Upload
others
View
24
Download
0
Embed Size (px)
Citation preview
Opening Deposit Accounts Online: Rules, Risks & Best Practices
P R E S E N T E D B Y : S U S A N C O S T O N I S , C . R . C . M .
C O M P L I A N C E T R A I N I N G & C O N S U L T I N G F O R F I N A N C I A L I N S T I T U T I O N S
s u s a n c o s t o n i s @ m s n . c o m
M a r c h 2 0 1 7
Disclaimer2
This presentation is designed to provide accurate and authoritative information in regard to thesubject matter covered. The handouts, visuals, and verbal information provided are current as ofthe webinar date. However, due to an evolving regulatory environment, Financial Education &Development, Inc. does not guarantee that this is the most-current information on this subjectafter that time.
Webinar content is provided with the understanding that the publisher is not rendering legal,accounting, or other professional services. Before relying on the material in any important matter,users should carefully evaluate its accuracy, currency, completeness, and relevance for theirpurposes, and should obtain any appropriate professional advice. The content does not necessarilyreflect the views of the publisher or indicate a commitment to a particular course of action. Linksto other websites are inserted for convenience and do not constitute endorsement of material atthose sites, or any associated organization, product, or service.
Sponsors3
Alabama Bankers Association Arkansas Community Bankers California Community Banking Network Independent Bankers of Colorado Florida Bankers Association Community Bankers Association of Georgia Community Banker Association of Illinois Indiana Bankers Association Community Bankers of Iowa Community Bankers Association of Kansas Kentucky Bankers Association Maine Bankers Association Community Bankers of Michigan Independent Community Bankers of Minnesota Missouri Independent Bankers Association Montana Independent Bankers Association Nebraska Independent Community Bankers Independent Comm. Bankers Assoc. of New Mexico Independent Bankers Assoc. of New York State
Independent Community Banks of North Dakota Community Bankers Association of Ohio Community Bankers Association of Oklahoma Pennsylvania Association of Comm. Bankers Independent Banks of South Carolina Independent Comm. Bankers of South Dakota Tennessee Bankers Association Independent Bankers Association of Texas Vermont Bankers Association Virginia Association of Community Banks Community Bankers of Washington Community Bankers of West Virginia Wisconsin Bankers Association
Directed by The Community Bankers Webinar Network
Presented by Susan Costonis, CRCM4
Susan Costonis is a compliance consultant and trainer who beganher career in 1978. She specializes in compliance managementalong with deposit and lending regulatory training. Susan hassuccessfully managed compliance programs and exams forinstitutions that ranged from a community bank to large multi-statebank holding companies. She has been a compliance officer forinstitutions supervised by the OCC, FDIC, and Federal Reserve.Susan has been a Certified Regulatory Compliance Manager since1998, completed the ABA Graduate Compliance School, andgraduated from the University of Akron and the Graduate BankingSchool of the University of Colorado. She regularly presents tofinancial institution audiences in several states and “translates”complex regulations into simple concepts by using humor and reallife examples.
Seminar Objectives5
Electronic banking continues to evolve, and financial institutions must work hard to keep pace with technology, regulatory requirements, and cybersecurity challenges. Recent surveys indicate that 51% of adults in the U.S. bank online and 32% bank with mobile phones. What steps must be followed to be in compliance with E-SIGN?
What You Will Learn
Which deposit regulations are related to E-SIGN and have specific provisions?
