The Regulatory Framework: Who Regulates Community Bank Advertising?

FDIC, OCC, and Federal Reserve

The FDIC supervises state nonmember banks and enforces Regulation DD, 12 CFR Part 328, and consumer protection standards. The OCC supervises national banks and federal thrifts; OCC bulletin 2014-37 on unfair or deceptive practices remains an active reference for national bank advertising reviews. State-chartered Federal Reserve member banks fall under Fed supervision for Regulation DD, Regulation Z, and ECOA fair lending requirements.

CFPB and State Banking Departments

The CFPB writes the rules every community bank must follow, including Regulation DD, Regulation Z, and Regulation B, even though it directly examines only institutions above $10 billion in assets. CFPB enforcement actions and guidance set the interpretive standard your primary regulator applies. Your state banking regulator adds a second layer: New York, California, Texas, and Florida each have requirements that have generated enforcement activity specific to deposit and consumer product marketing.

Truth in Savings (Reg DD) and APY Advertising Rules

Regulation DD, implementing the Truth in Savings Act, governs advertising for savings, checking, money market, and CD products. It generates more advertising examination findings than any other single regulation community bank marketing teams face.

APY Disclosure and Trigger Terms

Whenever an advertisement states a rate of return, it must express that return as an annual percentage yield (APY), accurate to two decimal places, displayed at least as prominently as any other rate. Once a trigger term appears, including the APY itself, a specific dollar amount of interest, or a specific time period for earning interest, the advertisement must also disclose the minimum balance required to obtain that APY, any minimum opening deposit, and any limitation on the time the rate is offered. These requirements apply across print, digital, broadcast, and social media. If a tiered-rate account pays different APYs by balance level, each tier’s APY must be disclosed. “Free checking” language requires equal care: if a monthly maintenance fee can be waived conditionally, the advertisement must not imply the account is unconditionally free.

Truth in Lending (Reg Z) for Consumer Credit Products

Regulation Z, implementing the Truth in Lending Act, governs advertising for personal loans, home equity lines of credit, retail mortgage products, and consumer installment loans. Credit product advertisements must quote the annual percentage rate (APR), which includes the interest rate plus certain fees expressed as an annual cost of credit. APY belongs in deposit advertising under Reg DD; confusing the two in either direction will generate examiner findings. If a consumer loan advertisement mentions any one of the following, it must disclose all the others: the down payment amount or percentage, the number of payments or repayment period, the payment amount, or the amount of any finance charge. Any “no closing costs” or fee-waiver claim must also be precise: Reg Z defines “finance charge” broadly to include origination fees and discount points, so “no fees” language when some finance charges still apply can constitute both a Reg Z and a UDAAP violation.

FDIC Official Name and Logo Requirements

The FDIC’s official bank name and advertising statement requirements under 12 CFR Part 328 cover what to say, how to say it, and in what contexts. The two acceptable statement forms are “Member FDIC” (the standard short form) and “[Bank Name], Member FDIC” when the bank’s name does not appear in the advertisement. As of the FDIC’s 2023 rule update (effective January 2024), institutions should use “Member FDIC” as the standard form; teams still using “Insured by FDIC” should update those templates. The statement is required in all advertisements for insured deposit products, including print, broadcast, digital, email, social media, in-branch materials, and outdoor. Business cards and stationery that list only contact information are exempt. The FDIC statement must never appear on non-deposit product advertising such as annuities or securities, where its presence implies insurance coverage that does not exist.

What Triggers a Violation

Common findings involve a vendor-built campaign that omits the statement, a co-branded promotion where the partner’s materials lack it, a brand refresh that fails to carry it through all updated materials, or the statement appearing on non-deposit product advertising. Build FDIC statement verification as a named line item on every creative approval checklist.

UDAAP and Fair Lending in Marketing Copy

The prohibition against unfair, deceptive, or abusive acts or practices, known as UDAAP, applies to community bank advertising across every product and channel. An act is unfair if it causes substantial consumer injury that is not reasonably avoidable: advertising a promotional CD rate without disclosing an early withdrawal penalty that could eliminate all earned interest is a textbook example. An act is deceptive if it misleads a reasonable consumer on a material point: “free” checking with undisclosed conditional fees, or a loan advertisement that downplays total cost. An act is abusive if it materially interferes with the consumer’s ability to understand a term or exploits the consumer’s lack of understanding.

