In a recent series of regulatory statements and a high profile demand letter, federal banking regulators have given clear warnings to the banking and fintech industries about their customer disclosures and the significant risk of customer confusion relating to bank/fintech relationships and customers' deposit insurance status. These statements follow a significant increase in fintechs offering "banking as a service" to their customers through partnership models, as well as recent bankruptcy filings by crypto platforms, which have raised customer disclosure issues. This Advisory discusses the recent regulatory guidance and provides suggestions for managing the risks identified by the regulators.
On July 28, 2022, both the Federal Deposit Insurance Corporation (FDIC) and the Board of Governors of the Federal Reserve System (Board of Governors) issued a joint letter (Letter) to the crypto brokerage firm Voyager Digital, LLC (Voyager) demanding that it cease and desist from making false and misleading statements about Voyager's deposit insurance status, in violation of Section 18(a)(4) of the Federal Deposit Insurance Act (FDI Act)1, and demanded immediate corrective action.
The Letter stated that Voyager, by and through its officers, directors, and employees have made false and misleading statements online, including its website, mobile app, and social media accounts, stating or suggesting that: (1) Voyager is FDIC-insured; (2) customers who invested with the Voyager cryptocurrency platform would receive FDIC insurance coverage for all funds provided to, and held by, Voyager; and (3) the FDIC would insure customers against the failure of Voyager itself.
Contemporaneously with the cease and desist letter, the FDIC issued an advisory (Advisory) to FDIC-insured institutions regarding FDIC deposit insurance and dealings with crypto companies, in which it addressed the following risks and concerns:
- Risk of consumer confusion or harm arising from crypto assets offered by, through, or in connection with insured depository institutions (insured banks). This risk is elevated when a non-bank entity offers crypto assets to the non-bank's customers, while offering an insured bank's deposit products.
- Inaccurate representations about deposit insurance by non-banks, including crypto companies, may confuse the non-bank's customers and cause them to mistakenly believe they are protected against any type of loss.
- Customers can be confused about when FDIC insurance applies and what products are covered by FDIC insurance.
- Legal risk of insured banks if a crypto company, or other third-party partner of an insured bank, makes misrepresentations about the nature and scope of deposit insurance.
- Potential liquidity risks to insured banks if customers move funds due to misrepresentations and customer confusion.
The Advisory also includes the following risk management and governance considerations for insured banks:
- Assess, manage, and control risks arising from all third-party relationships, including those with crypto companies.
- To measure and control the risks to the insured bank, it should confirm and monitor that these crypto companies do not misrepresent the availability of deposit insurance, and should take appropriate action to address any such misrepresentations.
- Communications on deposit insurance must be clear and conspicuous.
- Insured banks can reduce customer confusion and harm by reviewing and regularly monitoring the non-bank's marketing material and related disclosures for accuracy and clarity.
- Insured banks should have appropriate risk management policies and procedures to ensure that any services provided by, or deposits received from, any third-party, including a crypto company, are in compliance with all laws and regulations.
- Part 328, Subpart B of the FDIC's Rules and Regulations2 can apply to non-banks, such as crypto companies. Insured banks should determine if its third-party risk management policies and procedures effectively manage risks related to crypto assets.
Along with the Advisory, the FDIC published this Fact Sheet: What the Public Needs to Know About FDIC Deposit Insurance and Crypto Companies, with links to additional resources including information to help consumers understand FDIC deposit insurance.
At a time when crypto companies are being increasingly criticized for perceived excessive risk and insufficient transparency in their business practices, the FDIC and other banking agencies are moving to ensure that these companies' practices do not threaten the banking industry or its customers. As guardian of the Deposit Insurance Fund (DIF), the FDIC has shown that it is willing to act aggressively to protect the DIF and the depositors who rely on it.
In addition to the FDIC's suggestions for insured banks, we suggest both insured banks and their fintech vendors consider the following measures to protect against regulatory criticism or enforcement:
- Banks should build into their vendor contracts/joint venture agreements with fintechs the right to review and approve all communications to bank customers, and should revisit existing contracts to determine if any adjustments are needed;
- Banks should consult with legal counsel as to current and expected regulatory requirements and examination attitudes with respect to "banking as a service" arrangements;
- Fintechs should be sure to engage with experienced bank regulatory counsel as to the risks inherent in their business and contractual arrangements with insured banks by which the services of the fintech is offered to bank customers; and
- Insured banks should conduct appropriate diligence as to their fintech partners' compliance framework and record.
In addition, if a bank's fintech partner goes bankrupt, a bank should obtain clarity–to the extent unclear–as to whether funds on deposit at such bank are property of the bankruptcy estate or property of a non-debtor person or entity (e.g., the fintech's customers). If funds on deposit are property of non-debtor parties, banks should be prepared to address such party's claims, including by obtaining bankruptcy court approval regarding the disposition of such funds on deposit. Additionally, banks may have claims against the bankrupt fintech entity (including claims for indemnity) and should understand the priority and any set-off rights related to such claims (e.g., against the funds deposited with the bank if such funds are property of the debtor).
1. Section 18(a)(4) of the FDI Act, 12 U.S.C. § 1828(a)(4), prohibits any person from representing or implying that an uninsured deposit is insured or from knowingly misrepresenting the extent and manner in which a deposit, obligation, certificate, or share is insured under the FDI Act. Voyager also has attracted the scrutiny of state regulators, some of whom have issued their own cease and desist orders alleging Voyager is selling unregistered securities.
2. See, 12 C.F.R. Part 328, Subpart B, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC's Name or Logo, available at: https://www.ecfr.gov/current/title-12/chapter-III/subchapter-B/part-328#p-328.100(d).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.