Updated June 2026 guide to FDIC advertising rules, Part 328, digital FDIC sign requirements, fintech-bank partner disclosures, false advertising, and FDIC logo misuse.
Reviewed Jun 19, 2026 for source quality, practical relevance, and regulated-marketing context.
Updated June 19, 2026.
FDIC advertising compliance in 2026 is about more than placing "Member FDIC" in the right footer. Banks and fintech partners need to make clear who is insured, which products are deposits, what FDIC insurance does and does not cover, and when non-deposit products may lose value. That matters across websites, apps, ads, social posts, onboarding flows, ATMs, partner-bank disclosures, and affiliate or influencer copy.
The risk has grown with fintech, crypto, banking-as-a-service, and embedded finance. The FDIC has taken action against companies that implied FDIC protection where none existed, including a 2022 order directing five crypto companies to cease false FDIC-insurance claims. For fintechs working with sponsor banks, FDIC advertising compliance now overlaps heavily with partner marketing compliance, UDAAP review, and documented bank approval workflows.
This guide explains the FDIC advertising rule, the 2026 digital-sign update, what fintechs must disclose, and how banks should monitor third-party marketing.
The FDIC advertising rule, 12 C.F.R. Part 328, governs official FDIC signs, advertising statements, false advertising, misrepresentation of insured status, and misuse of the FDIC name or logo. In practical terms, the rule requires accurate use of FDIC references, clear separation between insured deposits and non-deposit products, disclosure when a fintech is not itself an FDIC-insured bank, and written bank policies for monitoring relevant third-party activity.
The FDIC Advertising Rule refers to federal regulations (12 C.F.R. Part 328) that governs how the FDIC's name, logo, and deposit insurance claims can be used in marketing. Section 18(a)(4) of the Federal Deposit Insurance Act makes it illegal for any person to falsely represent an uninsured product as FDIC-insured or misuse "FDIC" in company advertising.
In practice, this means only FDIC-insured depository institutions can advertise FDIC insurance, and even they must follow strict guidelines. The rule was recently updated to "modernize" these requirements for today's digital banking environment.
For decades, the FDIC's role has been to instill public confidence by regulating banks' communications about deposit insurance. Since 1934, the FDIC's official sign has been displayed at bank teller windows as a symbol that deposits are backed by the U.S. government.
The FDIC mandates that every FDIC-insured bank branch prominently show this sign and include an official statement (like "Member FDIC") in advertisements, so consumers know their money is protected.
By overseeing advertising and signage, the FDIC helps customers clearly identify when they are dealing with a legitimate insured institution versus a company that is not FDIC-backed.

The FDIC finalized a rule in Dec. 2023 to update and clarify Part 328. In Jan. 2026, the FDIC issued another final rule addressing implementation issues for digital deposit-taking channels, ATMs, and like devices. The 2026 rule gives insured depository institutions more flexibility while preserving the core goal: helping consumers understand when they are dealing with an insured bank and when their funds are protected by FDIC deposit insurance.
The 2023 amendments took effect on April 1, 2024. The FDIC later postponed compliance for Sections 328.4 and 328.5 to March 1, 2026 while leaving other amendments on the May 1, 2025 timeline. The FDIC's Part 328 Q&A, updated May 13, 2026, now notes that the 2026 amended digital-sign and ATM provisions have an April 1, 2027 compliance date.
The driving purpose behind these updated rules is to prevent false claims about deposit insurance that could harm consumers and erode trust in the banking system. The FDIC observed that new fintech channels have led to an "increase in misleading representations" about deposit insurance online.
If people mistakenly believe their money is FDIC-insured when it isn't, they could take on risks unaware. FDIC officials warn that unchecked misuse could undermine public confidence in legitimate banks.

The FDIC has several tools to crack down on false advertising. It is authorized by law to take enforcement action against any person or company that misrepresents FDIC coverage.
In practice, the FDIC often issues cease-and-desist letters as a first step. For example, in early 2023 the FDIC sent letters to a crypto exchange (CEX.IO) and a fintech (Zera Financial) ordering them to immediately stop making false claims that their crypto products were FDIC-insured.
