Regulatory Scrutiny on the Rise of Bank and Crypto Company Dealings

On July 29, 2022, the Federal Deposit Insurance Corporation (FDIC) issued an advisory and fact sheet, (collectively, the “FDIC Crypto Guidance”) to address concerns regarding consumer confusion arising from crypto assets offered by, through, or in connection with insured banks. The FDIC Crypto Guidance follows the FDIC and Federal Reserve Board of Governors’ (Federal Reserve) joint letter issued to fintech company Voyager Digital, LLC on July 28, 2022, which demands that Voyager cease and desist, and take immediate corrective action to remove from its website, mobile app, social media accounts and all forms of marketing, advertising, and consumer-facing materials any and all statements suggesting that:

• Voyager itself is FDIC-insured;
• customers who invested with the Voyager cryptocurrency platform would receive FDIC pass-through insurance coverage for all funds provided to, held by, on, or with Voyager, without reference to the FBO (for-benefit-of) account maintained at Metropolitan Commercial Bank, an FDIC-insured bank, where customer funds were held; and
• the FDIC would insure customers against the failure of Voyager itself.

Regulatory Background

Section 18(a)(4) of the Federal Deposit Insurance Act (FDI Act) prohibits any person from representing or implying that an uninsured deposit is insured or from knowingly misrepresenting the extent and manner in which a deposit liability, obligation, certificate, or share is insured under the FDI Act.[1] The FDI Act provides the FDIC independent authority to investigate and take administrative and enforcement actions, including the power to issue cease-and-desist orders and impose civil money penalties, against any person who makes misrepresentations about deposit insurance.

The Final Rule implementing the FDI Act (FDIC Rule), also created a whistleblowing framework by allowing any person[2] to report suspected instances of false advertising, misuse, or misrepresentation regarding deposit insurance, and established procedures by which the FDIC will investigate and, where necessary, formally and informally resolve potential violations. In commentary to the FDIC Rule, the FDIC noted that the rule will primarily affect “non-bank entities and individuals who are potentially misusing the FDIC’s name or logo or are making misrepresentations about deposit insurance.”[3]

FDIC Concerns and Risk Management Considerations

In the FDIC Crypto Guidance, the FDIC expresses concerns about the risks of consumer confusion or harm arising from crypto assets offered by, through, or in connection with insured banks. Specifically, the FDIC is concerned that inaccurate representations about deposit insurance may confuse non-bank customers and cause those customers to mistakenly believe they are protected against any type of loss. Moreover, the FDIC notes, non-bank customers may not understand the role of the bank as it relates to the activities of the non-bank, or the speculative nature of certain crypto assets as compared to deposit products.

On May 17, 2022, the Consumer Financial Protection Bureau also highlighted the risk these insured bank/fintech partnerships present and released a circular regarding deceptive representations involving deposit insurance, noting that these may result in violations of the Consumer Financial Protection Act.

In the July 29 advisory, the FDIC reminds insured banks of their need to be aware of how FDIC insurance operates and their need to assess, manage, and control risks arising from all third-party relationships, including those with crypto companies. In their dealings with non-bank partners, including crypto companies, insured banks may wish to implement controls to ensure that:

• non-bank partners do not misrepresent the availability of deposit insurance for their financial products and take appropriate action to address any misrepresentations;
• communications related to deposit insurance are clear and conspicuous (noting that non-bank entities, such as crypto companies, that advertise or offer FDIC-insured products in relationships with insured banks can reduce consumer confusion by clearly and conspicuously: (i) stating they are not an insured bank; (ii) identifying the insured bank(s) where any customer funds may be held on deposit; and (iii) communicating that crypto assets are not FDIC-insured products and may lose value);
• non-bank partners’ marketing materials and related disclosures are regularly reviewed to ensure accuracy and clarity;
• appropriate risk management policies and processes are in place to ensure any services provided by, or deposits received from any third-party, including a crypto company, are, and remain, in compliance with all laws and regulations; and
• third-party risk management policies and procedures effectively manage crypto-asset-related risks, including compliance risks.

