Banks - Checklist-legal Risks to Banks - Social Media[1]

Kevin J. Funnell, Attorney at Law

6136 Frisco Square Blvd., Suite 400 Phone: 972-377-7392

Frisco, Texas 75034 Fax: 214-722-0953

Email: [email protected]

This form is provided for general information purposes only and is not intended to be legal advice nor to create an attorney-client relationship with me. Seek professional legal counsel authorized to practice law in your jurisdiction before acting on any information contained in this form.

CHECKLIST – LEGAL RISKS TO BANKS - SOCIAL MEDIA

Bank-to-Customer Communication

1. Customary “Online” Legal Risks (ex.. COPPA, Online Privacy Policy) 2. Conversation vs. Advertising. FDIC: “Advertisement,”: “a commercial message, in any medium, that is designed to attract public attention or patronage to a product or business” 3. False or Deceptive Advertising (Sec. 5 of FTC Act) 4. Technical Advertising Requirements (ex. FDIC “Official Advertising Statement” 12 CFR § 328.3; “Equal Housing Lender” logotype and legend 12 CFR § 338.3)

5. Consumer Protection Laws (e.g. Truth-in-Lending (Regulation Z); Truth-in- Savings (Regulation DD; Fair Lending Laws) 6. Intellectual Property Infringement/Plagiarism 7. Defamation/Trade Libel 8. Invasion of Privacy/Disclosure of Customer Nonpublic Information 9. Disclosure of Trade Secrets (Bank and Third Party) 10. Securities Laws (ex. Material misstatements, forward-looking statements, “gun-jumping,” selective disclosure, hyperlinking; SEC Guidance August 7, 2008) 11. Third Party Links 12. Reputational Risk (Safety & Soundness Concern) Customer-to-Bank and Customer-to-Customer 1. Intellectual Property Infringement/Plagiarism 2. Defamation/Trade Libel 3. Invasion of Privacy/Disclosure of Nonpublic Information 4. Security (Access to Bank Web Site) 5. Harassment/Stalking/Cyberbullying 6. Reputational Risk



Frisco, Texas 75034 Fax: 214-722-0953



2

CHECKLIST – MITIGATION OF LEGAL RISKS TO BANKS - SO CIAL MEDIA

Bank-to-Customer Communication 1. Basic Rules: Treat Social Media Marketing The Same Way You Would Any Other Marketing. Keep In Mind Your Regulators’ Approach To Marketing and Doing Business Online 2. The Three R’s: Right Attitude, Right People, and Right “Infrastructure” (Policies, Procedures, Training & Monitoring). 3. Clear internal written policies for what is and is not permitted A. Defamation/Trade libel. Fact vs. Opinion. Personal vs. Company B. Copyright/IP Infringement/Plagiarism. Don’t use another’s material/trademarks/trade names without permission. Fair Use

C. Collection/use of nonpublic personal information. Consistency with bank’s online privacy policies. Inconsistency = Deceptive Trade Practice. What Information Might Be Revealed. May need to be revised. Warnings To Users

D. Disclosure of company/ customer information

E. Dishonesty/Deceptive trade practices/Admissions Against Interest

F. Regulatory “Rules of the Road” (Bank Regulatory and/or SEC) G. COPPA H. Record Retention-Archiving-Access

4. Clear external “written” disclaimers and limitations of liability (where possible) consistent with Bank’s risk management policies (Note: SEC limits ability to limit and disclaim damages)

5. Contracts with Vendors/Service Providers (Comply With Bank’s IP Rights and Bank’s Policies and Procedures)

6. Train employees thoroughly; Update training regularly

7. Oversight important. Who to go to and when

8. Monitor regularly (Legal and Management)

9. Enforce personal responsibility fairly and consistently

Customer-to-Bank and Customer-to-Customer

1. Clear “written” terms of use, disclaimers and limitations of liability (where possible)

A. Agreement of User



Frisco, Texas 75034 Fax: 214-722-0953



3

B. User 18 years of age or older

C. Don’t defame, compromise trade secrets, reveal confidential information, or violate IP rights

D. Right of Bank to reuse posted content (Copyright holder=Poster)

E. Right of bank to prohibit, delete or modify any post/comment, or deny or terminate use individually or service generally at any time in its sole discretion

F. Restrictions on uploading code, virus, malware, etc., on commercial use, solicitation, harassment, illegal activities, violations of code of conduct

G. Bank not responsible for posts or comments by others or for comments bank employees who are not authorized representatives of bank.

H. Bank not responsible for third parties’ content or activities accessed by links

I. Bank may change terms of use and code of conduct at any time, effective on posting. Not necessarily enforceable. Douglas v. Talk America

J. Indemnify bank for violations by user

2. Clear “written” “Code of Conduct.” Separate From, But Incorporated Into, Terms of Use. In “Plain English.” “Assume Personal Responsibility.” “Be Nice.” “Privilege, not a right”

3. Don’t Merely Copy. Craft For Your Bank’s Social Media

4. Enforceability vs. Usability. Affirmative Acceptance Safest

5. Monitor Comments Before Posting Even Though Protected By Sec. 230 of CDA (Not Cover IP Claims)

6. DMCA “safe harbor”: Provide Mechanism For Notice & Prompt Removal Upon Notice

7. Anonymous Commenting: Permit or Ban?

8. Regular monitoring for violations

9. Fair and consistent enforcement

10. Interagency Guidelines re: Information Security (IT “blesses” security procedures) Where social media supplied by a third party (e.g. Facebook): 1. Read Terms of Use and Privacy Policy Carefully. Make appropriate selections to protect yourself and your customers 2. Consider Use of Disclaimer 3. Beware of “reputational risk” issues (e.g. malware downloaded from a Facebook application)

Documents

Banks - Checklist-legal Risks to Banks - Social Media[1]