FFEIC Releases Guidance on Applicability of Consumer Protection Laws to Social Media


The Federal Financial Institutions Examination Council, which is comprised of the OCC, FRB, FDIC, NCUA, CFPB, and a state liaison committee, issued guidance addressing the applicability of federal consumer protection laws to activities conducted using social media. Recognizing the potential benefits of social media to the industry and consumers, the guidance is intended to ensure that industry risk management programs mitigate the concomitant risks and provides considerations for financial institutions in conducting risk assessments. The guidance provides that financial institutions should have risk management programs that identify, measure, monitor, and control social media risks. For example, the guidance provides that a risk management program should include, among other things, policies and procedures regarding the use and monitoring of social media, risk management processes for selecting and managing third-party relationships in connection with social media, and an oversight process for monitoring information posted to proprietary social media sites administrated by the financial institution or a third-party service provider.

The guidance also surveyed the types of laws that might pose specific risk for social media. For example, the guidance noted that laws governing unfair, deceptive and abusive acts or practices, ECOA, TILA, RESPA, and the FDCPA, as well as payment systems laws, the Bank Secrecy Act, the Community Reinvestment Act, and privacy and data security laws (e.g., Telephone Consumer Protection Act) may be relevant to a financial institution’s social media activities. In particular, the guidance noted that RESPA applied to applications taken electronically including through social media, and that communicating using social media in a manner that discloses the existence of a debt (e.g., posting about debt on a Facebook wall) may violate the FDCPA. Finally, the guidance highlights reputational risk that can arise when using social media such as risks related to fraud and brand identity, risks attendant to using third-party service providers, privacy concerns, and risks related to employees’ use of social media.

IRS Circular 230 Disclosure: To ensure compliance with requirements imposed by the IRS, we inform you that any U.S. tax advice contained in this informational piece (including any attachments) is not intended or written to be used, and may not be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.