Federal Reserve Supervisory Letter 

Following the issuance of the FDIC Crypto Guidance, the Federal Reserve published on August 16, 2022, a supervisory letter acknowledging the potential opportunities for banks, their customers and the overall financial system emerging from the crypto-asset sector and the heightened and novel risks posed by crypto-assets (Supervisory Letter). The Supervisory Letter points to crypto-asset sector risks concerning safety and soundness, consumer protection, and financial stability and:

• outlines the steps Federal Reserve-supervised banks should take prior to engaging in crypto-asset-related activities[4];
• mandates Federal Reserve-supervised banks to notify their lead supervisory Federal Reserve contact prior to engaging in crypto-asset-related activities or, if already engaged in such activities, to notify their supervisory Federal Reserve contact promptly;[5]
• requires that Federal Reserve-supervised banking organizations implement adequate systems, risk management, and controls prior to engaging in these activities to ensure consistency with safe and sound banking and compliance with applicable laws, including applicable consumer protection statutes and regulations; and
• encourages state member banks to notify their state regulator prior to engaging in any crypto-asset-related activity.

Trends Leading to Heightened Regulatory Scrutiny

The FDIC Crypto Guidance and Supervisory Letter highlight the increasing interest that financial institution regulators are taking in the crypto-asset space and are timely positioned against a backdrop of increased fintech/crypto-bank partnerships, which have resulted in increased website marketing materials using the FDIC logo and describing FDIC deposit insurance.[6] This is particularly true in the context of USD-backed stablecoins, deposits of which may be held with insured banks.[7] These developments, together with the current conditions of the crypto market, create the optimal setting for increased regulatory scrutiny and enforcement for both banks and non-bank/fintech and crypto businesses, as consumers increasingly may be relying on FDIC insurance representations as they evaluate financial products and services, especially those involving crypto assets.

Considering the uptick in activity and regulatory scrutiny in this space, banking institutions and nonbank entities, including those in the fintech and crypto-asset space, may wish to review their respective relationships, contracts, disclosures, and marketing materials with counsel to ensure compliance with new regulatory guidance and expectations.

[1] 12 U.S.C. §1828(a)(4)(A).

[2] The FDIC Rule defines a person as a natural person, sole proprietor, partnership, corporation, unincorporated association, trust, joint venture, pool, syndicate, agency or other entity, association, or organization, including a “Regulated Institution.” False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC's Name or Logo, 87 FR 33415-01, 33415, 33421.

[3] Id. at 33418.

[4] The Supervisory Letter defines crypto-asset-related activities as activities that “may include, but are not limited to, crypto-asset safekeeping and traditional custody services; ancillary custody services; facilitation of customer purchases and sales of crypto-assets; loans collateralized by crypto-assets; and issuance and distribution of stablecoins.”

[5] The Federal Reserve’s notification requirement tracks the Financial Institution Letter published by the FDIC on April 7, 2022, informing FDIC-supervised institutions that intend to engage in, or that are currently engaging in, any activities involving or related to crypto assets to notify the FDIC of these activities so that the FDIC can assess their safety and soundness, consumer protection, and financial stability implications. 

[6] See Request for Information on FDIC Sign and Advertising Requirements and Potential Technological Solutions, 85 FR 10997-01, 10998 (identifying two board category types of potentially confusing situations for consumers; insured bank-fintech business relationships and misrepresentations by non-FDIC insured entities, and the need to address “evolving banking channels and operations.”).

[7] See Consumer Financial Protection Bureau, Statement of CFPB Director Rohit Chopra, FDIC Board Member, on the Final Rule Regarding False Advertising, Misrepresentations of Insured Status, and Misuse of the FDIC’s Name or Logo (May 17, 2022).