Mortgage executives and loan officers bombarded Erik Hawkins, the head of U.S. sales for financial services at Facebook, with questions at a recent industry technology conference in Los Angeles.
They wanted to know if Facebook would help them comply with regulations and maintain an audit trail given that so many loan officers are using the social network to reach out to potential customers.
Hawkins' response, in most cases, was "no."
"Facebook will set up conversations with legal teams," Hawkins told them, but financial institutions themselves are required to maintain the audit trail.
The exchange highlights how lenders and their salespeople are increasingly using social media to scout for new customers—and the compliance and regulatory issues this practice raises for banks.
Those concerns range from preventing identity theft or phishing-style emails, to protecting a lender's trademark or brand from unauthorized or illegal use, to monitoring social media usage by mortgage employees.
"State auditors are now starting to look at social media," says Kevin Marconi, the chief operating officer at United Fidelity Funding, a wholesale lender based in Kansas City, Mo. These auditors are checking to make sure loan officers have their nationwide mortgage license numbers listed on Facebook and LinkedIn, and that the license numbers correspond to those of the local mortgage lender's branch, he says.
While mortgage bankers were not early adopters of social media, the industry has made a huge push the past year (primarily as loan volumes have plummeted) to reach potential borrowers through Facebook, LinkedIn and Twitter, says Ken Anderson, the vice president of marketing at Smarsh, a Portland, Ore., provider of archiving and compliance services.
Compliance officers know they must monitor and archive the communications of loan officers on social media, but the task sometimes falls through the cracks.
"The vast majority say they don't know how to do it, or that they need to talk to their legal and marketing departments," Anderson says. "Social media is how business is being driven these days and where you find customers, so it's no longer acceptable to say you didn't know about it."
Audit trails that track when a social media interaction took place are particularly important for compliance, Anderson says.
There are at least 42 different regulations for banks regarding disclosures and audit trails for social media. Financial institutions are required to have a risk management program that can measure, monitor and control the risks related to social media, among others.
The Federal Financial Institutions Examination Council issued final guidance in December on how institutions should control the risks associated with social media. The guidance is intended to help them understand how to manage such risks and clarifies that existing consumer protection and compliance laws apply to social media communication. (Email and text messages do not constitute social media on their own.) Under the guidance, financial institutions are expected at a minimum to have a governance structure with the board of directors or senior management establishing controls and risk assessment.
In some cases, social media can be used to siphon revenue away from a bank, or worse, tarnish its reputation, says Greg Mancusi-Ungaro, the chief marketing officer in Boston at BrandProtect, a Toronto technology company.
"There is a population of bank-associated individuals who haven't gone through the training, who don't get the memos, and they are mavericks doing their best to hustle loans," he says. "Social media is being used to attract people to loan officers and in many cases, the person using the logo of a bank is not authorized to do so."
Last year, a large bank in the Southeast with 470 loan officers grew concerned that its name was being used by former employees who were no longer affiliated with the bank. BrandProtect ran a search and found that 1,100 loan officers claimed to be affiliated with the bank, meaning more than half of its online affiliations were rogue, mavericks or imposters, Mancusi-Ungaro says.
"Many of those people had at one time been affiliated with the bank and somehow that credential just stayed with them," he says. "But there were also plenty of people who just put the bank on their web page to attract customers and these are presentations made by loan officers in the name of a bank that can damage their reputation."