The FDIC has issued an “Advisory to FDIC-insured institutions Regarding Deposit Insurance and Dealings with Crypto Companies” to address the agency’s concerns regarding misrepresentations about FDIC deposit insurance by certain crypto companies.  Of particular concern to the FDIC is the risk that consumer confusion or harm can arise from crypto assets offered by, through, or in connection with an insured bank particularly when a non-bank offers crypto assets to its customers while also offering an insured bank’s deposit products.

The FDIC’s concern arises out of recent market turmoil that has resulted in the suspension of withdrawals or a halt in operations by some crypto companies.  According to the FDIC, “these companies have represented to their customers that their products are eligible for FDIC deposit insurance coverage, which may lead customers to believe, mistakenly, that their money or investments are safe.”

The first portion of the advisory addresses risks and concerns.  The FDIC identifies two issues that can create customer confusion.  The first issue is when FDIC deposit insurance applies.  The FDIC indicates that FDIC deposit insurance does not protect a non-bank’s customers against the default, insolvency, or bankruptcy of any non-bank, including crypto custodians, exchanges, brokers, wallet providers, or other entities that appear to mimic banks but are not, called “neobanks.”  The second issue is what products are FDIC insured.  The FDIC indicates that FDIC deposit insurance covers deposit products offered by insured banks but does not apply to non-deposit products, such as stocks, bonds, money market mutual funds, securities, commodities, or crypto assets.

The FDIC observes that in addition to potential consumer harm, customer confusion can lead to legal risks for banks if a crypto company, or other third-party partner of an insured bank, makes misrepresentations about the nature and scope of deposit insurance.  It also identifies liquidity risk to banks, which can potentially result in earnings and capital risk, if misrepresentations and customer confusion causes concerned consumers to move funds from insured banks.

The second portion of the advisory addresses risk management and governance considerations.   These considerations consist of the following:

  • Insured banks must assess, manage, and control risks arising from all third-party relationships, including those with crypto companies.
  • Insured banks should confirm and monitor the crypto companies they deal with to ensure such companies do not misrepresent the availability of deposit insurance, and should take appropriate action to address any misrepresentations.
  • Communications related to deposit insurance must be clear and conspicuous.  Non-banks, such as crypto companies, that advertise or offer FDIC-insured products in relationships with insured banks could reduce consumer confusion by clearly and conspicuously: (a) stating that they are not an insured bank; (b) identifying the insured bank(s) where any customer funds may be held on deposit; and (c) communicating that crypto assets are not FDIC-insured products and may lose value.
  • Insured banks that are involved in relationships with non-banks that offer deposit products as well as non-deposit products, such as crypto assets, can help minimize customer confusion and harm by carefully reviewing and regularly monitoring the non-bank’s marketing material and related disclosures to ensure accuracy and clarity.  (While not expressly stated by the FDIC, the FDIC would likely expect such review and monitoring to include whether a non-bank partner has taken the steps suggested by the FDIC to reduce consumer confusion.)
  • Insured banks should have appropriate risk management policies and processes to ensure that any services provided by, or deposits received from any third-party, including a crypto company, comply with all laws and regulations.
  • Because the FDIC’s regulation on misrepresentation of insured status can apply to non-banks, such as crypto companies, insured banks should determine if their third-party risk management policies and procedures effectively manage crypto-asset-related risks, including compliance risks related to the regulation.