FFIEC Social Media Guidance Public Comment Revelations

Earlier this year on January 22, the Federal Financial Institutions Examination Council ("FFIEC"),  released for public comment proposed social media-related recommendations for financial institutions entitled, Social Media: Consumer Compliance Risk Management Guidance (the "Guidance") which, according to the FFIEC, was designed to set the foundation for, in final form, "supervisory guidance" to the institutions the FFIEC supervises with encouragement to state regulators to likewise adopt the final Guidance.  Once final and issued for rule making, institutions subject to FFIEC and member oversight will be expected to follow the guidance to "ensure their policies and procedures provide oversight and controls commensurate with the risks posed by their social media activities."  The public comment period closed earlier this week and the comments submitted reveal a broad split in positions.

The FFIEC is composed of members from the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Comptroller of the Currency, the Director of the Consumer Financial Protection Bureau and the Chairman of the State Liaison Committee.  In releasing the draft Guidance the FFIEC specifically invited public comment on any aspect, but specifically sought comments on the following:

  1. Are there other types of social media, or ways in which financial institutions are using social media, that are not included in the proposed guidance but that should be included?
  2. Are there other consumer protection laws, regulations, policies or concerns that may be implicated by financial institutions’ use of social media that are not discussed in the proposed guidance but that should be discussed?
  3. Are there any technological or other impediments to financial institutions’ compliance with applicable laws, regulations, and policies when using social media of which the Agencies should be aware?

Eighty comments, from individuals and various institutions, were received by the FFIEC in response, available for review via www.regulations.gov.   Although the software utilized by regulations.gov is not exactly conducive to providing a quick method of downloading submitted public comments, my review indicates:

  • Broad skepticism of and opposition to FFIEC's Guidance from individual commenters

    • Numerous individual comments by those active in the financial industry expressed frustration or opposition to what was perceived by many as yet another regulation of financially-related practices after a period of several years where numerous additional rules, regs and statutes of the financial industry have been imposed.
    • A common refrain from individuals, perhaps best distilled by one comment, was "[p]lease stay out of the social media. There's already too much regulation and the industry recovery is constantly being slowed down & costs to the consumer continue to go up because of unnecessary regulations."
    • Others questions the potential intrusion by employers into employees' privacy: "I do not see how you can impose a regulation that will require lenders/brokers to oversee their employees PERSONAL social media activity.  This proposed rule is far too broad and really starts infringing on personal privacy.  Can my employer demand access to all my online presences in order to keep their liability to a minimum?  Will in need to sign some agreement upon hiring to give my employer full access?  Do I no longer have privacy?"
    • Finally others highlight the failure of the Guidance to distinguish between differing social media applications, noting, for example, "[t]he guidelines fail to distinguish EXTERNAL (or PUBLIC) uses of social media from INTERNAL (or PRIVATE) uses. * * * The entire document appears to assume that all uses of social media are external. However, many organizations are successfully applying social media for internal uses only."
  • Tentative, but qualified, support from larger entities.
    • Given major financial institutions and entities already utilize sizable compliance and legal teams for analyzing and responding many entities provided comments along the lines of ""while creating additional work ... the proposed Guidance does not present tremendous difficulties for our Bank, as our current policies and procedures include many of the best practices required under the Guidance," while simultaneously questioning whether "the limited space often available on social media channels, [would be sufficient for] including the required disclosures."
    • Likewise, many expressed sentiments along the lines of one comment that "[t]he major difficulty with trying to regulate social media is the lack of control intrinsic to the medium, and determining what the organization is responsible for."
    • Others questioned whether it was too soon to set firm guidance in place, with thoughts such as "[e]stablishing sound basic guidelines is a good idea. Trying to accomplish too much too soon is just a bad idea; on any given day a new social media venue could blossom and an existing social media venue could vanish."
    • Many also stated that the technical limitations of certain social media outlets could thwart the FFIEC's Guidance.  For example, one comprehensive comment noted at one point, that "[n]ot every social networking site now enables (or will enable in the future) a practical, consumer-friendly way to include required language or logos" in urging the FFIEC to keep such matters in mind in formulating its positions.

Without doubt the small, but thoughtful, number of comments should provide the FFIEC with ample fodder in revising its Guidance prior to any ultimate rule making.  To discuss the Guidance in its current form or what social media best practices we often recommend to clients feel free to contact me or any of the attorneys at the InfoLawGroup.