Everyone—including fintechs, other non-bank companies, and associated individuals—that either partners with banks or seeks to provide alternatives to insured deposits must comply with the FDIC's deposit insurance advertising regulations and other applicable federal law. Those rules cover all statements, graphics, and other communications or representations on websites, in social media—of all varieties—and in traditional print products.
Why It Matters
When these types of violations occur or are alleged, they may open the door to more supervisory scrutiny by federal agencies, reputational damage, enforcement risk, and other ripple effects in the market. As the financial services market continues to innovate and evolve, those participating in the space must nevertheless be mindful of these types of regulatory requirements and prohibitions.
These rules prohibit any person from:
- representing that the FDIC insures uninsured financial products as part of an advertisement, solicitation, or other publication or dissemination
- knowingly misrepresenting the extent to which and the way a deposit or obligation is insured by the FDIC—whether by making affirmative statements or by omitting material information
- ·omitting a clear, conspicuous, and prominent disclaimer that the products being offered are not FDIC insured or guaranteed, in advertisements for uninsured financial products that feature or include FDIC-associated terms or images
Statements regarding deposit insurance are deemed to violate the FDIC's regulations if they omit material information, such as when a non-insured entity that advertises deposit insurance fails to identify the bank through which the deposits are insured.
The FDIC clarified its deposit insurance advertising regulations in a 2022 rulemaking. Since then, the FDIC has consistently underscored that it will enforce these rules, and has done so. To date, the FDIC has publicly called out at least 15 instances of non-bank entities and related individuals for alleged violations of these rules. Recently, the FDIC singled out a crypto-focused nonbank entity, alleging violations of these provisions.
When an alleged violation occurs, the FDIC typically sends a public cease and desist order to direct the entity or individual to stop making and remove the statements or references, and amend the statements that involve pass-through insurance arising from the placement of consumer deposits into accounts at banks. Nothing stops the FDIC from taking other measures or precludes it from finding additional violations of law.
Because of the breadth of the legal authorities involved, the FDIC can target not only the entity or individual who made the statement, but other technology companies and service providers. To date, the FDIC has alerted domain-hosting companies and ISPs in connection with alleged violations committed by their customers. The FDIC could also presumably direct social media companies to remove misleading posts if, for instance, a user did not do so.
The CFPB, in tandem with the FDIC's 2022 final rule, has explained that covered persons or service providers under the CFPB's jurisdiction "likely violate" the federal prohibition on deceptive acts or practices if they misuse the name or logo of the FDIC or engage in false advertising or make misrepresentations to consumers about deposit insurance, regardless of whether such conduct is engaged in knowingly. While the CFPB has not taken any public enforcement actions against covered persons and service providers for misrepresentations of FDIC deposit insurance status, covered persons and service providers under the CFPB's jurisdiction should be sufficiently on notice of these risks.
As the financial services industry develops new products and services, compliance with staid legal requirements should remain top of mind to avoid enforcement and reputational risks.