Thursday, December 26, 2024

July 2024 OBA Legal Briefs

More on the FDIC’s Revisions to Part 328

By John S. Burnett

In last month’s Legal Update, I offered an analysis of the changes the FDIC has made to the rules applicable to deposit-accepting ATMs (and similar equipment) in its regulations at 12 CFR Part 328 on Advertisement of Membership, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo.

Before going further, I want to emphasize here that the new rules on FDIC signage on ATMs in new § 328.4 only apply to deposit-accepting ATMs (and like devices).

In this month’s issue, we review these other significant changes to the regulation:

  • The new definitions section
  • Reorganized and updated information on the FDIC’s official sign
  • New alternative official sign display options
  • Non-deposit product signage requirements
  • FDIC signs for digital deposit-taking channels
  • Another optional FDIC short title for ads
  • A “cleanup on aisle 10” change
  • Required policies and procedures
  • Changes to Subpart B

Definitions

There are now two sets of definitions in the regulation. Section 328.1 includes definitions applicable within the entire regulation, for “Branch,” “Corporation” (the FDIC), “Deposit,” “Digital deposit-taking channel” (websites, banking applications, and any other electronic communications method through which an insured depository institution accepts deposits), “Hybrid product,” “Insured depository institution,” and “Non-deposit product” (any product that is not a “deposit,” including, but not limited to: insurance products, annuities, mutual funds, securities and crypto-assets, but credit products and safe deposit boxes are excluded from this definition).

If you compare the old Subpart A with the new Subpart A, you will see that many of the definitions in the previous version appear with the first instance of the defined term in the text of the regulation, and some terms in the previous version are simply not defined.

Section 328.101 comprises definitions applicable only to Subpart B. More on that later.

Reorganized and updated information on the FDIC’s official sign

Under the “old” regulation, section 328.1 provides a description and definition of the FDIC’s official sign, which is the sign that FDIC-insured depository institutions (IDIs) must post at their teller stations. There is also a definition included of the “symbol” of the FDIC, which is essentially the official sign with the graphic and statement to the left of the initials FDIC cut off, and the horizontal lines removed.

Then, in the old regulation, section 328.2 provides the requirements for displaying the official sign; a provision allowing the use of signs that vary from the official sign in size, color, or material (with certain limitations on size and color combinations); information on procuring the official sign from the FDIC or from commercial sources in other sizes and colors; and a rule allowing the FDIC to require an IDI to “change the wording of the official sign in a manner deemed necessary for the protection of depositors or others.” I presume that addresses cases in which an IDI has not updated its signage when the FDIC makes a change (such as the change in the standard deposit insurance limit from $100,000 to $250,000 several years ago), or in which an IDI has bought non-conforming signs from a commercial source.

In the new regulation, all of that information is reorganized in sections 328.2 and 328.3. Section 328.2 includes the descriptions of the official sign and symbol, reworded information on procurement of signs, and the rule allowing the FDIC to require you to change its posted signs.

New section 328.3 governs signage within the premises of IDIs and adds requirements for signage when an IDI offers non-deposit products within their premises. And this is where we see some substantive changes.

New alternative official sign display options

To start, we see essentially the same old rules on displaying the FDIC’s official sign at teller stations (for banks that usually and normally receive insured deposits at teller windows or stations). You can still use signs that are larger than the standard 7 x 3 inches, and in colors other than black on gold (still limited to two colors with the logo, wording and graphics in one color and the background in another, as long as the color combination still makes the logo, graphics and wording legible).

NEW! If you do not offer non-deposit products on the premises, you can choose to replace those official signs at each teller station with official signs that are placed at one or more locations visible from the teller stations or windows in a manner that ensures a copy of the official sign is large enough to be legible from anywhere  in that area. For example, your lobby design team might want to blow the official sign up to 70 by 30 inches – ten times the standard size – with navy blue logo, graphics, and text against a gold background, to complement the color scheme of your lobby, and place it in only one spot, eight feet above floor level behind the center of your  teller line where no one can miss seeing it. Overkill, you say? Perhaps, but it gets across the point that you have this new option (but only if you do not offer non-deposit products on the premises).

Also new is a rule designed for café style bank lobbies or other non-traditional arrangements, whether or not non-deposit products are offered on the premises. If insured deposits are usually and normally received in areas of the premises other than teller windows or stations, you must display the official sign in one or more locations in a way that ensures a copy of the official sign is large enough so as to be legible from anywhere in those areas.