E-SIGN risks – CIP for BSA, required disclosures, regulatory oversight (UDAAP – Unfair Deceptive or Abusive Acts), advertising, privacy, technology, policies and procedures, social media, and complaints
Six-step consumer consent process
Basic steps for E-SIGN implementation
Take-away toolkit Current exam procedures and resources for online banking
E-SIGN checklist and answers to common questions
Social media policy template
6
Overview of E-Banking Deposit Compliance
See web address chart for CFPB and banking regulators See the TOOLKIT for e-banking compliance issues
and top ten mistakes in compliance exams, including:1. Truth in Savings
2. Electronic Funds Transfer (Regulation E)3. Regulation CC
4. Financial Information Privacy
7
FFIEC Guidance on Electronic Financial Services8
See the TOOLKIT, important sections include: Introduction and definitions of a “electronic financial service” Compliance regulatory environment Deposit services (Regulation E, Truth in Savings (Regulation DD), Expedited Funds
Availability (Regulation CC), Regulation D) Miscellaneous – required statement of FDIC membership for deposit insurance Compliance policy guidance
Advertisements Disclosures must be “clear and conspicuous,” see notes about “pointers” and “hotlinks;”
see reference to timing requirements for disclosures Record retention
Role of consumer compliance in developing and implementing electronic services
Risk Factors9
1. BSA (Bank Secrecy Act) and CIP (Customer Identification Program)
2. Disclosures (Reg DD, E, CC, Privacy) – accuracy, completeness, and delivery
3. Regulatory Oversight(UDAAP – Unfair Deceptive Abusive Acts and Practices)
4. Advertising5. Privacy – information sharing
practices
6. Technology – changes in sending and receiving electronic disclosures and information
7. Cybersecurity – security breaches, identity theft, and elder abuse
8. Policies and procedures9. Social media – restrictions on
employees use of social media in the workplace
10. Complaints from all sources including those on social media
Traditional Account Opening Online Account Opening
1. Normal risk-based procedures to learn the “true identity” of the person opening the account. Maintain CIP records that include name as it appears on the primary identification, date of birth of an individual, address (residential or business street address, or APO or FPO, identification number of a U.S. person or acceptable numbers for non-U.S. persons.
1. Maintain CIP records as listed in Traditional Account Opening. Enhanced due diligence (EDD) procedures to know the “true identity” of the person opening the account may also apply. This EDD typically requires additional verification like “out-of-wallet” questions that ONLY the actual person can answer. See details.
10BSA and CIP Basics
Traditional Account Opening Online Account Opening
A customer profile should be created by asking questions at account opening. Account activity questions should be asked to determine if the customer is in a high-risk category such as the number and amount of expected deposits, wires, checks, and ACH activity. Non-documentary procedures can be used.
This EDD may require additional safeguards like checking the validity of the address, SSN and other identifying information. Typically an email address is requested to begin the “consent” process to send electronic disclosures. See options for paper disclosures and signatures. Customer profile required. See options.
11BSA and CIP Basics
Traditional Account Opening Online Account Opening
2. Display PATRIOT Act notice at the account opening location.
3. Additional CIP procedures include identifying circumstance when an account will not be opened; terms for allowing the account to be opened and used will verification is completed; when an account will be closed, circumstances for filing a Suspicious Activity Report.
2. Providing the PATRIOT Act notice on the website with the deposit account application.
3. Additional CIP; if customer is in a “high-risk” category additional due diligence will be required. Online CIP can be different but must be in writing and approved by the board.
12BSA and CIP Basics
Traditional Account Opening Online Account Opening
4. OFAC verification procedures must be followed.
5. Identity theft red flags must be followed including checking for alerts, suspicious documents, suspicious personal information, unusual or suspicious activity, notification by customer or law enforcement.
4. OFAC verification procedures must be followed.
5. Identity theft red flags must be followed including checking for alerts, suspicious documents, suspicious personal information, unusual or suspicious activity, notification by customer or law enforcement. Items in bold are high risk for online banking.
13BSA and CIP Basics
Regulation DD Basics14
Regulation DD permits electronic disclosures that comply with the requirements of the E-SIGN Act and waives the E-SIGN Act’s consent provisions for two requirements (account disclosures and advertising).
If a consumer who is not present at the institution uses electronic means (for example, an internet website) to open an account or request a service, the disclosures required under [§ 1030.4(a)(1)] must be provided before an account is opened or a service is provided.
Online advertisements are also subject to the advertisement requirements under the TISA; therefore, banks must ensure that deposit advertisements, including online advertisements, are compliant.
Product Life Cycle Overview
Require management and staff from various functions – to vet, review, and recommend new products and services for senior management or board approval;
Cover the investigative stages of new products and services as well as the approval and deployment stages;
Require that operating policies and procedures are updated to provide clear guidance to staff on how to comply with all legal or regulatory requirements;
Address and mitigate risks throughout the product life cycle, including pricing, marketing, distribution, accounting, and ongoing service and maintenance; and
Require a post-decision review to determine whether the new product or service met the expectations and assumptions used to support the decision.
15
Deposit Advertising Basics17
General guidelines and best practices – see details on the words “free,” “no cost,” or “low cost”
Service fee warnings
Free for a limited time
Annual Percentage Yield (APY)
Bonus rules
Trigger terms – APY, minimum balance, more disclosures
See “signs and mobile devices” section; no exceptions to advertising rules!
