We recommend reviewing the FDIC’s discussion of consumer complaint policies in its compliance examination manual, which you can find in our resources below. In addition, the FDIC presented a webinar in 2013 on consumer complaints with a discussion of how a bank’s consumer complaint policy should fit into its overall compliance management system. We also recommend taking into account the FDIC’s guidance on consumer complaints received through social media.
In addition, the FFIEC IT Examination Handbook suggests that banks may wish to include some complaint features on their websites, such as instructions for submitting complaints to the bank’s supervisor. The FFIEC’s BSA/AML manual recommends tracking consumer complaints for customers that are payment processors, as a high level of complaints could suggest that they are processing unauthorized payments.
For resources related to our guidance, please see:
- FDIC Compliance Examination Manual, Section II, page 3.4, Compliance Management System (“An institution should be prepared to handle consumer complaints promptly. Procedures should be established for addressing complaints, and individuals or departments responsible for handling them should be designated and known to all institution personnel to expedite responses. Complaints may be indicative of a compliance weakness in a particular function or department. Therefore, a compliance officer should be aware of the complaints received and act to ensure a timely resolution. A compliance officer should determine the cause of the complaint and take action to improve the institution’s business practices, as appropriate. An institution should also monitor complaints to and/or about third parties that are providing services on behalf of the institution.”)
- FDIC Compliance Examination Manual, Section II, pages 5.8 – 5.9, Review and Analysis (“Has the institution implemented policies and procedures to handle consumer complaints about the institution and, as applicable, third party providers? . . . . Does the institution review complaints to determine whether improvements or changes to products or operations should be made? . . . .”)
- FDIC Webinar, Consumer Complaints, slides 24 – 35 (December 18, 2013) (“Three Essential Issues: Establish a centralized process for complaints, Identify risks regarding automated or manual systems on complaints received, Identify risks associated with product or service offerings . . . .”)
- FDIC Financial Institution Letter, Social Media Compliance Risk Management (December 11, 2013)
Consumer Complaints and Inquiries
Although a financial institution can take advantage of the public nature of social media to address customer complaints and questions, reputation risks exist when the financial institution does not address consumer questions or complaints in a timely or appropriate manner. Further, the participatory nature of social media can expose a financial institution to reputation risks that may arise when users post critical or inaccurate statements. Compliance risk can also arise when a customer uses social media to communicate issues or concerns directly with a financial institution, such as an error dispute under Regulation E, a billing error under Regulation Z, or a direct dispute about information furnished to a consumer reporting agency under FCRA and its implementing regulations. This Guidance does not require financial institutions to monitor and respond to all Internet communications; however, a financial institution is expected to take into account the results of its own risk assessments in determining the appropriate approach to take regarding monitoring of, and responding to, such communications. Appropriate steps may include, for example, establishing one or more specific channels consumers must use when submitting complaints or disputes directly to the institution for further investigation, to the extent consistent with other applicable legal requirements. However, the institution should also consider the risks, particularly the reputation risk, inherent in not responding to complaints and disputes received through other channels and tailor its policies and procedures accordingly, in a manner appropriate to the institution’s size and risk profile. Based on its own risk assessment processes, a financial institution should also consider whether and how to respond to communications disparaging the financial institution on other parties’ social media sites. One approach to managing these risks would be to monitor question and complaint forums on social media sites to ensure that such inquiries, complaints, or comments are reviewed, and when appropriate, addressed in a timely manner.
- FFIEC IT Examination Handbook, Risk Management of E-Banking Activities, Website Content (“Some examples of information a financial institution might provide to its customers on its website include: . . . Instructions on how to contact the applicable supervisor to file consumer complaints . . . .”)
- FFIEC’s BSA/AML Examination Manual, Third-Party Payment Processors (“To effectively monitor these accounts, the bank should have an understanding of the following processor information: . . . Consumer complaints or other documentation that suggest a payment processor's merchant clients are inappropriately obtaining personal account information and using it to create unauthorized RCCs or ACH debits.”)