Complying with the Federal Deposit Insurance Act

On May 17, 2022, the FDIC issued a Financial Institution Letter outlining its final rule on “False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo” (Final Rule). The Final Rule bans a range of activities involving inaccurate claims of insurance coverage and inappropriate use of the agency’s image and name to signal insurance coverage for ineligible products.

The Final Rule sets forth a formalized process that the FDIC can use to determine if activities are deemed violations, and it designates an agency official to address incoming questions and issues. Under the Final Rule, the FDIC’s General Counsel has delegated authority to “initiate and prosecute” formal enforcement actions executed based on violations of Section 18(4)(a).

In late July, the FDIC issued an updated fact sheet further clarifying the relationship between deposit insurance coverage and crypto companies. The fact sheet communicates the FDIC’s concern that against the backdrop of recent disruptions at crypto companies (e.g., paused withdrawals or operations), certain of their customers may—based on expressed or implied communications—be under the impression that uninsured products offered by crypto companies are backed by the FDIC.

Over the past few months, the FDIC issued cease-and-desist letters to several crypto companies asserting “potential violations of Section 18(4)(a)” of the FDI Act. The letters represent informal actions, convey specific offenses, and prescribe corrective action.

Senator Patrick J. Toomey (R-PA) sent a letter, dated August 16, 2022, to FDIC Director and Acting Chairman Martin Gruenberg stating that the agency “may be improperly taking action to deter banks from doing business with lawful cryptocurrency-related (crypto-related) companies.” The letter requests the FDIC’s written response to six clarifying questions about the agency’s recent activities and their legal footing by August 30, 2022.

Confirm a consumer compliance framework exists that addresses core inherent risks related to miscommunications about FDIC deposit insurance as well as other consumer protection matters (e.g., Unfair, Deceptive, or Abusive Acts or Practices). Routinely assess the compliance program and confirm the program is anchored in expectations communicated by the Consumer Financial Protection Bureau and US Department of Justice.

Confirm that use of the FDIC’s logo along with any statements about the FDIC, FDIC insured products, and the applicability of the FDIC’s deposit insurance coverage are accurate and in alignment with the requirements of the FDI Act.

In conjunction with ongoing third-party risk management activities, banks should consider the assessment of crypto companies’ adherence to the applicable requirements of the FDI Act. Identification of noncompliance should be confronted and addressed.

Update and implement internal controls to reflect the requirements of the Final Rule related to deposit insurance coverage and insured banking products. Establish accountability in terms of the necessary monitoring, reporting, review of the entire third-party risk program, and stakeholder management processes.

Confirm that policies and procedures reflect sufficient detail to determine if an incorrect statement has been made or misleading information has been conveyed. Policies and procedures should assign responsibilities and outline action steps that should be taken in the event of noncompliance with Section 18(a)(4). In some cases, banks may need to develop and formalize new processes in this area.