Seven Stages of the Product Life Cycle Chart18
STAGE DEFINITION CONSIDERATIONS1. Strategic
ConsiderationsIncorporates the strategic analysis behind an established, new, or modified product: this includes analyzing the strategic fit for the institution and its customers, as well as any components tied to product development (controls, compensation, platforms, etc.) and the overall benefit of the product to the institution and to consumers
Strategic goals and areas of expertise
Involvement of the board of directors, management, etc.
Regulations or guidance Emerging issues related to the
product Processes (procedures and
operating systems, training staff, monitoring activities, and setting controls)
Use and role of third parties
Seven Stages of the Product Life Cycle Chart19
STAGE DEFINITION CONSIDERATIONS2. Product Design Addresses the process of developing
the actual product and specific considerations such as profitability and fee structure
Target market
Relationship to other products
Applicability of laws and regulations
Types of fees assessed
Delivery systems (note about issues with ADA accessibility of websites)
Seven Stages of the Product Life Cycle Chart20
STAGE DEFINITION CONSIDERATIONS
3. Marketing Outlines the manner in which the product is targeted and marketed
Advertising
Cross-selling to customers
Targeting solicitations
Seven Stages of the Product Life Cycle Chart21
STAGE DEFINITION CONSIDERATIONS4. Product
DeliveryIncorporates the components of the initial interface, including the selling and/or application process
Steering risk Applications Disclosures Fees and terms Role of
compensation and incentives
Seven Stages of the Product Life Cycle Chart22
STAGE DEFINITION CONSIDERATIONS5. Origination or
ConsummationDescribes the process by which a customer qualifies for and obtains the product or service
Disclosures Incentives and
compensation structures
Pricing and underwriting discretion
Seven Stages of the Product Life Cycle Chart23
STAGE DEFINITION CONSIDERATIONS6. Product Use
and DurationIncorporates any and all aspects of a product after the origination or consummation stage; includes servicing, maintenance, dispute and resolution, changes in terms, default or misuse, additional fees, or other costs
Periodic statements and disclosures
Servicing practices and third-party servicers
Communications Repayment options Mobile banking
platforms Delivery systems Complaints
Seven Stages of the Product Life Cycle Chart24
STAGE DEFINITION CONSIDERATIONS7. Termination Addresses the process of the
consumer voluntarily discontinuing use of the product, or the institution’s process of discontinuing the product, or any other process in which the relationship between the consumer and the product ends
Communications
Procedures and practices
Loss mitigation, collection, and foreclosure
Stage One – Strategic Considerations
Details on this content are in the TOOLKIT
25
The financial institution’s risk appetite Its areas of expertise and its ability to deliver the new product or service Consumers’ perceived need for the product Current federal and state consumer protection laws, regulations,
and guidance Financial institution resources Anticipated future regulatory requirements Legal challenges related to the product or service, including lawsuits,
consumer complaints, or public enforcement actions
Stage One – Strategic Considerations26
Resources and expertise What knowledge is needed to effectively deliver the product or service?
Does the financial institution currently possess, or can it cost effectively acquire, the required expertise and staffing level — not only in the business line but also in the compliance and audit areas?
Can the financial institution’s computer systems handle the increased usage resulting from any new products or services?
Does the financial institution currently possess, or can it cost effectively acquire, operational capacity to deliver the product or service (e.g., automated processing, centralized operations, use of third-party service providers)?
What are the consequences of noncompliance or failure to deliver product as promised?
Third Parties
Fairness Complexity
Does the product or service provide a win-win situation for the customer and the institution earns a profit?
Are the features or terms difficult for the customer to understand?
Can communications about the product’s terms and features be made clearly, conspicuously, accurately, and timely?
Does the product have unintended consequences that could harm customers?
Offering large numbers of similar accounts that have many different features, terms, or conditions makes it challenging for the consumer to compare them.
Making product changes during the life cycle that will require additional disclosures.
Including features that can be explained only with disclosures that use dense, legal language and that span many pages.
27Stage Two – Product Design
Stage Three – Marketing28
Is the product accurately portrayed and disclosed in all marketing materials (this would include not just advertising but scripts, training materials, and similar items)?
