News Flash: Social Media Presents Compliance Issues

Garrison Keillor has a great theory about neighborhood barbeques:  when you have five or six people deciding when the burgers are done, many of whom aren’t quite sure how to barbecue, you inevitably end up with a grossly overcooked burger.  That’s the way I feel about guidances issued by the FFIEC, the council representing all the major federal bank regulators and state banking departments.  It’s not that the guidances aren’t useful.  It’s just that when you have to reach consensus among that many people the resulting document is often so general as to be void of any practical value except for that relative handful of institutions that didn’t realize there were regulatory issues in the first place.

I am bringing this up because yesterday the Grand Council released a proposed guidance on regulatory issues related to the use of social media by financial institutions.  Remember that just because it is called a guidance doesn’t mean it is any less binding on your credit union than a traditional regulation.  It provides the framework for examiners reviewing your credit union practices and as such should not be ignored.

First, what is social media?  Social media refers to the interactive use of electronic communication such as through Facebook, Instagram and Twitter.  What does the proposed guidance mandate?  In a nutshell, the use of social media presents compliance, legal, operational and reputational risks to your financial institution.  Therefore, you should have a risk management program in place to regulate the use of social media that is commensurate with your credit union’s use of this medium.  Importantly, almost every single banking law and regulation you could think of applies to representations you make online to the same extent that they would if you were making them with traditional forums such as newspaper ads or account opening disclosures.  This means that the whole alphabet soup of regulations ranging from the Truth in Lending Act to the Equal Credit Opportunity Act applies to your online activities.

In addition to the regulatory issues, there are unique legal issues as well.  For instance, the guidance notes that financial institutions should be aware that employees’ communications via social media, even through an employee’s own personal social media accounts, may be viewed by the public as reflecting the institution’s views (for the record, as any faithful reader of this blog will know, my views do not always reflect the views of the Association, much to the relief of our President).  However, despite the important employment issues involved, the regulators take a pass on addressing them.

In a very general way, this is all good advice.  But, it’s not the type of thing you can rely on in developing sound day-to-day practices.  My personal advice is that any credit union with any type of online presence, whether or not it uses social media, should do a compliance audit designed specifically to assess whether its electronic representations are consistent not only with existing law and regulation but with the credit union’s own representations.  The last point is important since I have seen cases involving lots of money where attorneys have tried to argue that language on a bank’s website binds them to a greater legal obligation (for instance, regarding funds availability) than does the bank’s account agreement.

A second bit of advice is to reach out to an employment law expert to understand the unique employment issues involved with employee use of social media.  If you think the issues are clear cut, then you don’t understand them.  I’ve done a couple of posts on the issue for those of you want to start some basic research.

CFPB delays remittance regulations

As expected, the CFPB announced yesterday that it was delaying the effective date of the international remittance regulations scheduled to take effect on February 7, 2013.  The delay will give regulators time to incorporate proposed amendments to the regulations that are currently out for public comment.  A new compliance date has not been released.

Double indemnity for board members?

Yesterday afternoon, the Credit Union Times reported that CUNA Mutual is on the hook for as much as $90 million in potential indemnification claims by the five senior managers of the now bankrupt WesCorp, who are being sued by NCUA for their alleged misconduct in overseeing the corporate.  It’s entirely too early to estimate how much the litigation will ultimately cost the insurance company, but you can bet that this litigation, which may be far from over, has the ability to bankrupt the defendants. 

The disclosure was related to a motion by the defendants to compel NCUA – which, as conservator, has final say on WesCorp’s expenditures — to provide funds for their ongoing legal expenses.  In defendants opposition to NCUA’s motion, they argue that  they are entitled to indemnification under the director and officer liability insurance protections they were granted by Wescorp.

For me, the most intriguing part of this skirmish has to do with the interpretation of regulations promulgated in 2010 that prohibited credit unions from indemnifying board members and officers for “gross negligence, recklessness, or willful misconduct” in matters involving the fundamental rights of the credit union. Credit unions can pay for legal expenses during litigation in such circumstances only if the officer or board member agrees to pay back the advance in the event he or she loses.

I was opposed to the regulation at the time it was enacted because any value it had in deterring board malfeasance was more than outweighed by the likelihood that it would deter board members from serving.  Even though the odds of a board member being subjected to this type of litigation are negligible, credit unions now have to explain to a volunteer that there is a possibility, no matter how remote, that they could face liability they can’t insure against.

Now it turns out that the regulation was even tougher than I thought  it was — or so NCUA contends.  In seeking to block CUMIS from paying for the officers’ legal bills, NCUA is seeking to apply this regulation –which took effect in January, 2011 — to a lawsuit commenced more than a year before the regulation was promulgated.  NCUA explains in a footnote to its memorandum of law that the commentary accompanying the Final Rule clearly demonstrates that  it was intended to apply to indemnification requests made after the rule was finalized even when the litigation relates to actions taken before its enactment.

 In other words, a person who has been on the board for several years now could, in a narrow set of circumstances, be exposed to personal financial liability for actions from which she was previously protected.  This is a questionable legal proposition and bad public policy.  Aside from the fact that a contract is being unilaterally amended and aside from the fact that NCUA is effectively substituting its own judgment for that of the board, should we really be creating disincentives for board service?

Operating Fees Announced

NCUA issued a letter to credit unions yesterday in which it announced that the 2012 operating fee for federally chartered credit unions will be 0.9% lower than in 2011.  The letter also includes information about how each credit union can calculate the amount it will owe.  The bill will go out in March.

New regulations on overseas remittances

Under regulations finalized by the CFPB, before members send remittances overseas they will have to be informed of the exchange rate; fees to be charged for the remittance; and the amount to be delivered.  A remittance generally includes international wire and ACH transfers of $15 or more sent to a foreign country from the United States.  The regulation takes effect in 2013 but since this is yet another regulation that will require operational changes on the part of affected credit unions, this is not one that you want to let sneak up on you.

The CFPB also has proposed additional amendments in this area for which it is seeking comment.