A shot across the fintech bow – FDIC’s reported investigation into Voyager Digital

The FDIC’s reported investigation into Voyager Digital

According to media reports, the FDIC is investigating statements made by fintech Voyager Digital that suggested its customers qualified for FDIC insurance in the event of Voyager Digital’s bankruptcy.[1] Representing or implying that a liability is protected by FDIC insurance when it is not is a violation of Section 18(a)(4) of the Federal Deposit Insurance Act, and since July 5, it is also a violation of a new FDIC rule implementing statute.[2]

This client update provides background on both the existing statutory provision and the FDIC’s new rule involved in the reported investigation of Voyager Digital. The timing and context of the rule’s adoption make it clear that one of the FDIC’s primary motivations for adopting the rule is the rise of fintech-bank partnerships, which has led to website marketing materials describing FDIC deposit insurance.[3] The FDIC has stated its belief that the final rule will primarily affect nonbank entities and individuals.[4] In light of the new rule, fintechs with bank partnerships should be extremely careful in how they describe the availability of FDIC insurance coverage for customer funds held at FDIC-insured banks.

FDIC Regulation of Deceptive Advertising

articles of association

Section 18(a)(4) of the Federal Deposit Insurance Act (FDI Act), which was added to the FDI Act in 2008,[5] contains two prohibitions. The first states that “[n]o person may represent or imply” that any obligation is FDIC insured, when it is not, by using certain prohibited terms as part of the person’s business name or advertisement, solicitation or other document.[6] The other determines that “[n]o person may knowingly misrepresent that an obligation is insured under the Federal Deposit Insurance Act, when it is not, or the extent or manner of insurance, when it is not insured to that extent or in that manner.[7] The statute also authorizes the FDIC and other federal banking agencies to initiate enforcement actions against persons who violate the prohibitions.[8]

Rule

The FDIC recently issued a rule implementing Section 18(a)(4) of the FDI Act.[9] The rule, proposed in May 2021, was adopted in May 2022, and went into effect on July 5, 2022.[10]

The rule contains provisions that closely follow the wording of the two statutory prohibitions.[11] But it also includes examples for the first prohibition that arguably expand the scope of that prohibition by substituting the statutory words “represents or implies” for the words “implies or suggests.”[12] Similarly, it includes examples for the second prohibition that arguably expand the scope of that prohibition by replacing the words “representation, suggestion, or implication” or variations of those words with “knowing representations.”[13]

Enforcement and notification

The federal banking agency responsible for investigating and enforcing these provisions of the FDI Act depends on the status of the alleged violator.[14] For entities that do not have a federal banking agency regulator, such as non-bank fintechs, the FDIC has authority.[15] For entities over which the FDIC does not have primary authority (eg, a state bank that is a member of the Federal Reserve), it has backup enforcement authority.[16]

Since the prohibitions were added to Section 18 of the FDI Act in 2008, there has been only one public enforcement action.[17] But critically, the preamble to the final rule states that the FDIC entered into at least 165 informal—that is, nonpublic, confidential—enforcement actions regarding misuse of the FDIC’s name or logo or misrepresentations about deposit insurance, between January 1, 2019, and December 31, 2020.[18] The preamble also says the FDIC expects the final rule “to involve relatively few formal enforcement actions and conservatively estimates that it will affect fewer than 165 informal decisions involving non-bank entities and individuals each year.”[19] Of course, the informal enforcement actions are not public, but we believe that the fact that the FDIC chose to make public that it had engaged in 165 informal actions over a recent two-year period suggests that the agency may have engaged in a street-clearing review up in various problems. It cannot be known for certain whether the FDIC’s estimate that the rule will affect fewer than 165 informal decisions each year reflects that such cleanup has taken place. We believe that fintechs, especially in light of the current crypto issues and the Voyager Digital situation, would be wise not to read these statements as signals of non-enforcement. Instead, the statements signal that enforcement is likely to continue to be largely confidential and non-public.

In addition to the FDIC’s general enforcement authority—formal and public or informal and confidential—the new rule creates a process for individuals and institutions to report suspected cases of deceptive advertising, which could trigger FDIC investigations and informal proceedings.[20] The rule creates a point of contact to receive complaints and inquiries about potential misrepresentations and allows fintech customers to report potential misrepresentations.[21] The term notification is not used by the FDIC, but in practice the process created is just that, although, unlike with the SEC, there is no monetary incentive.

Look forward to

The rule, which arguably expands the reach of some prohibitions in the statute, and the agency’s statement that it believes the rule will primarily affect non-bank entities, are all signs that fintech with bank partnerships could be targeted by the FDIC. The agency’s reported investigation into Voyager Digital’s deposit insurance statements may be just the beginning of an increase in enforcement. Fintechs in existing banking partnerships should carefully review their disclosures and contracts to ensure their statements comply with the Act and the new regulation, and fintechs considering entering into such partnerships should be especially careful how they advertise the availability of FDIC insurance and describe that in their customer contracts.

The FDIC is not the only agency taking a hard line to combat misrepresentations about deposit insurance coverage.[22] The CFPB issued a circular on May 17, 2022, highlighting that deposit insurance misrepresentations “may be particularly relevant with respect to new financial products or services, particularly those involving new technologies such as digital assets, including cryptoassets.”[23] The circular also emphasized that misrepresentations about deposit insurance may be in breach of the Consumer Act’s prohibition against unfair, misleading or insulting actions or practices, and thus open the door to a further case.[24]

Fintechs should look closely at these areas.

Law Secretary Nausherwan Aamir contributed to this update.