Fair Lending in Digital Marketing

The Equal Credit Opportunity Act (ECOA) and Regulation B prohibit discrimination in credit advertising on the basis of race, color, religion, national origin, sex, marital status, age, or receipt of public assistance. The Fair Housing Act extends similar protections to residential mortgage advertising. Digital ad targeting tools, if misconfigured, can effectively exclude protected classes from seeing credit product promotions, creating fair lending exposure even without discriminatory intent. The CFPB has made clear that ECOA applies to the full advertising and lead-generation process, not just the credit decision. Marketing copy should eliminate conditional benefits presented as unconditional, recurring offers framed as limited-time, and testimonials that imply typical outcomes when results vary materially.

Social Media Compliance for Community Bank Marketers

The FFIEC published its Social Media: Consumer Compliance Risk Management Guidance in 2013, and it remains the primary federal framework for community bank social media compliance. That guidance treats social media activity as advertising subject to all the same rules as traditional channels, covering content the bank posts itself, content third parties post on the bank’s pages, and content bank employees post in contexts a reasonable person might attribute to the bank.

Approval Workflows, Employee Policy, and Archival

Any social media post that promotes a specific product, rate, or service must go through the same compliance review as a print advertisement, including FDIC statement verification and trigger-term disclosures. A two-tier approach works well: marketing reviews for brand and accuracy, then a compliance officer reviews for regulatory accuracy. Community banks should maintain a written social media policy specifying which employees are authorized to post on behalf of the bank and what restrictions apply to personal accounts when employees discuss rates or product terms. Social media records must capture the content as displayed and the date and time of publication, and should be retained for at least two years, with most compliance programs defaulting to three years.

For more on social media compliance workflows applied to financial services, see our related article on social media compliance for mortgage teams, which covers many of the same approval and monitoring principles in the lending context.

State-by-State Advertising Disclosure Variations

Federal regulations establish a compliance floor, not a ceiling. Build advertising templates to the highest applicable standard across all states where you operate: this conservative approach eliminates the risk of a campaign that is compliant in your home state but not where you are also acquiring customers.

New York: NY DFS

NY DFS has detailed state-level advertising requirements, including specific formatting standards for deposit rate disclosure and enforcement positions on digital advertising targeting under General Business Law Section 349. The NY DFS has pursued discriminatory redlining claims aggressively: community banks running digital acquisition campaigns in New York should have targeting parameters reviewed for fair lending risk before launch.

California: CA DFPI

California’s DFPI enforces the California Consumer Financial Protection Law, giving the state broad authority to pursue UDAAP-type actions. The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) also impose requirements on how community banks collect and use consumer data for targeted advertising. Community banks using third-party data to target advertising in California must review data use agreements and opt-out mechanisms against CCPA/CPRA requirements before launch.

Texas: Texas Department of Banking

The Texas Department of Banking supervises state-chartered banks under the Texas Finance Code, which adds state-specific terminology standards to Regulation DD’s fee-disclosure requirements. Texas law also requires specific right-to-cancel language in certain consumer credit product advertising, creating interaction points with Regulation Z that require careful template review.

Florida: Florida OFR

Florida’s Office of Financial Regulation applies Florida Statutes Chapter 655 and has been active in enforcement around promotional rate advertising for CD and money market products. Advertisements with promotional rates in Florida should clearly disclose the promotional period duration and the post-promotional rate at a prominence comparable to the promotional rate itself.

Ad Record Retention Rules

Community banks must retain advertising materials in a form that allows examiners to reconstruct the advertising program at any point during the retention window, across every channel: print, broadcast, digital, email, direct mail, out-of-home, and social media.

Retention Periods and What to Keep

The federal minimum is two years from the date the advertisement was last used, under both Regulation DD and Regulation Z. Many compliance programs adopt a three-year standard to cover broader state requirements and potential litigation holds. California’s DFPI and the NY DFS both contemplate examinations covering activity from three or more years prior. A complete advertising record includes: the final approved version in the format actually used; the date range it was active; the channels and placements where it appeared; approval documentation showing who reviewed it and when; compliance review notes and change request resolutions; and, for digital campaigns, the targeting parameters used.

Where to Store Records

Records should be stored in a centralized system accessible to the compliance team, not in individual email accounts or vendor portals that may become inaccessible. When an examiner requests advertising materials from the past 24 months, your team should be able to produce a complete set within hours, not days.

How a CRM Creates a Compliance Audit Trail

A CRM platform designed for financial institution marketing teams replaces manual filing and ad hoc approval emails with a structured, searchable, and auditable record of every marketing activity.

