responsibility online, social media management and overall compliance.
Here are the MOST important take-always from the Federal Financial Institution Examination Council’s Consumer Compliance Risk Management Guidance.
“Financial institutions are expected to manage risks associated with all types of consumer and customer communications, no matter the medium.” So while social media is a focus, it is not the only focus. Any medium you use at this point is subject to compliance.
"Social media can be distinguished from other online media in that the communication tends to be more interactive. For purposes of this Guidance, messages sent via email or text message, standing alone, do not constitute social media, although such communications may be subject to a number of laws and regulations discussed in this Guidance.” Text messages & emails aren’t “social media” but must still be handled responsibly and cautiously as if it were.
“Financial institutions may use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public, and engaging with existing and potential customers, for example, by receiving and responding to complaints, or providing loan pricing. Since this form of customer interaction tends to be both informal and dynamic, and may occur in a less secure environment, it can present some unique challenges to financial institutions.” Using social media for any of the functions above are expected but in doing so, you must also assume the risks and account for the security challenges it presents.
“The Guidance does not require a particular approach to employee personal use of social media. This final Guidance clarifies that training and guidance should be provided to employees regarding official use of social media – that is, when employees communicate officially on behalf of the financial institution.
“The final Guidance clarifies that a financial institution should conduct an evaluation of, and perform due-diligence appropriate to, the risks posed by the prospective third party prior to engaging with it.”
“The final Guidance confirms that to the extent consistent with other applicable legal requirements, a financial institution may establish one or more specified channels that customers must use for submitting communications directly to the institution. The Guidance also clarifies that financial institutions are not expected to monitor all Internet communications for complaints and inquiries about the institution. Rather, the financial institution should take into account the results of its own risk assessment in determining the appropriate approach to take regarding monitoring of, and any response to, such communications.”