Non-deposit products signage requirements

Thirty years ago, the FDIC, Federal Reserve Board, OCC and Office of Thrift Supervision (for those of you new to banking, the OTS was eliminated by the Dodd-Frank Act of 2010) issued the “Interagency Statement on Retail Sales of Nondeposit Investment Products,” which was developed to eliminate customer confusion regarding what is insured and not insured among the various products available from FDIC-insured depository institutions.

The update of Part 328 by the FDIC has incorporated that guidance. Banks that offer non-deposit products should find the rules in section 328.3 familiar, and it is expected that compliance under the 1994 Guidance will comply with section 328.3.

There is a requirement for segregated areas to be used for the offering of non-deposit products and those areas are to be clearly delineated and distinguished from areas where insured deposit-taking activities occur. In cases of physical area limitations where there are challenges to offering non-deposit products in a distinct area,  you still must take prudent and reasonable steps to minimize customer confusion.

There is a familiar requirement for conspicuous signage in such areas indicating that the non-deposit products : are not insured by the FDIC; are not deposits; and may lose value.

You can use electronic media to display the official sign and the non-deposit sign as long as one related to the product being offered is continuously and conspicuously displayed while that product is being offered. So, for example, you could use an electronic sign board that displays the official sign most of the time but is switched off and replaced by the “not, not, may” sign when offering non-deposit products.

Signs for digital deposit-taking channels

In last month’s Legal Briefs, I introduced the FDIC’s new official digital sign that will appear on some ATMs. That new sign is officially described in new section 328.5, which governs signage for digital deposit-taking channels, “including IDIs’ websites and web-based or mobile applications that offer the ability to make deposits electronically and provide access to deposits at IDIs.” The design of the official digital sign is spelled out in meticulous detail in section 328.5(b), which I won’t repeat here, but I do recommend that you share that very technical description with whoever designs your website, banking app, and any other digital deposit-taking channels.

Display of the FDIC official sign (the one that appears at teller stations) or the use of the shorthand “Member FDIC” will no longer be acceptable, effective January 1, 2025, for use on bank websites or other digital deposit-taking channels.

Can you get by just by replacing the old FDIC symbol with the new official digital sign everywhere on your website or app?

No. The new official digital sign (or the “digital symbol” — essentially the digital sign without the gray graphic underscore) must appear on the following pages or screens:

  1. Initial or homepage of the website or application
  2. Landing or login pages
  3. Pages where the customer may transact with deposits (for example, make deposits on an IDI’s smartphone app). I believe this would also apply to any page in an online banking web or smartphone app on which a customer can make a transfer to or from the customer’s accounts.

The official digital sign must be clearly legible across all IDI deposit-taking channels. To be considered clear and conspicuous, the official digital sign should be placed near the top of the relevant page or screen and close to the bank’s name. That requirements means the bank’s name should appear on each such page or screen.

Burying the official digital sign in a universal footer for all pages of a website will not be acceptable.

What about web or application pages that offer  non-deposit products?

If a digital deposit-taking channel offers both access to deposits at an IDI and non-deposit products, the institution must clearly and conspicuously display signage indicating that the non-deposit products: are not insured by the FDIC; are not deposits; and may lose value, continuously on each page relating to non-deposit products. This non-deposit signage may not be displayed in close proximity to the FDIC’s official digital sign. As a matter of practicality, it’s probably best not to mix deposit products and non-deposit products on the same page or screen of the website or application.

Can a bank provide a link on the website or application allowing logged-in customers to access a third-party’s offering of non-deposit products?

Yes, but the IDI must provide a one-time per web session notification on its digital deposit-taking channel before the customer leaves the digital deposit-taking channel. The notification must be dismissed by an action of the bank customer before initially accessing the third party’s online platform and it must clearly and conspicuously indicate that the third party’s non-deposit products: are not insured by the FDIC; are not deposits; and may lose value. Optionally, the notification may also indicate that the bank customer is leaving the IDI’s website or other disclosures that may help prevent consumer confusion.

As with the FDIC’s official sign, the FDIC may require any IDI, with 30 days’ notice, to change the wording, color or placement of the FDIC official digital sign and other signs for digital deposit-taking channels when the FDIC deems it necessary for the protection of depositors or others or to ensure consistency with the requirements of subpart A of the regulation.

