Important Social Media Guidance Issued for Financial Institutions

The Federal Financial Institutions Examination Council (FFIEC) issued final supervisory guidance that financial institutions are expected to use in "their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their involvement with social media."

The FFIEC is the formal inter-agency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by, among others, the Federal Reserve System, the Federal Deposit Insurance Company (FDIC) and the Consumer Financial Protection Bureau (CFPB).  The memorandum issued by the Council, "Social Media: Consumer Compliance Risk Management Guidance,"  is meant to "address the applicability of federal consumer protection and compliance laws, regulations, and policies to activities conducted via  social media by banks, savings associations, and credit unions, as well as nonbank entities supervised" by the CFPB.  Compliance officers with financial institutions as well as other senior managers at such institutions would be well served to review the Council's Guidance not only pursuant to their own responsibilities and obligations as outlined in the memorandum, but also because the memorandum provides a brief, yet substantive, overview of a wide variety of laws applicable to the financial sector's use of social media.  The Guidance makes reference to, and provides relevant summaries of, a variety of laws including, but not limited to, the Truth in Savings Act, the Equal Credit Opportunity Act, the Truth in Lending Act and the Fair Debt Collection Practice Act.

The Guidance  states that a "financial institution should have a risk management program that allows it to measure, monitor, and control the risks related to social media."  It also specifies that the risk management program should provide guidance and training for employee official use of social media.  The components of the risk management program include, in brief, the following:

• a governance structure with clear roles and responsibilities;
• policies and procedures regarding the use and monitoring of social media and compliance with all applicable  consumer protection laws and regulations, and incorporation of guidance as appropriate;
• a risk management process for selecting and managing third-party relationships in connection with social media;
• an employee training program;
• an oversight process for monitoring information posted to the financial institution's social media site;
• audit and compliance functions to ensure ongoing compliance; and
• parameters for providing appropriate reporting to the financial institution's directors and senior management  for periodic evaluation.

The Guidance points out that "Since this form of customer interaction tends to be both informal and dynamic, and may occur in a less secure environment, it can present some unique challenges to financial institutions."

Court Says Social Media Sites Off Limits to Sex Offenders

A New Jersey appellate court has upheld the state parole board’s restriction disallowing convicted sex offenders from accessing social media or other comparable web sites.

Superior Court Judge,  Jack Sabatino, writing for the three judge panel, said, “we are satisfied that the Internet restrictions adopted here by the Parole Board have been constitutionally tailored to attempt to strike a fair balance.”  Judge Sabatino continued, “We recognize that websites such as Facebook and LinkedIn have developed a variety of uses apart from interactive communications with third parties.  Even so, the Parole Board has reasonably attempted to draw the line of permitted access in a fair manner that balances the important public safety interests at stake with the offenders’ interests in free expression and association.”

The defendants, several convicted sexual offenders whose cases were consolidated, challenged the constitutionality of the restrictions as infringing their First Amendment rights of free speech and association, a violation of their Due Process rights and  corresponding rights under New Jersey’s Constitution.  The restrictions stem from Megan’s Law, which is a series of laws, originally passed in New Jersey, aimed at sex offenders.  One component of Megan’s law includes a requirement that those persons convicted between 1994 and 2004 of certain sexual offenses must serve, in addition to any existing sentence, a special sentence of  “community supervision for life,” and those convicted after that date range are sentenced to “parole supervision for life.”

The New Jersey Parole Board’s restriction does provide for parolees to seek special permission for gaining access to certain sites for work or another “reasonable purpose.”  The state’s Deputy Attorney General said, “It is not the Parole Board’s intention that these provisions bar appellants from having Internet access to news, entertainment, and commercial transactions.”

The New Jersey restriction is hardly novel as these cases have been sprouting up throughout the nation with varied outcomes.  You can read the full opinion here.