Christopher Dye joined D+H in June 2010 as compliance counsel. Prior to joining D+H, Chris served as general counsel for several mortgage banking companies and advised other clients in lending and real estate law. He is admitted to practice law in Oklahoma and Washington State and is a member of the American Bar Association. He currently serves the ABA’s Banking Law Committee as the vice chair of the Commercial and Real Estate Lending subcommittee.
You are hereResourcesOur ViewpointsSocial Media Compliance: Why Every Institution Needs a Policy
By now, the story is well known: a female loan officer, pictured in a bikini, advertises her bank’s loan rates on her Facebook page. Chances are she made a lot of “friends” that day, but her employer and their regulators were probably not among them.
It is stories like this that keep some financial institutions from using social media at all, which is unfortunate. Social media gives institutions the opportunity to create a community with those consumers who rarely visit a branch. It can be a vehicle for information sharing, idea exchange and, when well-monitored, a good barometer of how an institution is really perceived.
For every bad example, like the loan officer in the bikini, there’s an equally successful illustration of social media at its finest. For example, one community bank created a blog on ways to save money. Every week, a bank spokesperson posts a tip and encourages consumers to do the same. The person with the best tip wins a prize.
Other institutions use social media to ask questions – like “what do you think we should be doing differently,” or “what should our new blog be about?” Others use this tool to enable people to donate to local charities.
The reality is social media is now a fact of life. Ignoring it is like bypassing Internet banking because of the risk. The best defense is to approach social networking slowly and strategically, and make sure that you have written policies in place to support your entry into this expanding cyber world.
Your Social Media Policy
At the moment, social media adoption is moving faster than the regulators, however, rest assured that regulations are coming. So, it’s in your best interest to set time aside to work up your institution’s written social media policy now.
The most effective policies focus on four main things: how the policy is documented, how it is communicated to employees, how activity is monitored, and how the institution will retain the data. These last two items – monitoring and retention – are key to assessing risk. The more difficult the platform is to monitor or retain data from, the greater the risk to your institution and your customers.
One of the most common misconceptions among institutions is that, if they don’t use social media, they don’t need a policy. The truth is, every institution needs a social media policy regardless of whether or not the institution is generating the content. For example, even if you don’t use social media for marketing, your employees are using Twitter, Facebook, LinkedIn® and many of the other options out there, at home or sometimes, within the confines of your building. Policies prevent problem posts.
It is important to craft a policy that clearly informs your employees about what they can access from the company network, as well as which websites your institution is monitoring. An attorney can help you set these guidelines and communicate them to your staff.
Consider the need for an effective social media policy in this hiring example: If your HR managers look at social media sites to find additional information on prospective employees in the pre-hire screening process, they could see pictures identifying those candidates as minorities, persons with disabilities or some other protected class. Could you prove in a court-of-law that these images didn’t influence your hiring decisions? To protect yourself, you may want to consider using a third-party to pre-screen those applicants, so your own human resources and hiring managers don’t ever see those images. You can probably think of many other examples where a seemingly innocuous use of social media might contribute to operational risks.
But, even with its inherent risks, the world of social media is not entirely unmanageable.
Start Small to Mitigate Risk
Instead of taking the all-or-nothing approach to using social media, the best strategy is to add channels incrementally. For example, you might create a blog with one or two authors, and static content. If you decide to allow interaction, make sure someone’s looking at consumer posts before these are made publicly viewable if possible, to make sure the post doesn’t contain an account number or other information that could put you in compliance risk.
Although regulators haven’t cemented rules around social media, approach with the same types of caution you would use when sharing information in a print and radio ad. For example, it might seem like a perfect idea to tweet a new mortgage rate. However, if this rate was included in an ad, it could trigger a four-sentence Truth-in-Lending disclaimer that already exceeds the character limit of this medium. This doesn’t mean that using Twitter is out of the question. A better choice is to tweet something like, “Check out our new, low mortgage rates,” with a web address. That way, you’re tweeting something that doesn’t trigger a disclaimer, but still drives traffic to your website or a landing page, where you can make the pitch with the appropriate disclosures.
Be Smart, Not Afraid
Social media opens a world of new opportunities for institutions to connect with consumers, build brand awareness and gain a better understanding of their perception in the market. Like every channel, it carries risks, but also offers rewards.
The best approach is to proceed slowly, but don’t be afraid. Take the time to analyze risk and document a comprehensive policy around social media today, with the help of an attorney. Plan a social media strategy that starts small and expands incrementally to mitigate risk. And, watch for more guidance and regulations to come.