Can a consumer readily understand and reap the benefits of the product?
Has staff been appropriately trained to sell the product?
Did the compliance staff participate in, or at least review, the marketing strategies and materials for compliance with applicable laws and regulations?
LOOK AT TARGET AUDIENCE ISSUES!
Advertisements – Stage Three Marketing 29
PRODUCT/SERVICE LAW/REGULATIONAll consumer financial products and services
UDAP/UDAAP (target audience issues for vulnerable populations)
Deposit FDIC insurance membership regulationsTruth in Savings Act/Regulation DDRegulation CC
Overdrafts Electronic Fund Transfer Act/Regulation ETruth in Savings Act/Regulation DD
Privacy GLBA Privacy Notice
Details on this content is in the TOOLKIT; See Deposit Advertising Basics
Stage Four – Product Delivery30
Has the institution identified and addressed the risks associated with the applicable delivery channels?
How will the institution comply with the laws and regulations that govern the sales and application processes?
Are there compensation or other incentives that may drive risky behavior by employees?
If third parties are used, is the oversight sufficient and effective? Will consumers receive all the necessary information to make
an informed decision about the product during their initial interaction with the financial institution?
Stage Five – Origination or Consummation31
Has the financial institution considered the risks for each origination channel? For example, risks associated with retail originations will differ from wholesale originations.
Has the financial institution considered the potential for fair lending and UDAP risk during product origination and consummation?
Has the institution implemented appropriate controls to mitigate any perceived risk?
Are the disclosures, product materials, and contractual agreements consistent with one another and clear?
SEE WARNING!
Stage Six – Product and Duration32
Regulatory Requirements and Guidance Annual privacy notices Periodic statements
Subsequent disclosures Changes in terms Account renewal/maturity Interest rate adjustment
and/or payment change
New Servicing Practices Prompt crediting of
payments Timely provision of payoff
statements Error resolution and
information requests Default monitoring and
servicing of delinquent accounts
Debt collection
Stage Six – Product and Duration33
Complaints
Regularly reviewing and evaluating customer complaints can provide insights into how well customers understand the institution’s products and services. Complaints can come from a variety of sources, including customer service calls, written complaints to the financial institution or its primary regulator, customer reviews, or social media. Because complaints can serve as an early indicator of potential concerns, managing a product or service successfully will include a process to monitor and analyze complaints. While it is important to address the specific concerns of any particular customer, determining whether an issue is systemic and whether other customers may be affected is also important.
Financial Institution Initiated Termination
Product Maturity and Voluntary Account Closures
Does the financial institution provide advance notice to customers to allow them sufficient time to migrate to another product or service?
Has the institution trained staff to answer questions from affected customers?
Closing only certain accounts? Would the closure criteria disproportionately affect customers on a prohibited basis?
Does the institution respond accordingly to voluntary account closures?
Does the financial institution comply with applicable regulatory and contractual agreements?
34Stage Seven – Termination
Lessons from the Product Life Cycle Process36
Innovation, market conditions, and consumer demand will always lead to new products and services – change is inevitable! The financial institutions that are the most successful in introducing new products and services consider consumer compliance risk throughout the product life cycle. This framework considers various institutional, legal, regulatory, and environmental factors that may be present at each life cycle stage of the product or service. This comprehensive approach for managing compliance risk helps to ensure that financial institutions can obtain the benefits of the new products and services and avoid the unintended consequencesthat can derail an institutions product strategy.
ASK PERMISSSION, NOT FORGIVENESS – DISCUSS NEW INITIATIVES WITH YOUR PRIMARY REGULATOR!
Consumer Consent Overview37
To facilitate and encourage electronic commerce, Congress enacted the Electronic Signatures in Global and National Commerce Act (E-SIGN Act) on June 30, 2000.
The E-SIGN Act states that the validity or enforceability of a contract, electronic record, or signature for a transaction affecting interstate commerce cannot be challenged solely because it is in electronic form or because an electronic signature or record was used in the formation of the contract.
When businesses are legally required to make information available to a consumer in writing, the information can be delivered electronically as long as there is prior compliance with the E-SIGN Act's customer consent requirements.
Six-Step Consumer Consent Process38
Step 1 – Availability of Paper Delivery or Paper Copies
Step 2 – Consent Choices
Step 3 – Consumer Actions
Step 4 – Hardware/Software Requirements
Step 5 – Affirmatively Consent
Step 6 – "After Consent" Disclosure
E-SIGN Requirements39
Indicate whether customers have a right or option to receive information on paper.