Changes in official advertising statement requirements

Old section 328.3 – “Official advertising statement requirements” has been reissued as section 328.6 under the same heading, with only one change other than updating cross-references to other sections of the update regulation. It does give your marketing department one additional “short title” that can be used in advertisements in place of the full official advertising statement “Member of the Federal Deposit Insurance Corporation.” In addition to the familiar short titles “Member of FDIC” and “Member FDIC,” and the symbol of the FDIC, your marketing department now has the option of using “FDIC-Insured” in ads subject to section 328.6.

For decades, bankers have asked probing questions about using “Member FDIC” in ads. Questions like “Do we need to include ‘Member FDIC’ on Frisbees we give away to kids at our booth at the county fair each  year if they have our bank name on them?” Questions that I tend to counter with “What other reason does the bank have for having its name on the Frisbees than to advertise the bank, and what about a Frisbee makes it impractical to include ‘Member FDIC’ along with the bank’s name?” The FDIC has included a list of ten types of advertisements that do not require the official advertising statement in old section 328.3 for as long as I can remember, and it hasn’t updated that list at all in the updated regulation.

Cleanup on aisle 10

That is, EXCEPT for item 10 on the list, which, until April 1, 2024, still referred to an FDIC insurance limit of $100,000 because it was not updated when the limit was boosted to $250,000 permanently in 2010. In the new section 328.6 the phrasing was changed to “or that its deposits or depositors are insured by the Federal Deposit Insurance Corporation to at least the standard maximum deposit insurance amount (as defined in § 330.1(o)) for each depositor.”

Policies and procedures

What self-respecting FDIC regulator would not include a requirement that parties subject to its regulation have policies and procedures for compliance with the regulation?

Until April 1, 2024, Part 328 did not have such a requirement. To be sure, the FDIC has always expected that IDIs (and others affected by the rule) comply with Part 328. But the  updated regulation, which has a required compliance date of January 1, 2025, now requires, in new § 328.8, that IDIs establish and maintain “written policies and procedures to achieve compliance with this part.” Not only must the policies and procedures be written, but they also must be “commensurate with the nature, size, complexity, scope, and potential risk of the deposit-taking activities of the insured depository institution and must include, as appropriate, provisions related to monitoring and evaluating activities of persons that provide deposit-related services to the insured depository institution or offer the insured depository institution’s deposit-related products or services to other parties.”

In the prefatory text published with the amendments on January 18, 2024, the FDIC expanded on its requirement that the policies and procedures address any third-party that provides deposit-related serves to an IDI:

“Here, the policies and procedures established and maintained by IDIs will facilitate compliance with part 328, including by ensuring that appropriate monitoring is conducted and evaluations are performed regarding activities of certain persons that provide deposit-related services to IDIs or offer an IDI’s deposit products or services to other parties. The policies and procedures will help ensure activities are conducted in compliance with applicable laws and that IDIs are aware of whether certain third parties are in violation of subpart B of part 328. Having these policies and procedures in place will help mitigate the risks of consumer harm and confusion, consistent with the statutory purpose underlying section 18(a) of the FDI Act and the FDIC’s mission to maintain and promote public confidence in the banking system.” [https://www.federalregister.gov/d/2023-28629/p-212].

That paragraph is significant. You may recall that the FDIC has been issuing “cease and desist” letters to various fintechs that were allegedly misrepresenting their non-deposit products to be FDIC-insured or making other misleading statements about FDIC coverage of funds invested with the fintechs. In some cases, those companies have said that their clients’ funds are placed with an IDI, making them “fully insured” or “guaranteed by the U.S. government,” which, of course, isn’t always the case because there is a cap on FDIC coverage per depositor per capacity.

The requirement that an IDI be aware of whether certain third parties are in violation of subpart B now makes it the IDI’s responsibility to monitor the activities and statements of third parties it may work with to ensure the third parties are not misrepresenting the facts with regard to FDIC coverage of their clients’ funds.

Changes to subpart B

Subpart B was not overhauled to the extent that subpart A was. Here’s a list of the changes.

Definitions: Section 328.101 now includes a definition of “deposit” and selected other definitions were cleaned up a bit or restated rather than citing back to subpart A.

Prohibition: Section 328.102 has added prohibitions against using FDIC-associated terms or images in a way that inaccurately states or implies that a person other than an IDI is insured by the FDIC. Also added are examples of material misrepresentations relating to FDIC coverage.