The Federal Trade Commission (FTC) announced it has reached a settlement with the bankrupt crypto company Voyager over the company’s alleged deceptive crypto marketing practices. Specifically, the FTC’s complaint alleges that from at least 2018 until its declaration of bankruptcy in July 2022, Voyager enticed consumers with promises that their deposits were insured by the Federal Deposit Insurance Corporation (FDIC) and were “safe.” However, consumers’ deposits with Voyager were not eligible for FDIC insurance and were not protected in the event that Voyager failed.

The FDIC only insures deposits held by insured banks or savings associations, and only up to certain limits. Voyager, however, is not a chartered bank or savings association. While Voyager’s bank partner was FDIC-insured, FDIC deposit insurance protects deposits only in the event of the insured institution’s failure, not the failure of a non-bank partner in the event of that company’s failure. According to the FTC, Voyager’s false assurance lured customers into entrusting their funds to the company, resulting in significant losses for those affected by the company’s bankruptcy in July 2022.

According to the complaint, Voyager was aware its claims could mislead consumers—Voyager’s partner bank allegedly reached out to the company in 2021 with concerns, stating that the FDIC deposit insurance claims were “potentially misleading.” According to the FTC, Voyager removed the FDI insurance claims from its advertising only after receiving a cease-and-desist letter from the FDIC. The FTC alleges that Voyager’s claims about FDIC deposit insurance violate the FTC Act’s prohibition on deceptive practices and the prohibition on obtaining a customer’s financial information through false statements under the Gramm-Leach-Bliley Act (GLBA).

The proposed settlement, announced on October 12, 2023, permanently bans Voyager and its affiliated companies from offering, marketing, or promoting any product or service related to depositing, exchanging, investing, or withdrawing consumers’ assets. The companies have also agreed to a judgment of $1.65 billion, which will be suspended to facilitate Voyager’s distribution of remaining assets to consumers as part of the bankruptcy proceedings.

However, former executive Stephen Ehrlich has not agreed to a settlement, and the FTC will proceed with its deceptive practices case against him in federal court. The Commodity Futures Trading Commission (CFTC) has also brought a parallel action against Stephen Ehrlich for violations of the Commodity Exchange Act, also stemming from the deceptive FDIC deposit insurance claims.

Key Takeaways

• The case serves as a reminder for crypto and BaaS companies alike that making misleading claims about financial security, including FDIC deposit insurance coverage, can have serious consequences.
• This development is only the latest in a long line of agency actions stemming from Voyager’s alleged conduct. The action also underscores the growing regulatory scrutiny of the crypto industry, and the ripple effects of how a violation in one seemingly discrete area of law can lead to multiple enforcement risks and consequences. The FDIC has updated its deposit insurance marketing regulations and has issued guidance and brought enforcement actions in this space. See our previous coverage. We note that federal law provides both civil and criminal liability for misrepresentations in connection with FDIC deposit insurance.

• The CFPB similarly has issued guidance, explaining that covered persons or service providers under the CFPB’s jurisdiction “likely violate” the federal prohibition on deceptive acts or practices if they misuse the name or logo of the FDIC or engage in false advertising or make misrepresentations to consumers about deposit insurance, regardless of whether such conduct is engaged in knowingly.

• It is also notable that the enforcement action relied on a provision of the GLBA that prohibits obtaining (or attempting to obtain) customer information by false pretenses, which applies to “any person.” We are not aware of many public cases or enforcement actions brought by the FTC that specifically rely on this provision, but apparently it has found new purpose and is quite versatile, as it can squarely apply to non-bank entities and individuals.

• These regulatory developments should also be understood against the backdrop of the final interagency guidance on third-party risk management, which presents the federal banking agencies’ unified view of how banks should monitor and control for third-party risks, through due diligence, ongoing monitoring, and, if necessary, termination of third-party relationships. Non-banks must also understand that as they provide services to banks, they are entering a highly regulated area where federal and state agencies have robust regulatory, enforcement, and supervisory powers that ordinary companies may not have faced before.