New financial regulator guidance puts misuse of FDIC trademarks, false claims of FDIC insurance squarely in play for regulated banks and other third parties
Since summer 2022, liquidity events have threatened and ultimately forced the bankruptcy and/or fire sale of significant crypto-currency industry players such as Voyager and Celsius. In response to this, on February 23, 2023, the US prudential regulators1 issued a Joint Statement on Liquidity Risks to Banking Organizations Resulting from Crypto-Asset Market Vulnerabilities. Further evidence of the mounting risk came less than a month later when liquidity issues related to the FTX collapse overtook FRB-regulated, California state-chartered commercial bank, Silvergate, which announced on March 9, 2023 that it would enter an orderly liquidation process.
The Joint Statement addresses recent liquidity disrupting and “bank-run” behavior by crypto-asset investors that has resulted in volatility in the cryptocurrency markets. While the Joint Statement does not assert new obligations on banking organizations or insured depository institutions, it reminds banks of existing risk management principles and obligations and makes clear that prohibited misleading statements to consumers or investors about the availability of FDIC insurance could exacerbate any liquidity driven bank run. It also serves as a firm assertion of the nexus between allowable but uninsured bank products and the authority of the prudential regulators, and a stark reminder that the FDIC actively monitors the misuse of its trademarks – both its name and logo – and false or misleading claims that an entity or product is FDIC-insured by both regulated institutions and third parties, particularly in the cryptocurrency space.
Discussed here is the emphasis that prudential regulators expect banks (particularly insured depository institutions) to incorporate regular monitoring for the misuse of the FDIC logo into their risk management and compliance controls, whether by the bank itself or by non-bank business partners.
Below, we provide key takeaways, including steps banks and others should consider for risk-based controls relating to the misuse of FDIC trademarks or claims about FDIC insurance, as well as their own trademarks, across media, especially involving the cryptocurrency space.
Misuse of FDIC trademarks and misrepresentations as to claims of being FDIC insured
As described in the preamble of the May 2022 FDIC Rule Involving False Advertising (discussed below), the FDIC issued warning letters and reached “informal resolutions,” ie, requiring offenders to remediate and commit in writing to future compliance, in at least 165 cases involving non-bank third parties between January 2019 and December 2020. This represented a marked increase from one such informal resolution in the prior ten years, and the new Joint Statement joins a host of recent FDIC press releases2 in confirming that ongoing enforcement can be expected to continue.
In addition to enforcement efforts, the FDIC has issued two recent rules, the May 2022 FDIC Rule Involving False Advertising and December 2022 FDIC Rule, discussed below. The contents of each of these rules are discussed below.
1. May 2022 FDIC rule involving false advertising
In May 2022, the FDIC issued a final rule to create procedures and evaluate potential violations of Section 18(a)(4) of the Federal Deposit Insurance Act relating to the misuse of FDIC trademarks and misrepresentations around claims of being FDIC-insured (the May 2022 Rule). 12 C.F.R. Part 328. As described in the rule’s preamble, between January 2019 and December 2020, the FDIC issued warning letters and reached “informal resolutions,” ie, requiring offenders to remediate and commit in writing to future compliance, in at least 165 cases involving non-bank third parties – a marked increase from one such informal resolution in the prior ten years – and that number may have increased further into 2022 and 2023. The breadth and scope of what, in effect, amounts to a robust FDIC intellectual property protection and enforcement initiative is unique – but not sui generis – for a government agency.3
Under the May 2022 Rule, falsely representing (expressly or by implication) that a product is FDIC-insured by using FDIC trademarks, the abbreviation “FDIC” or the phrases: “Federal Deposit Insurance Corporation”, “Federal Deposit,” “FDIC-insured,” “FDIC insurance,” “member FDIC,” or any similar words or phrases, or knowingly misrepresenting (expressly or by implication) availability or extent of FDIC insurance carries significant civil and even criminal penalties under 18 U.S.C. Section 709 (a fine and/or one-year prison term) including for aiding and abetting a third party’s missteps. See 12 C.F.R. Part 328.100(a)-(d). Interestingly, until their COVID-era repeal on December 27, 2020, specific sections of the 18 U.S.C. Section 700 Series also protected – and provided for criminal penalties for the unauthorized use of – the government’s strategic intellectual property rights in popular 1970s and ‘80s anti-forest fire juggernauts, Smokey Bear and Woodsy Owl.
2. December 2022 FDIC proposed rulemaking: FDIC official sign and advertising requirements, false advertising, misrepresentation of insured status, and misuse of the FDIC’s name or logo.
Furthermore, in December 2022, the FDIC proposed new, fairly complicated rules to update the May 2022 Rule further and clarify the scope of appropriate use of FDIC trademarks and claims of FDIC insurance across different products and third-party arrangements. The proposal is also intended to address the use of FDIC-related signage in partnerships between insured depository institutions (IDIs) and financial technology companies and other third parties. The FDIC’s proposal is designed to ensure that such channels and partnerships do not create customer confusion regarding the insured status of their funds and investments held in non-deposit products.
