In 2008, the Internet Corporation for Assigned Names and Numbers ("ICANN"), the non-profit organization responsible for creating and maintaining internet domains, approved a program to create new generic top level domains ("gTLD"). In response, an international consortium of financial institutions, financial services trade associations and insurance companies founded fTLD Registry Services, LLC ("fTLD") to obtain ownership of the .bank and .insurance gTLDs. In May 2012, fTLD submitted applications for the community-based gTLDs and was officially granted authority to operate .bank on September 25, 2014, and .insurance on February 19, 2015.
fTLD has since developed guidelines setting out eligibility requirements for the .bank gTLD, with similar guidelines expected soon with respect to the .insurance gTLD.
Only verified members of the banking community are eligible to register for a .bank gTLD. Such members include:
- state, regional and provincial banks and savings associations that are chartered and supervised by a government regulatory authority;
- service providers principally owned by such banks or savings associations, on approval by the registry operator board of fTLD; and
- associations composed of state, regional, provincial and national banks, on approval by the registry operator board of fTLD.
In addition to meeting the organizational requirements set out above, registrants must also comply with dozens of enhanced security requirements and processes. These include real-time abuse monitoring, multi-factor authentication, distributed denial of service (DDoS) protection and encryption practices with at least a 30-year security strength timeframe. Registrants must also agree to abide by fTLD's acceptable use and prohibited activities policies and re-validate their "WHOIS" information on a semi-annual basis. As a result of fTLD's increased operational costs for verifying and authenticating applicants, the cost for registering a .bank gTLD is higher than other conventional domain names.
Note that the Bank Act prohibits any person or entity other than a bank regulated by OSFI to use the word "bank" to indicate a financial services business in Canada. Accordingly, if OSFI finds an entity using a .bank gTLD in contravention of that prohibition (which may also constitute a criminal offence), the entity would be required to relinquish its .bank gTLD irrespective of the costs involved.
Currently, fTLD has established a sunrise period to register a .bank gTLD, ending on June 17, 2015. To be eligible, in addition to the requirements described above, the associated trade-mark must already be registered federally and with ICANN's Trademark Clearinghouse. At the end of the sunrise period, fTLD's founding members will be given a five day period to register their domains.
On June 23, 2015, the .bank gTLD will be open to all eligible members of the global banking community granted on a first-come, first-served basis.
While there are considerable compliance and regulatory hurdles, a .bank or .insurance gTLD may carry significant competitive advantages for financial institutions, including innovative marketing opportunities through defined branding with a global scope, enhanced security as a result of fTLD's authentication and eligibility requirements and reduced risk of "typosquatting" (whereby a party registers a domain name with a common misspelling of your web address) and "cybersquatting" (whereby a party registers your trade-name or acronym as a web address in bad faith, hoping to then sell it to you at an inflated price).
The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.
© McMillan LLP 2015
