By Ashley Hutto-Schultz


Ashley Hutto-Schultz         Director of Compliance

Social media has opened up a new age of mortgage advertising, marketing and consumer communication. At the touch of a button, mortgage companies and loan originators (LOs) reach hundreds of potential customers and increase a company’s publicity far beyond the bounds of the more traditional advertising methods. These technologies enable businesses to increase their public exposure tenfold, sometimes for a very low monetary cost. But, as Spider-Man’s mortgage compliance counterpart might say, “With great exposure comes great responsibility.” The exposure created by social media platforms seems relatively endless at times and, likewise, managing the risks and responsibilities attached to social media activity quickly becomes daunting.

On one hand, understanding the activities to include in the compliance program presents challenges. The term “social media,” itself, can be very broadly defined to include technologies that go beyond the commonly known platforms like Facebook, Instagram, Twitter, and LinkedIn. Uncertainty about the type of activities conducted via social media presents difficulties for Compliance Departments hoping to build comprehensive and practical policies, procedures, training programs and monitoring within an institution.

Building a social media compliance program becomes even more complex when incorporating the multitude of legal requirements that could apply to any given post. For social media, these legal requirements extend beyond the mortgage advertising laws we’ve all come to know and love; they also may include requirements related to cybersecurity, data security, intellectual property, anti-harassment and debt collection, to name a few. Outlined below is a starting point for designing a social media compliance program to fit any institution’s needs.

Identifying the sources of exposure is a necessary first step to tailoring a practical compliance solution. This part of the process is an exercise of determining who, what, when, where, and how a company is being represented on social media.

Who is posting?

Typically, LOs and other members of the sales force are most likely to actively represent a mortgage company on social media for the purposes of advertising and promoting business. But, it also helps to understand who else represents an entity on social media, like the company’s marketing and/or recruiting staff. Each of these individuals operates in different capacities and may have different purposes for using social media. Understanding how their function within the organization relies on social media may become valuable for understanding the most efficient and practical structure for managing social media risks.

From a reputational risk standpoint, it’s also helpful to determine the types of posts being published by customers and ex-employees of the entity. Keep in mind that entities also need social media policies for all employees in general that include rules related to anti-harassment and other general employment law requirements.

What types of posts?

Learning the various types of posts representing the company will highlight the specific areas to prioritize in policies, procedures, monitoring and training. For example, are LOs commonly posting co-branded flyers, advertising rates and terms, or publishing self-authored articles? Do any of these posts give advice on subjects related to lending and finance? Each of these types of posts present their own compliance considerations; harnessing the categories of social media postings can drive the objectives of the overall social media compliance program. If the entity already uses an approval process for social media posts, finding ways to identify unapproved posts published online also helps determine the effectiveness of the approval process.

When (how often) are various individuals posting?

Similar to learning the types of postings appearing on social media, identifying the entity’s most active social media users (e.g., individuals, departments, or branches) helps prioritize the compliance resources, especially in terms of training and creating practical approval or monitoring procedures. If certain branches heavily rely on social media posts, devoting specific compliance resources to that branch in order to facilitate the quick approval or monitoring of their activities could be a helpful approach. Also, depending on the level of activity, entities may opt to utilize third party vendors to monitor the company’s social media presence and compliance. Although this solution may not be necessary or practical for every institution, reputable vendors may offer the most advanced and efficient approaches for catching potential social media non-compliance.

Where are these postings appearing and re-appearing?

Commonly used platforms, such as LinkedIn, Facebook, Twitter, and Instagram, are the most obvious contenders to include in a social media compliance program. However, other platforms allow users to share content via text, images, video, or audio that should also be considered (e.g. Yelp, Tumblr, Zillow etc.). Finding the various platforms utilized helps define the activities that fall under the social media compliance management system at any given entity.

Once these platforms have been identified, realizing their limitations may dictate the compliance solutions related to each. Character limits, content sharing, re-posting, endorsing or liking, and other platform-specific features create their own compliance challenges for consideration. For example, how will required disclosures be included on each platform – with character limits, space limitations, etc.? How will disclosures appear on various devices – especially those required in connection with trigger terms? Where will the Equal Housing Logo appear? Recognizing these distinctions, and incorporating them into policies, procedures, monitoring and training, takes time but demonstrates control over the messages delivered to consumers.

How are the postings being generated?

The most basic method for creating and sharing social media posts on any given platform is for an individual to log on, create a post, and share it. As businesses work to make this process more efficient, solutions have been introduced that allow companies or individuals to create a single post and easily disperse it to multiple platforms at one time. In some cases, a company’s Marketing Department will create the content (flyers, articles, etc.) for the sales force and will distribute it for posting to multiple sites.

Understanding the different methods for publishing social media content enables a tailored approach for approval and monitoring of the postings. For example, if postings go through a Marketing Department before being published, there is likely a practical way to include a step for Compliance approval as the postings are being completed. Working with the Marketing Department if the process is centralized, or branches if it’s decentralized, to understand which vendors are being used is one way to help determine how to design compliance processes and procedures for each.

The points outlined above allow compliance professionals to start defining the types of social media presence associated with their institution. During the process, and while building each part of the compliance management program, a few other main points to keep in mind are the roles other departments play in the program. Consulting with and including the Human Resources, Information Technology, Marketing, and Recruiting Departments fosters a better understanding of the entity’s risks, capabilities, and governance for social media.


As featured in National Mortgage Professional Magazine.

Ashley Hutto-Schultz is the Director of Compliance at Castle & Cooke Mortgage, LLC. Castle & Cooke Mortgage, LLC® is a leading independent mortgage lender headquartered in Salt Lake City, Utah, with locations across the United States.