When used properly, web and social media sites are powerful marketing tools which can bring customers to your door; however, they can also bring the regulators knocking. The FFIEC has finalized its guidance on the use of social media by financial institutions and the CFPB has started the door-knocking. Factor in the use of social media by mortgage loan originators (MLOs), which you are also required to monitor, and the compliance challenge is escalated. Now state regulators (for example WA, TX, CA and AZ) are getting more aggressive in overseeing the use of social media and are sending out "intent to audit" letters. Are you prepared to meet the challenge of an audit?
According to our study, The State of Social Media in the Mortgage Industry, only 20% of social media sites are compliant, so it's time for the Mortgage industry to become vigilant.
In this post I highlight a social media compliance checklist to strengthen your policies and procedures to stay compliant. But before you jump into the checklist, you may want to read our article, Social Media Risks and Rewards in the June edition of the Scotsman Guide, for a quick review of the rules and regulations for social media compliance in the Mortgage Industry. Bottom line – every mortgage brokerage must be doing these five things to attain and maintain social media compliance:
- Have an inventory of every web and social media site each MLO is using for corporate purposes.
- Ensure employees are using corporate emails for (and only for) corporate sites.
- Have a process for periodic review of all sites to ensure regulatory (and brand) compliance.
- Have an executive responsible for overseeing compliance.
- Have a process for dealing with compliance and risk issues when they arise.
Of course, these are the top-level requirements. Each item above has a significant process to be created, managed and evaluated on an ongoing basis. This is your Social Media (and website) Governance Program. For more ideas about developing your Social Governance Program, check out our E-BooK. To help you get into the details, the following information is a start on your Social Media and Website Compliance Checklist for the Mortgage Industry.
Website and Social Media Compliance Checklist
Implement Complete Audit to Build Inventory
The first step is to perform an audit of all social media and web sites in order to build your inventory of corporate and employee digital assets. You must first know WHERE all of these assets are, then you need to know how to control them (if they are corporate property), train people on compliance to manage their own properties, and monitor them to ensure compliance.
Audit for Corporate Branded Sites & Branch Office Sites
Corporate sites are the main branded sites AND the Branch sites. Even if a branch office and social media program is managed by a Branch Manager, the sites should be corporate property.
For every social platform or domain, you will need to track the correct URL (found in a different place on each social network), the credentials of the account, and ensure that the contact email registered with the social site is a corporate email that can be accessed by multiple corporate representatives (in case of employee turnover).
List all Corporate Social Media points of presence
❑ Facebook, Twitter, YouTube, Slideshare, Pinterest, and all other social network accounts representing your brand(s). For each page/channel/board,/account, you need to have the correct:
- Sign-in Name
- Contact name of manager
- Contact email (and ensure it is a corporate email address).
❑ Facebook Place Pages. these are generated by location data and by individuals who "check-in' to a location. YES, these are yours and should be monitored!
❑ LinkedIn Business Page
❑ Google+. Include the page you created as well as the local address page that Google automatically created using your corporate main address.
❑ Google+ Place Pages. Just like Facebook Place pages, these are yours.
List of all websites and domain names.
This includes the inventory of any acquisition or trade name you have protected. You need to have the following information:
- Registrar Info
- Expiration Date
- Contact name and Info
Take the additional step of searching the web for your brand name(s) to find any web or social site that represents itself as your brand (or one of your brands). If a site appears to look like you to a consumer, you may have a real compliance risk as well as a reputation risk to your company!
Audit for Mortgage Loan Officer Sites
Monitoring and ensuring compliance on MLO sites (and any other social employee) is an especially challenging task. And the task is never-ending since you need to ensure that exiting employees remove mention of your brand on their sites, and new employees report their sites and are compliant. What you need to collect from your MLOs:
❑ List of all business-related Social Media points of presence, with correct URL, for each MLO or social employee.
❑ List of all websites and domain names that an MLO or social employee uses in the course of business.
Compliance Review, Process and Approval
Compliance for Presence
Compliance for the “presence” includes the URL name, and any information stated in the profile area such as the About, Description, Long Description. This does not include anything in the content stream. Some of the key elements that must be included with the presence data is:
❑ Mortgage Company name (trade name) and NMLS #
❑ NMLS Consumer Access link
❑ MLO Name and # (on MLO’s personal sites)
❑ Any state compliance requirements (such as AZ and WA mentions)
❑ Equal Housing Lender statement
❑ If a division or a sub-brand of a corporation, the parent corporation must be listed
Compliance for Content
Compliance for the content stream is an ongoing process of watching what people SAY on a daily basis. The most effective tools for staying compliant in content is to create clear employee social media policies and train employees on these policies, on compliance expectations, and social media use.
Social Media Policy & Employee Training
It is critical to create social media policies to clearly communicate and clarify what is expected of employees when they are using social media. Your goal is not to minimize risk by minimizing social activity – Your goal is to deliver clarity, guidance, and training to empower your employees to be your brand's best advocates!
There should be at least two types of social media policies:
❑ Policy for employees who manage or have access to the corporate branded and branch office sites. This is your corporate social media team.
❑ Policy for expectations and compliance requirements when an employee (such as an MLO) uses their personal web and social media accounts to promote any work that may be related to your company.
❑ You may want to create a third policy for general employees social media use (not specific to MLO's)
Considerations for your policies may include:
❑ Corporate Culture Tone
❑ Integration or review with other policies HR, IT
❑ Confidentiality expectations,
❑ Use expectations of trademarks and branding
❑ Casual vs. conservative
❑ Define professional use (corporate owned or personally owned accounts)
❑ Define personal use (are they allowed to post personally during work hours?)
❑ Do they need to disclose the relationship to company when posting about the company on their personal time/account?
❑ Executive, Board and Departmental approval
Stakeholders that should be included in the policy creation and review include:
❑ Board and CEO
❑ Risk and Compliance
Training is a critical step to stay in regulatory compliance. To appropriately train, you need to:
❑ Review FFIEC, state, and all other legal rules and regulations regarding advertising and social media
❑ Review appropriate social media policies with employees.
❑ Receive signature confirming employees have read and understand the policy.
❑ Review appropriate use of your brand elements (taglines, logos, etc).
❑ Review best practices and use of each social network
❑ Review best practices for websites
Continual Monitoring and Review
Social Media Governance is a discipline and process. To attain compliance you need to make the plan and work the plan to audit, monitor, train, and report. Repeat on a designated schedule; make changes to improve performance; and you'll be well on your way to keeping up with the digital and social world, and staying compliant.
At Brandle, we are dedicated to providing a comprehensive system for companies to easily manage the online points of presence (POPs) of their brands, identities, and relationships. We created the Brandle Presence Manager to help you discover, inventory, monitor and patrol for your web and social presence.