A shot across the fintech bow – The FDIC’s reported investigation of Voyager Digital

The FDIC’s reported investigation into Voyager Digital

According to media reports, the FDIC is investigating statements made by the fintech Voyager Digital that implied that its customers qualified for FDIC insurance in the case of Voyager Digital’s bankruptcy.[1] Representing or implying that a liability is protected by FDIC insurance when it is not is a violation of Section 18(a)(4) of the Federal Deposit Insurance Act and, since July 5, is also a violation of a new FDIC rule implementing the statute.[2]

This client update provides the background on both the pre-existing statutory provision and the FDIC’s new rule implicated in the reported investigation of Voyager Digital. The timing and context of the rule’s adoption make clear that one of the FDIC’s primary motivations in adopting the rule is the rise of fintech-bank partnerships, which have led to website marketing materials describing FDIC deposit insurance.[3] The FDIC has stated its belief that the final rule will primarily affect non-bank entities and individuals.[4] In light of the new rule, fintechs with bank partnerships should be extremely careful about how they describe the availability of FDIC insurance coverage for customer funds held at FDIC-insured banks.

The FDIC’s regulation of misleading advertising

Statute

Section 18(a)(4) of the Federal Deposit Insurance Act (FDI Act), which was added to the FDI Act in 2008,[5] contains two prohibitions. The first states that “[n]o person may represent or imply” that any obligation is FDIC-insured, when it is not, by using certain prohibited terms as part of the person’s business name or advertisement, solicitation or other document.[6] The second provides that “[n]o person may knowingly misrepresent” that an obligation is insured under the Federal Deposit Insurance Act, when it is not, or the extent or manner of any insurance, when it is not insured to that extent or in that manner.[7] The statute also empowers the FDIC and other Federal banking agencies to bring enforcement actions against persons who violate the prohibitions.[8]

Rule

The FDIC recently issued a rule implementing Section 18(a)(4) of the FDI Act.[9] The rule, proposed in May 2021, was passed in May 2022, and became effective on July 5, 2022.[10]

The rule includes provisions that closely track the wording of the two statutory prohibitions.[11] But it also includes examples for the first prohibition that arguably expand the scope of that prohibition by substituting the words “suggests or implies” for the statutory words “represents or implies.”[12] Similarly, it includes examples for the second prohibition that arguably expand the scope of that prohibition by substituting the words “representation, suggestion or implication” or variations on those words for “knowing representations.”[13]

Enforcement and whistleblowing

The federal banking agency responsible for investigating and enforcing these provisions of the FDI Act depends on the status of the alleged violator.[14] For entities that do not have a federal banking agency regulator, like non-bank fintechs, the FDIC has authority.[15] For entities for which the FDIC does not have primary authority (e.g., a state bank that is a member of the Federal Reserve), it has back-up enforcement authority.[16]

Since the prohibitions were added to Section 18 of the FDI Act in 2008, there has been only one public enforcement order.[17] But, critically, the preamble to the final rule states that the FDIC entered into at least 165 informal – that is, non-public, confidential – enforcement actions regarding the misuse of the FDIC’s name or logo or misrepresentations about deposit insurance, between January 1, 2019 and December 31, 2020.[18] The preamble also states that the FDIC expects the final rule to “apply to relatively few formal enforcement actions and conservatively estimates that it will affect fewer than 165 informal resolutions with non-bank entities and individuals each year.”[19] Of course, the informal enforcement actions are not public, but we believe the fact that the FDIC chose to make public that it had engaged in 165 informal actions in a recent two-year period suggests that the agency may have engaged in a sweep of the street to clean up various problems. It cannot be known for certain whether the FDIC’s estimate that the rule will affect fewer than 165 informal resolutions each year reflects that any such clean-up has occurred. We think that, especially in light of the current crypto troubles and the Voyager Digital situation, fintechs would be wise not to read these statements as signals of non-enforcement. Instead, the statements signal that enforcement is likely to continue to be mainly confidential and non-public.

In addition to the FDIC’s general enforcement authority – formal and public or informal and confidential – the new rule creates a process for individuals and institutions to report suspected instances of misleading advertising, which could trigger FDIC investigations and informal processes.[20] The rule creates a point-of-contact for receiving complaints and inquiries about potential misrepresentations and allows customers of fintechs to report potential misrepresentations.[21] The term whistleblowing is not used by the FDIC but, in effect, the process created is just that, even though there is, unlike with the SEC, no monetary incentive.

Looking forward

The rule, which arguably expands the scope of some prohibitions of the statute, and the agency’s statement that it believes the rule will primarily affect non-bank entities, are all signs that fintechs with bank partnerships may be targets of the FDIC. The agency’s reported investigation into Voyager Digital’s statements about deposit insurance may just be the beginning of an increase in enforcement.  Fintechs in existing bank partnerships should carefully review their website disclosures and contracts to make sure that their statements are in compliance with the statute and the new regulation, and fintechs considering entering into such partnerships should be particularly careful about how they advertise the availability of FDIC insurance and describe it in their customer contracts.

The FDIC is not the only agency taking a hard stance on combatting misrepresentations about deposit insurance coverage.[22] The CFPB released a circular on May 17, 2022, highlighting that misrepresentations about deposit insurance “may be particularly relevant with respect to new financial products or services, especially those involving new technologies such as digital assets, including crypto-assets.”[23] The circular also emphasized that misrepresentations about deposit insurance coverage may violate the Consumer Financial Protection Act’s prohibition on unfair, deceptive, or abusive acts or practices, thereby allowing for an additional cause of action.[24]

Fintechs should watch these spaces carefully.

Law clerk Nausherwan Aamir contributed to this update.