The last few weeks have seen a significant ramp-up of federal bank regulators’ focus on cryptocurrency companies and their disclosures regarding FDIC deposit insurance, signaling a potential spike in enforcement actions targeted at the crypto sector.
On August 19, 2022, the Federal Deposit Insurance Corporation (“FDIC”) issued cease and desist letters (the “Letters”) to five companies, claiming the companies had made false and misleading statements concerning FDIC deposit insurance in violation of the Federal Deposit Insurance Act (the “FDIA”). The Letters follow a joint letter by the FDIC and Federal Reserve Board demanding that Voyager Digital cease and desist from making false or misleading statements regarding its FDIC deposit insurance status and immediately correct prior disclosures (the “Joint Letter”). The FDIC also recently released a fact sheet clarifying certain misconceptions about deposit insurance in relation to cryptocurrency companies (the “Fact Sheet”).
The FDIA prohibits any person from engaging in false advertisement by making knowing misrepresentations about deposit insurance or through the misuse of the FDIC name or logo. As explained in our recent blog post, the FDIC adopted a final rule on May 17, 2022 elaborating on what constitutes false advertising of deposit insurance for purposes of the FDIA (the “Final Rule”).
In the Letters, the FDIC stated that each of the companies made false representations on their websites or social media accounts regarding the availability and scope of FDIC insurance, including by stating or implying that: (i) certain cryptocurrency exchanges are FDIC-insured; (ii) FDIC insurance would protect against losses caused by the failure of a cryptocurrency exchange; (iii) FDIC insurance is available for cryptocurrency; and (iv) stocks held in brokerage accounts are FDIC-insured. The FDIC explained that these statements were likely to mislead and potentially harm consumers because:
- the FDIC does not insure any cryptocurrency exchanges;
- FDIC insurance only covers deposits held in insured banks and savings associations and protects against losses caused by failure of such insured depository institutions (“IDIs”); and
- FDIC insurance does not cover cryptocurrency or stocks.
The FDIC also determined that FDICCrypto.com, by using “FDIC” in its domain name, was making false representations that the website and products offered on it were being offered by the FDIC, protected by FDIC deposit insurance, and endorsed by the FDIC.
The FDIC demanded that the companies immediately remove any and all such statements, cease and desist from making such statements, and provide the FDIC with a written confirmation within 15 business days detailing the efforts that were undertaken to fully comply. The Letters do not constitute an enforcement proceeding, and indicate that the FDIC would contemplate additional steps toward an enforcement proceeding if the recipients do not comply with the remedial steps set out in the Letters.
The FDIC’s issuance of the Letters emphasizes that enforcement of the Final Rule is a priority for the FDIC, including the requirement that entities that claim to offer pass-through insurance do so in a manner that clearly indicates that the deposits are protected in an insolvency of the IDI and not in an insolvency of the intermediary or “pass-through” entity. Furthermore, in one of the Letters, the FDIC deemed a tweet regarding the direct deposit of funds into “individually FDIC-insured bank accounts” a material omission for failing to identify the bank(s) at which the company has a direct or indirect relationship for placement of deposits and into which such consumers’ funds may be deposited.
Alongside the Final Rule, the Consumer Financial Protection Bureau (the “CFPB”) released a Circular indicating that it will also pursue false or misleading misrepresentations of FDIC deposit insurance under the Consumer Financial Protection Act (the “CFPA”). While the CFPB has not yet taken action with respect to the cryptocurrency-related statements identified by the FDIC in the Letters, it could issue similar cease and desist letters or impose fines for violations of the CFPA.
We reiterate that both traditional and emerging financial market participants should review their existing statements and advertisements relating to FDIC insurance in light of the Final Rule, the Joint Letter, and the Letters. Companies providing analysis of the financial sector and cryptocurrencies should also take note, as the FDIC called out misleading reviews of cryptocurrency exchanges published by Cryptonews.com, Cryptosec.info, and SmartAsset.com even though they do not provide cryptocurrency services themselves. These Letters are likely only the beginning of a focused effort by the FDIC to oversee cryptocurrency-related activity of nonbanks for compliance with federal banking law.
 Press Release, FDIC Issues Cease and Desist Letters to Five Companies For Making Crypto-Related False or Misleading Representations about Deposit Insurance (Aug. 19, 2022) (link). The companies that received Letters are Cryptonews.com, Cryptosec.info, SmartAsset.com, FTX US, and FDICCrypto.com.
 FDIA Section 18(a)(4), 12 U.S.C. § 1828(a)(4), and its implementing regulation, 12 C.F.R. Part 328, Subpart B.
 Joint Press Release, FDIC and Federal Reserve Board issue letter demanding Voyager Digital cease and desist from making false or misleading representations of deposit insurance status (Jul. 28, 2022) (link).
 See, Cleary Gottlieb Steen & Hamilton, LLP, FDIC and CFPB Adopt Sweeping Guidance on Deposit Insurance Advertising (Jun. 6, 2022) (link). Under the Final Rule, potential violations include: (i) any statement that “implies” or “suggests” the existence of deposit insurance for a non-insured product; (ii) any omission of information that “would be necessary to prevent a reasonable consumer from being misled,” as to whether a product is insured or the extent or nature of the insurance; and (iii) any reference to the FDIC without a “without a clear, conspicuous, and prominent disclaimer that the products being offered are not FDIC insured or guaranteed”, if they are not. Furthermore, a firm that represents or implies that a product is insured or guaranteed by the FDIC, or backed by insured deposits, violates the FDIA unless it identifies each of the insured depository institutions at which the firm may deposit customer funds.
 See, Cleary Gottlieb, supra note 5. The CFPA prohibits “unfair, deceptive, or abusive act[s] or practice[s] in connection with the offering or provision of a consumer financial product or service” and grants the CFPB authority to oversee representations of FDIC insurance by a range of covered persons and service providers, potentially including financial technology companies.