Version Control and Approval Documentation

Every update to a marketing template, whether for a new rate, product term, or regulatory change, should create a new version rather than overwriting the prior one. CRM platforms with version-controlled collateral management let your compliance team identify exactly which version of a template was in use on any given date, essential for responding to examiner questions about a campaign that ran 18 months ago. When compliance approval is embedded in the CRM workflow, every approval, rejection, and revision request is logged with the reviewer’s identity and a timestamp, creating a complete chain of custody. When a digital campaign ends and a vendor deactivates materials, the CRM retains the record at the institution level, eliminating the gaps that occur when records live with individual team members.

To see how Halo’s platform supports marketing team workflows and documentation, visit our CRM features page.

For a foundation on how a CRM fits into your marketing technology stack, see our guide on what a community bank CRM is and how it works. For broader strategic context, the community bank marketing hub covers the full range of considerations from compliance through digital acquisition.

Common Community Bank Advertising Compliance Violations and How to Prevent Them

The following patterns appear repeatedly in FDIC, OCC, and state banking department examination findings for community bank advertising. Each is preventable with the right review process and template discipline.

Compliance Checklist: 10 Violations and Their Prevention

1. APY stated without required minimum balance disclosure.
   Advertising a savings or CD rate without disclosing the minimum balance needed to earn that rate is one of the most cited Regulation DD findings.
   Prevention: Build minimum balance disclosure as a mandatory field in every deposit product ad template.
2. “Free” checking with undisclosed fees.
   Using “free” or “no-fee” language when a maintenance fee applies under certain conditions violates UDAAP deception standards.
   Prevention: Replace “free” with “no monthly maintenance fee when you maintain [condition]” or ensure the fee structure is fully disclosed in the same advertisement.
3. Missing or incorrect FDIC statement.
   Launching a new digital campaign or working with an outside vendor without confirming that “Member FDIC” appears correctly on all materials.
   Prevention: Add FDIC statement verification as a line item on every creative approval checklist.
4. FDIC statement applied to non-deposit products.
   Including the FDIC membership statement on advertising for investment products, annuities, or other non-deposit offerings implies those products are FDIC-insured.
   Prevention: Non-deposit product advertising templates must exclude the FDIC statement and, where required, include the “not FDIC insured” disclaimer.
5. Reg Z trigger term without full required disclosures.
   Advertising a monthly payment amount for a consumer loan without also disclosing the APR, repayment term, and other required terms.
   Prevention: Create a Reg Z trigger term reference card for your marketing team. When any trigger term appears in a draft, it flags mandatory additional disclosures before the ad proceeds to layout.
6. APR and APY terminology confusion across product lines.
   Using APY language in a consumer loan advertisement or APR language in a deposit account advertisement.
   Prevention: Build product-type rules into your template library so deposit account templates use APY terminology and credit product templates use APR terminology by default.
7. Social media posts without FDIC statement or required disclosures.
   Posting a product promotion on Facebook or Instagram that would require a Regulation DD disclosure if it ran in print, but omitting those disclosures because the post feels informal.
   Prevention: All social media posts that reference specific rates, account terms, or product benefits should go through the same compliance review as a print advertisement.
8. Digital ad targeting that creates fair lending exposure.
   Using demographic, geographic, or interest-based exclusions in social media or programmatic advertising that effectively limits which consumers see credit product promotions.
   Prevention: Require compliance officer review of all credit product ad targeting parameters before campaigns launch, and document the targeting criteria and rationale.
9. Promotional rate advertising without sunset disclosure.
   Advertising a promotional CD or money market rate without disclosing when the rate expires or what rate applies after the promotional period.
   Prevention: Promotional rate ad templates must include a field for the promotional period end date and the post-promotional rate, both disclosed at the same prominence as the promotional rate.
10. No advertising archive or incomplete records.
    Being unable to produce advertising materials from prior examination periods because records were stored in individual email accounts, vendor portals that are no longer accessible, or formats that cannot be retrieved.
    Prevention: Implement a centralized advertising archive at the start of every campaign. Your archive should be accessible to your compliance team without dependence on specific individuals.

Frequently Asked Questions

Building a Compliance-First Community Bank Marketing Program

Community bank advertising compliance is not a constraint on effective marketing, it is the foundation that makes effective marketing sustainable. The banks that build compliance into their creative process from the start move faster, publish with more confidence, and face fewer examination findings than those that treat it as a post-production review function.

The regulatory framework is stable enough to build around: Regulation DD’s APY disclosure requirements, the FDIC official name rules, UDAAP’s deception standards, and Regulation Z’s trigger-term framework have been in place long enough that a well-designed template library, documented approval workflow, and centralized archive can make compliance a repeatable process. The difference between teams that struggle and those that do not is rarely knowledge of the rules. It is systems.