Category Archives:Social Media

Policies Every Family Business Needs

Join Kennedy Sutherland attorney, Dub Sutherland, on Wednesday, May 20th, as he presents at Broadway Bank’s Family Resource Business Center luncheon on “Policies Every Family Business Needs.”  Mr. Sutherland will discuss the basic family business policies you should have in place like a shareholder’s policy. family employment policies, as well as policies that are trending such as risk management policies dealing with social media issues. Most importantly he will cover the process of getting these policies discussed, written down and approved while keeping the entire family involved and supportive!

Time: Wednesday, May 20, 2015 11:30 AM – 1:00 PM
Location:Charles Cheever Administration Building

Register Now, seating is limited.

SEC Alert on Social Media

The SEC’s Office of Investor Education and Advocacy issued an Investor Alert to create awareness of fraudulent investment schemes that may involve social media. U.S. retail investors are increasingly turning to social media (Facebook, YouTube, Twitter, LinkedIn and other online networks) for information about investing. Whether it be for research on particular stocks, background information on a broker-dealer or investment adviser, guidance on an overall investing strategy, up-to-date news, or to simply discuss the markets with others, social media has become a key tool for U.S. investors.

While social media can provide many benefits for investors, it also presents opportunities for fraudsters. Social media, and the Internet generally are an attractive play ground for criminals as it lets fraudsters contact many different people at a relatively low cost. It is also easy to create a site, account, email, direct message, or webpage that looks and feels legitimate – and that feeling of legitimacy gives criminals a better chance to convince someone to send them money. Also, with anonymity it can be difficult to track down the true account holders that use social media and hold them accountable.

The alert recommends: 1) to be wary of unsolicited offers to invest; (2) look for “red flags,” e.g., offers that sound too good to be true or that “guarantee” returns; (3) look for “affinity frauds,” which are “investment scams that prey upon members of identifiable groups, such as religious or ethnic communities, the elderly or professional groups;” (4) exercise privacy and security settings; and (5) ask questions and investigate investment opportunities thoroughly. The alert also describes common investment scams that have used social media and the internet to gain traction, including “Pump-and-dump” schemes, fraudulent “research opinions” or “investment newsletters,” high-yield investment programs, and offerings that just fail to comply with applicable registration provisions of the federal securities laws.

Financial Institution's Guidance for Social Media

In 2013, members of the Federal Financial Institutions Examination Council (FFIEC), published final supervisory guidance titled “Social Media: Consumer Compliance Risk Management Guidance.” In the paper the FFIEC provided guidance to address the applicability of federal consumer protection and compliance laws, regulations, and policies to activities conducted via social media by financial institutions. In the paper the FFIEC points out that financial institutions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public, and engaging with existing and potential customers. Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions. The Agencies believe social media, as any new communication technology, has the potential to improve market efficiency. Social media may more broadly distribute information to users of financial services and may help users and providers find each other and match products and services to users’ needs. To manage potential risks to financial institutions and consumers, however, financial institutions should ensure their risk management programs provide oversight and controls commensurate with the risks presented by the types of social media in which the financial institution is engaged, including but not limited to, the risks outlined within this guidance. Financial institutions must be aware that examiners will look at compliance efforts and policies related to the institution’s use of social media. As more institutions utilize social media, such as Facebook, LinkedIn, Twitter and other services to engage customers, the FFIEC has now issued guidelines that must be reviewed and integrated in the risk management program. The new guidance will be used as supervisory guidance by the OCC, Federal Reserve, FDIC, NCUA and CFPB, and the institutions they supervise are “expected to use the Guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their involvement with social media.” Even if social media is not integrated into a financial institution’s operations, the paper suggest that all financial institutions have a guidance plan in place. To formalize the plan they suggest input from compliance, technology, information security, legal, human resources and marketing constituents. Additionally, the Guidance states that institutional should provide guidance and training for employee official use of social media. The FFFIEC has provided a general outline of concepts to include in a risk management program, which are as follows:

  • A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution and establishes controls and ongoing assessment of risk in social media activities;
  • Policies and procedures regarding the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations, and guidance. Further, policies and procedures should incorporate methodologies to address risks from online postings, edits, replies, and retention;
  • A due diligence process for selecting and managing third-party service provider relationships in connection with social media;
  • An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities;
  • An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;
  • Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance; and
  • Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.

Finally, more than half of the Guidance is dedicated to specific compliance and legal risks presented by social media. This information discusses laws and regulations that may be relevant to a financial institution’s social media activities, and further discusses the following laws:

  • Truth in Savings Act
  • Equal Credit Opportunity Act/Reg B and Fair Housing Act
  • Truth in Lending Act/Reg Z
  • Real Estate Settlement Procedures Act
  • Fair Debt Collection Practices Act
  • Unfair, Deceptive or Abusive Acts or Practices
  • Deposit Insurance or Share Insurance (FDIC/NCUA notices)
  • Electronic Fund Transfer Act/Reg E
  • Rules Applicable to Check Transactions (UCC provisions)
  • Bank Secrecy Act/Anti-Money Laundering Programs
  • Community Reinvestment Act
  • Gramm-Leach-Bliley Act Privacy Rules and Data Security Guidelines
  • CAN-SPAM and Telephone Consumer Protection Act
  • Children’s Online Privacy Protection Act
  • Fair Credit Reporting Act

Since community banks strive to be a part of the community and interact with their clients, developing a risk management program is essential and laws and regulations need to be addressed. Community banks and other financial institutions should consult the Guidance to identify the specific risks in each of these statutes, as well as other practices that they can implement into part of their risk management programs.