If a company refuses to comply, the FDIC can escalate to formal enforcement, which may include monetary penalties or legal injunctions.
The new rule outlines what counts as false or misleading advertising. A few clear red flags include:
Financial institutions and fintech companies need to take proactive steps to avoid misrepresentation of FDIC insurance:
The consequences for misusing the FDIC logo can be severe. At a minimum, the FDIC will issue cease-and-desist orders, as seen with FTX US in 2022 - the crypto exchange was ordered to halt "false and misleading" claims that its users' funds were FDIC insured.
Beyond remedial actions, there are legal penalties. Federal law actually makes it a criminal offense to misuse the FDIC's name. While criminal prosecution is rare, violations can lead to fines or imprisonment. More commonly, the FDIC could impose civil penalties if an entity refuses to comply.
Those who misuse the FDIC logo risk regulatory enforcement, reputational damage, monetary fines, and legal jeopardy. The FDIC has warned that false claims left unchecked could undermine confidence and will not be tolerated.

Strict disclosure requirements are in place to make sure consumers know when their deposits are protected:
The FDIC logo should only be displayed in connection with actual insured deposit-taking. These disclosure rules help consumers distinguish insured from uninsured offerings.
FDIC deposit insurance has specific limits that consumers must understand. By law, the FDIC insures deposits up to $250,000 per depositor, per insured bank, per ownership category. This means if you have accounts at one bank, their balances are summed and insured up to $250K total.
Importantly, FDIC insurance only covers traditional deposit products at FDIC-insured banks - it does not cover investments like stocks, bonds, mutual funds, crypto assets, or other non-deposit items.
Many consumers don't fully realize this distinction. Money kept in a payment app or crypto exchange isn't protected if the company fails. In early 2023, collapses of firms like FTX revealed that some customers thought their funds were safe but lost access to hundreds of millions of dollars because those were not bank deposits.
The FDIC's advertising rule explicitly extends to fintechs, crypto companies, neobanks, and other non-bank institutions. This is important because these players have boomed in recent years - nearly half of U.S. households were using non-bank online payment services as of 2021.
The new rule means fintechs must be careful in how they talk about FDIC insurance. Many fintech apps partner with FDIC-insured banks to hold customer deposits - under the rule, the app can advertise deposits that are FDIC-insured only if they name the partner bank and make clear the fintech itself isn't the insurer.
This greatly impacts the "Banking-as-a-Service" market, where fintech brands offer accounts backed by chartered banks. The rule seeks to eliminate ambiguity about who provides insurance. Consumers currently hold "billions of dollars" in funds on non-bank payment apps, and many might mistakenly believe all their app-held funds are government-insured.
Some fintechs are already adding disclaimers on their websites and marketing materials. Others, especially crypto firms that previously touted pseudo-insurance, are having to stop making such representations altogether.
Given the size of the fintech sector, this change helps to increase trust - users will still enjoy fintech convenience but with clearer ideas about their protections.
FDIC advertising rules are not the only risk in bank-fintech marketing, but they sit at the center of the consumer trust problem. When an app, card program, wallet, cash-management product, or rewards account depends on a bank partner, the marketing has to explain the relationship without implying broader protection than the law provides.
Recent consumer-finance developments show why this matters:
For bank-fintech programs, FDIC, UDAAP, deposit, card, payments, and partner-oversight review should happen before launch, not after creative is finished. The safest workflow is documented dual review: the fintech proves the claim is accurate, the bank approves any use of its name or FDIC status, and both sides retain the final artifact.

To comply with the FDIC's Advertising Rule, financial institutions are making both front-end and back-end changes to their compliance programs.
The FDIC now requires all insured banks to establish written policies and procedures to make sure they follow Part 328. This means banks must document how they will display signs, use the FDIC logo, and review materials for compliance.