Identify whether the consent relates to a particular transaction (e.g., account opening disclosures) or to ongoing disclosures over the course of the relationship (e.g., monthly statements and change-in-terms notices).
Explain that the consumer has the right to withdraw consent and provide the procedures to withdraw consent as well as the consequences of withdrawing consent, such as fees, termination of the relationship, loss of preferred pricing, or having to switch account types.
E-SIGN Requirements40
Describe the procedures for updating the consumer’s contact information.
Outline the hardware and software requirements for accessing and retaining records.
Explain how to obtain paper disclosures after consent has been given and describe any associated fees.
Consumers must also consent electronically, or electronically confirm consent, in a manner that reasonably demonstrates their ability to receive or access the information electronically. Having consumers retrieve a code contained within in a document sent to them is one way to demonstrate accessing of information.
Risks and Implementation Steps41
1. Information about the customer. These are “tell us more about you” questions and will be similar to questions asked during the in-person new account interview.
2. Verification of the customer’s TRUE identity and completion of CIP requirements for: Name Date of birth Address Identification number E-mail address for E-SIGN compliance and due diligence
Risks and Implementation Steps42
3. Completing the account agreement and signing required documents (deposit agreement, signature card, W-9, etc.). These documents can be “wet signed” by sending paper documents or can be provided electronically and signed electronically.
4. Completing verification process and funding the account. The opening deposit can be made by mailing a check or by electronic funding with appropriate authorization, account number and routing/transit number information.
Ten Regulatory Requirements and Issues43
Regulations or Requirements Issues1. BSA (Bank Secrecy Act) and CIP
(Customer Identification Program)Verify the true identity of the deposit customer and create a RISK profile based on the increased risks of online account opening.
2. Disclosures – accuracy, completeness, and delivery
Deliver accurate account disclosures. Confirm that all E-SIGN consent steps have been completed. There are SIX steps for consent.
Ten Regulatory Requirements and Issues44
Regulations or Requirements Issues
3. Regulatory Oversight (UDAAP –Unfair Deceptive Abusive Acts and Practices)
Confirm that all advertising and account information was provided and that the consumer was advised of all fees and that an informed decision was made in the consumer’s best interest.
4. Advertising Review requirements for advertising, especially Truth in Savings, for triggering terms and required model language.
Ten Regulatory Requirements and Issues45
Regulations or Requirements Issues5. Privacy – information sharing
practices Provide actual practices and opt-out options.
6. Technology – changes in sending and receiving electronic disclosures and information
Monitor software and hardware requirements. Implement audit and internal control procedures.
7. Cybersecurity – identity theft and elder abuse
Exercise due diligence for “out-of-wallet” questions to detect fraud and identity theft. Be alert to the potential for abuse of older customers and elder abuse; provide resources for identity theft reporting and resources for seniors.
Ten Regulatory Requirements and Issues46
Regulations or Requirements Issues8. Policies and procedures Have all policies and procedures been
updated to reflect the risks of online account opening, revised CIP and CDD procedures for BSA compliance, updates to required risk assessments (BSA, Identity Theft Red Flags, OFAC, audit, deposit compliance)?
Ten Regulatory Requirements and Issues47
Regulations or Requirements Issues9. Social media – restrictions on
employees use of social media in the workplace
A social media policy is required so employees understand that “personal” is “public” and there are restrictions against “advertising” services that an employee can offer or how complaints may be handled.
Ten Regulatory Requirements and Issues48
Regulations or Requirements Issues10. Complaints It is a best practice and regulatory
expectation to have a complaint policy and procedures. Complaints can be sent to social media and must be reviewed.
Check YOUR regulators resources and exam procedures for expectations about handling complaints
UDAAP Lessons and Complaints49
UDAAP Is Everywhere
Say What You Mean, and Mean What You Say
Vendor Management – Pay Attention to Third-Party Providers
Four Principles of UDAAP Concepts1. Value
2. Understanding
3. Predictability
4. Appropriateness
Mobile Financial Services Update50
Mobile financial services technologies
Risk identification
Risk measurement
Risk mitigation
Monitoring and reporting
Risk Management of E-Banking Activities51
Speed of technological change,
Changing customer expectations,
Increased visibility of publicly accessible networks (e.g., the internet),
Less face-to-face interaction with financial institution customers,
Need to integrate e-banking with the institution's legacy computer systems,
Dependence on third parties for necessary technical expertise, and
Proliferation of threats and vulnerabilities in publicly accessible networks.
