As we develop a social media policy for the bank, what laws and regulations should we consider?

A bank social media policy should cover two areas: (1) bank employees’ use of social media for personal purposes that could affect the bank and (2) the bank’s use of social media for advertising purposes.

Employees’ use of social media

To ensure compliance with all applicable laws, your human resources policies or handbooks might impose some rules on employees’ use of social media. For example, FTC Guidelines require that employees who post on social media about their employer’s products or services must “clearly and conspicuously disclose” their relationship with their employer. 16 CFR 255.5. However, the employer can avoid some liability by establishing appropriate policies and procedures to prevent employees from violating that rule. Federal Trade Commission, Final Rule, Guides Concerning the Use of Endorsements and Testimonials in Advertising, 74 Fed. Reg. 53124, 53136 (October 15, 2009).

The National Labor Relations Act (NLRA) is also relevant, as you mentioned. It protects employees’ rights to engage in “concerted activities” (where two or more employees act together (or one employee tries to initiate group action, NLRB v. Portland Airport Limousine Co., Inc., 163 F.3d 662, 665 (1st Cir. 1998)) to attempt to improve the “terms and conditions of their employment”). 29 USC 15729 USC 158NLRB v. City Disposal Sys., Inc., 465 U.S. 822, 830 (1984). Employees’ right to engage in protected concerted activity extends to use of social media to discuss the terms and conditions of their employment, and employer rules and policies may not chill any protected activity (as discussed in the NLRB’s first (August 2011) and second (January 2012) social media reports, which discuss recent NLRB cases dealing with protected concerted activities and overly-broad employee policies).

Bank’s use of social media

Most experts advise that you treat the bank’s new social media pages as you would treat any new banking product or marketing campaign. That process would involve conducting a risk assessment, updating your policies and procedures (including record retention policies), training employees, and monitoring employees and any third-parties involved with your social media pages.

When conducting the risk assessment, you should treat the social media pages as advertising for the bank. Note that while the Truth in Savings Act exempts some electronic advertising from its disclosure requirements, that exemption does not apply to internet advertisements. Official Staff Commentary, 12 CFR 1030.8(e)(1)(i)-1. And, the Truth in Lending Act does not exempt internet advertising from its disclosure requirements. See 12 CFR 1026.16, 1026.24. With that in mind, consider the following laws and regulations:

Truth in Savings Act/Regulation DD advertising rules, 12 CFR 1030.8:

If a Facebook or Twitter post states the annual percentage yield, announces a bonus, or promotes an overdraft program, those triggering terms require several other disclosures. 12 CFR 1030.8(c); 12 CFR 1030.8(d); 12 CFR 1030.11(b). The Official Staff Commentary states that in electronic advertising, you must “clearly refer the consumer to the location where the additional required information begins. For example, an advertisement that includes a bonus or annual percentage yield may be accompanied by a link that directly takes the consumer to the additional information.” Official Staff Commentary, Section 1030.8(a)‑9.

Truth in Lending Act/Regulation Z, 12 CFR 1026.16 (open-end), 12 CFR 1026.24 (closed-end):

As with Regulation DD, posts with triggering terms must “clearly refer” consumers to a location where they can find the additional required information. 12 CFR 1026.16(c)(1)(ii); 1026.24(e)(1)(ii).

Because the rates stated in advertising dwelling-secured credit must be “reasonably current,” electronic advertisements must display rates that were in effect thirty days before the post can be viewed by the public. Official Staff Commentary, Section 1026.16(d)-6(ii)Section 1026.24(f)-6(ii). This requirement may necessitate the removal of posts with outdated interest rates.

Your posts may also trigger other required statements, such as “Member FDIC” (12 CFR 328.3(b)(1)) and “Equal Housing Lender” (12 CFR 338.3(a)(1)).

Also, keep in mind any record retention requirements (or internal policies and procedures) that apply to advertising and customer complaints apply to any posts and tweets. You also may be responsible for keeping secure any personally-identifiable information that customers post on your pages.