If a bank uses third parties like fintech partners, those policies must include provisions to "monitor and evaluate" those partners regarding FDIC insurance representations. Banks need an internal playbook for policing misuse of the FDIC name both internally and in collaborations with non-banks.
U.S. prudential regulators have signaled that banks should integrate checks for FDIC logo misuse into their regular compliance controls. For example, a compliance officer might periodically scan the bank's fintech partner websites to see if the FDIC logo is only where it should be.
Many banks and fintechs are forming joint oversight committees to review marketing language. The rule creates a culture of accountability: banks will hold their marketing departments and partners to these standards, and non-banks know their bank partners and the FDIC are watching.
The FDIC provided a Q&A guidance document to clarify common questions. By embedding these requirements into formal policies, the industry can systematically prevent infractions.
Before approving any deposit, card, wallet, cash-management, or bank-partner campaign, reviewers should confirm:
Banks, fintechs, and crypto companies have been developing strategies to improve compliance with the FDIC's rules. Industry experts recommend several key actions:
Many firms are also using third-party compliance consultants or tools that scan the internet for unauthorized use of a bank's name or logo.
The strategy is twofold: prevent problems through training and controls, and detect issues through monitoring and audits. This comprehensive approach not only avoids penalties but protects customers.
The FDIC advertising rule is 12 C.F.R. Part 328. It governs official FDIC signs, advertising statements, false advertising, misrepresentation of insured status, and misuse of the FDIC name or logo. It applies to insured depository institutions and also clarifies what non-banks cannot imply when discussing deposit insurance.
Usually no. A fintech that is not an insured depository institution should not say or imply that it is FDIC insured. If customer deposits are held at a partner bank, the fintech should clearly say it is not a bank, name the FDIC-insured bank, and explain the limits of deposit insurance.
The FDIC's May 2026 Part 328 Q&A notes that amended provisions for the FDIC official digital sign and related signage on IDI websites, mobile apps, ATMs, and like devices have an April 1, 2027 compliance date. Other Part 328 amendments may have different compliance timing, so firms should map obligations by section.
No. FDIC deposit insurance protects deposits if an FDIC-insured bank fails, up to applicable limits and ownership categories. It does not insure against the failure of a fintech company, operational outages, fraud, unauthorized transfers, market losses, crypto losses, or non-deposit investment losses.
Banks should retain approved marketing assets, review comments, partner approvals, final disclosures, version history, first-use dates, monitoring results, and remediation evidence for any bank, fintech, affiliate, or third-party campaign that references FDIC insurance, deposits, or the bank's insured status.
The FDIC Advertising Rule touches a fundamental issue: the public's knowledge of where their money is safe. By tightening misuse of the FDIC's name, regulators are strengthening financial security and reducing confusion in bank, fintech, and embedded-finance channels.
Regulatory scrutiny will only grow in fintech and banking - meeting these standards is now part of doing business in finance. Those who embrace compliance will thrive by earning customer confidence. Those who ignore it risk severe consequences in an environment where watchdogs are more alert than ever.
Staying up to date with FDIC advertising requirements can be difficult when campaigns move across bank websites, fintech apps, social channels, paid ads, affiliates, and partner-bank review queues. Luthor helps teams automatically review marketing assets for FDIC advertising, UDAAP, and related financial-marketing risks before content goes live.
Instead of manually reviewing each piece of marketing collateral or worrying about whether fintech partners are representing FDIC status correctly, teams can use AI-assisted review, documented approvals, and post-publication monitoring to reduce risk at scale.
Request demo access to see how we can help your organization maintain FDIC advertising compliance while streamlining your marketing review process.
When a fintech markets services that sit on a partner bank's charter, both sides own the compliance risk. Here's how to split the work cleanly — disclosures, review workflows, and the FDIC rules that quietly trip teams up.
Discover regulatory insights, automation tools, and strategies for compliance coverage.
UDAAP in banking: what is it & how to avoid unfair, deceptive, abusive acts or practices in your financial institution
Our policy and legal engineers will walk through your content workflows and regulatory obligations, then integrate Luthor in days, not months.