10 Considerations When Selecting an E-Signature Vendor52
1. Are e-signed documents legally protected?2. Are e-signatures secure?3. Are e-signed documents safe in the cloud?4. Is it easy to use?5. Does the e-signature solution support different signature capture methods?6. Is the e-signature solution customizable?7. Is the e-signature solution mobile-friendly?8. How flexible is the e-signature solution?9. Does the e-signature vendor understand the unique requirements of a
financial institution?10. Does the e-signature vendor have a favorable reputation in the industry?
Managing Vendor Risk 53
GLBA Requirements
Apply appropriate due diligence when choosing service providers,
Require service providers via contract to implement proper data security processes, and
Monitor service providers through activities such as reviewing audits and test results as directed by the financial institution’s risk assessment. Additionally, for high-risk vendors (such as outsourced core processors and internet-banking providers), the financial institution should monitor and validate controls through periodic self-assessments or other means.
E-SIGN Resources54
Interagency Social Media Guidance; risk areas include Compliance and Legal Risks (various regulations are outlined); payment systems, BSA: Privacy; CAN-SPAM and Telephone Consumer Protection Act (TCPA); Children’s Online Privacy Protection Act (COPPA); reputation risk; operational risk; conclusion.
Interagency Weblinking Guidance; virtually every website contains weblinks. A weblink is a word, phrase, or image on a webpage that contains coding that will transport the viewer to a different part of the website or a completely different website by just clicking the mouse. While weblinks are a convenient and accepted tool in website design, their use can present certain risks. Generally, the primary risk posed by weblinking is that viewers can become confused about whose website they are viewing and who is responsible for the information, products, and services available through that website. See Risk Management Techniques.
ADA Issues and Website Accessibility55
Since the beginning of 2015, more than 244 federal lawsuits have been filed throughout the country against companies of all sizes, including banks and credit unions. Demand letters have seen sent the people with disabilities were denied online access in violation of the ADA (Americans with Disabilities Act).
There are three ways that ADA compliance may be important:
1. In court
2. With customers
3. Among peers or competitors
Examination Checklist for E-SIGN57
Procedures for affirmative consent and proof that consent has not been withdrawn Consumer rights Consent withdrawal and updates; paper copy can be requested Fees for withdrawal or paper copies Hardware and software requirements prior to consent Consumer consents electronically in manner that demonstrates information can be
accessed (oral communication is NOT a valid E-sign record) Changes in hardware or software are communicated Disclosure of consumer’s right to withdraw consent without fees unless the fees
were previously disclosed Electronic records accurately reflect information from contracts, notices,
disclosures and remain accessible according to legal requirements
Social Media: Risk Management Guidance58
• Compliance and Legal Risks• Truth in Savings Act/Regulation DD • Unfair, Deceptive, or Abusive Acts or
Practices• Deposit Insurance or Share Insurance• Electronic Fund Transfer
Act/Regulation E and Check rules• Bank Secrecy Act/Anti-Money
Laundering Programs (BSA/AML)
• Privacy• CAN-SPAM Act and Telephone
Consumer Protection Act• Children’s Online Privacy
Protection Act• Reputation risk – fraud, third-party
risk, privacy, complaints• Employee Use of Social Media Sites• Operational risk
Social Media Policy Template59
1. Acceptable use of social media by the institution
2. Acceptable use of the institution’s data network for personal and commercial social media use
3. Social media policy monitoring including
• Employees breaching social media policies
• Inappropriate use of the institution’s name
• Negative posts
Social Media Policy Template60
4. Social media policy violation 5. Social media policy and acceptable use training including:
• Need for professionalism • Compliance with laws and regulations • How best to represent the institution and protect its reputation• Appropriate communication with customers, employees, competitors, and the
public through social media networks • Limitations for disclosure of proprietary and confidential information about the
institution and customers • Limitations of personal use of blogs, website, and social networking sites • When to transition a communication to private, one-to-one channels
(e.g., direct email, telephone, etc.)• Avoidance of controversial topics