For IDIs, the proposed rule would, among other things:
- Require FDIC signs across all banking channels, including digital and mobile channels, to reduce customer confusion
- Require signage which differentiates insured deposits from non-deposit products across banking channels and that discloses to consumers that certain financial products are not insured by the FDIC, are not deposits, and may lose value and
- Require IDIs to maintain policies and procedures addressing compliance with part 328 for the IDI and certain third-party relationships.
The proposal also addresses specific scenarios where information provided to consumers may be misleading by both IDIs and nonbank companies. For example, the proposal would clarify that:
- FDIC-associated terms or images may not be used in marketing and advertising materials to imply or represent that any uninsured financial product or entity is insured by the FDIC and
- Statements regarding deposit insurance in a context that involves both deposits and non-deposit products must clearly disclose that the non-deposit products: are not insured by the FDIC; are not deposits; and may lose value.
The proposal would also amend the definitions of “non-deposit product” and “uninsured financial product” to specifically include crypto-assets subject to coverage of Part 328.
The comment period on the proposed rules was recently extended from February 21, 2023, to April 7, 2023.
Opportunities and key takeaways
- The cryptocurrency industry decried the Joint Statement’s liquidity guidance as another bald attempt by regulators to cut or choke-off cryptocurrency use in the US entirely. However, the portion of the Joint Statement addressing misuse of FDIC trademarks and/or FDIC-insured status appears designed to help consumers make more informed choices and protect consumers and investors. If applied reasonably by fair-minded examiners and enforcement attorneys, the FDIC trademark initiative could even improve the credibility of – and make more mainstream – crypto investing, while also mitigating liquidity events.
- At least one other financial oversight body, FINRA, has issued guidance to its member firms (typically broker-dealers) about the existence of imposter websites pretending to be (or be affiliated) with those member firms. According to the FINRA guidance, FINRA itself is proactively looking for – and notifying the legitimate member firm about—such imposter websites. According to FINRA and other sources, imposter websites which collect personal data from legitimate company employees or customers could steal that data, giving rise to cybersecurity and potentially even national security risks.
In this environment, banks and non-bank third parties doing business with banks, including cryptocurrency companies, should:
- Understand how FDIC insurance operates and assess, manage, and control risks arising from third party relationships, including with crypto companies. For example, until the December 2022 FDIC Rule is finalized, follow the July 2022 FDIC Advisory guidance to reduce customer confusion by clearly and conspicuously: “(a) stating they are not an insured bank; (b) identifying the insured bank(s) where any customer funds may be held on deposit; and (c) communicating that crypto assets are not FDIC-insured products and may lose value.”
- Undertake “robust due diligence” of crypto-asset-related entities that establish deposit accounts – and other third parties with which the bank has a relationship.
- Measure and mitigate risks, including by:
- Assessing one’s own and counterparties’ risk management policies and procedures, including relating to false advertising.
- Updating terms and conditions to make clear that false or misleading statements about the availability of FDIC insurance or the misuse of the FDIC logo will not be tolerated.
- “Carefully reviewing and regularly monitoring … non-bank [partners’] marketing material and related disclosures to ensure accuracy and clarity.” (See the July 2022 Advisory)
- Considering expanding the scope of monitoring for the misuse of the FDIC logo and/or one’s own trademarks via Search Engine Optimization, domain cybersquatting, even Web 3.0/metaverse.
- Consulting counsel and devising and implementing an action plan for those who may be in violation of the May 2022 FDIC rule and/or misusing of one’s own trademarks, issuing cease and desist or warning letters, escalation policies and procedures and the circumstances where reporting violators to the FDIC or law enforcement may be warranted.
1 The prudential regulators include the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
2 Examples of such recent press releases, FDIC Issues Cease and Desist Letters to Five Companies For Making Crypto-Related False or Misleading Representations about Deposit Insurance, August 19. 2022; FDIC Demands Four Entities Cease Making False or Misleading Representations about Deposit Insurance, February 15, 2023.
3 Following the 2008-2009 financial crisis, to protect homeowners from third party scammers, the Treasury’s Office of Financial Stability created and ran a first-of-its-kind online intellectual property protection program. According to a 2013 GAO report, Treasury performed “daily website scans to identify unauthorized uses of Treasury program trademarks or misrepresentations of programs[,] … issued notice of trademark infringement to owners of approximately 400 websites[,]” and made civil and criminal referrals to law enforcement in cases of alleged fraud. Treasury also worked with law enforcement and “internet search engines [which took] down over 200 alleged fraudulent websites” and suspended advertising relationships with hundreds more.