My Cart
Toll Free

.bank FAQ

What name can I register?


1.0 Title: Name Selection Policy

Version Control: 1.0

Date of Implementation: 2015-03-16

2.0 Summary

All domain names registered in .BANK must comply with this Name Selection Policy (the “Policy”). Depending upon the classification of domain name, Registry Operator imposes varying degrees of obligations. Registry Operator has currently identified the following four classifications of domain names in .BANK: Common Community, Generic, Reserved and Standard. Failure of an Applicant to comply with this Policy is a basis for a domain name registration request to be denied. Failure of a Registrant to comply with this Policy is a basis for a domain name registration request to be suspended/cancelled at any time.

3.0 Requirements

3.1 Standard Name:

Domain name must: (a) correspond to a trademark, trade name or service mark of the business or organization; (b) not be a Reserved Name; and (c) not be likely to deceive or cause material detriment to a significant portion of the banking, insurance and/or financial services communities, its customers or Internet users.

3.2 Common Community Name/Generic Name:

These names will initially not be available for registration and Registry Operator will provide lists of them to its Registry Service Provider and its Registrars. fTLD reserves the right to amend these lists in accordance with its Registry Agreement. Common Community Names are those words or phrases commonly used by significant number of companies/organizations within the banking community (e.g., citizens, firstnational, security). Generic Names are those words or phrases commonly used within the banking community to identify products and services and are not specific to any particular source (e.g., checking, mortgage, savings).

3.3 Reserved Name:

A Reserved Name is a domain name not available for registration. Registry Operator reserves the right at any time to amend the Reserved Name list in accordance with its right and obligations set forth in theRegistry Agreement, including, without limitation those domain names:

3.3.1 Reserved for operations and other purposes (e.g., Common Community Names, Generic Names); or

3.3.2 Restricted to comply with ICANN requirements.

4.0 Denial/Suspension/Cancelation

Registry Operator reserves the right to deny, suspend and/or cancel at any time a domain name registration or request for registration found to be in violation of this Name Selection Policy.

5.0 Amendment

Registry Operator reserves the right to modify this Policy at its sole discretion in accordance with its rights and obligations set forth in its Registry Agreement. Such revised Policy shall be posted on Registry Operator’s website at at least 15-calendar days before its effective date. In the event that a Registrant objects to the any change in this Policy, the sole remedy is cancelation of the domain name registration.


1.0 Title: Acceptable Use / Anti-Abuse Policy

Version Control: 1.0

Date of Implementation: 2015-03-16

2.0 Summary

This document sets forth the Acceptable Use / Anti-Abuse Policy (the “Policy”) that Registrants must adhere to when registering and using a domain name in .BANK, as well as outlines the reservation of rights that Registry Operator retains to address non-compliance.

3.0 Registry Operator’s Reservation of Rights

Registry Operator reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name on registry lock, hold or similar status, as it deems necessary, in its unlimited and sole discretion and without notice, either temporarily or permanently:

3.1 To protect the integrity, security and stability of the Domain Name system (DNS);
3.2 To comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental agency or organization, or any dispute resolution process;
3.3 To avoid any liability, civil or criminal, on the part of Registry Operator, as well as its affiliates, subsidiaries, officers, directors, employees and members;
3.4 To comply with the cpr144449003101 terms of the Registration Agreement;
3.5 To respond to or protect against any form of malware (defined to include, without limitation, malicious code or software that might affect the operation of .BANK, the Internet or which cause direct or material harm to others);
3.6 To comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., Requests for Comments (RFCs));
3.7 To correct mistakes made by Registry Operator, Registry Service Provider, or Registrar in connection with a domain name registration; or
3.8 For the non-payment of fees.

4.0 Prescriptive Registrant Obligations

Registrants in .BANK are required to:

4.1 Comply with all applicable policies posted on Registry Operator’s website at
4.2 Comply with their Registration Agreement;
4.3 Notify Registry Operator within one (1) business day if public regulatory action has been taken against them for failure to comply with reasonable and appropriate security measures or that has resulted in the revocation of their regulatory charter or license to operate; and
4.4 Comply with the following obligations, imposed by ICANN, in connection with its Governmental Advisory Committee Advice:

4.4.1 Maintain accurate and up-to-date Whois information to receive notification of complaints or reports of registration abuse, as well as the contact details of the relevant regulatory or, industry self-regulatory bodies in their main place of business;
4.4.2 Report any material changes to the validity of Registrant’s authorizations, charters, licenses and/or other related credentials for participation in .BANK in order to ensure they continue to conform to appropriate regulations and licensing requirements and generally conduct their activities in the interests of the consumers they serve;
4.4.3 Comply with all applicable laws, including those that relate to privacy, data collection, consumer protection (including in relation to misleading and deceptive conduct), fair lending, debt collection, disclosure of data, and financial disclosure; and
4.4.4 Implement reasonable and appropriate security measures commensurate with the offering of financial data services, as defined by applicable law.

5.0 Prohibited Activities

The following is a non-exhaustive list of activities that are prohibited:

5.1 Botnet Command and Control: Services run on a domain name that are used to control a collection of compromised computers or “zombies,” or to direct Distributed Denial of Service (DDoS) attacks;
5.2 Distribution of Malware: The intentional creation and intentional or unintentional distribution of “malicious” software designed to infiltrate a computer system without the owner’s consent, including, without limitation, computer viruses, worms, keyloggers, and Trojans;
5.3 Fast Flux Attacks⁄Hosting: A technique used to shelter Phishing, Pharming, and Malware sites and networks from detection and to frustrate methods employed to defend against such practices, whereby the IP address associated with fraudulent sites are changed rapidly so as to make the true location of the sites difficult to find;
5.4 Hacking: Unauthorized access to a computer network;
5.5 Phishing: The use of email and counterfeit web pages that are designed to trick recipients into divulging sensitive data such as personally identifying information, usernames, passwords, or financial data;
5.6 Pharming: The redirecting of unknown users to fraudulent sites or services, typically through, but not limited to, DNS hijacking or cache poisoning;
5.7 Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to email spam and similar abuses such as instant messaging spam, mobile messaging spam, and spamming of websites and Internet forums;
5.8 Man in the browser, man in the middle: The use of malicious software or compromised network facilities for fraudulent or deceptive purposes;
5.9 Activities contrary to applicable law: Trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or other;
5.10 Regulatory noncompliance: Public regulatory action taken against the Registrant for failure to comply with reasonable and appropriate security measures; and
5.11 Inappropriate content: The storage, publication, display and⁄or dissemination of material as defined by applicable laws and regulations in respective jurisdictions.

6.0 Registry Operator’s Response Plan

Registry Operator will maintain a public email ( and telephone number on its respective websites for interested third parties to submit alleged incident of abuse and/or noncompliance. Registry Operator’s plan to respond to allegations of abuse is based upon the following four pillars: Verification, Investigation, Remediation and Follow-up as identified in more detail below.

6.1 Verification

Registry Operator will use commercially reasonable efforts to review all submissions and make an initial determination regarding the source and legitimacy of each submission.

6.2 Investigation

Registry Operator will prioritize all investigations in the following order:

1. Law enforcement complaints (within 24 hours);
2. Third party security, stability or criminal complaints (within one (1) business day); and
3. Third party non-security, non-stability, or non-criminal complaints (within five (5) business days).
Registry Operator will endeavor to investigate the highest priority incidents within 24 hours and the lower priority incidents in five business days.

6.3 Remediation

As a result of any investigation involving credible complaints or violations of law in matters pertaining to security, stability or criminal activity, Registry Operator’s default option will be the suspension of the domain name within twelve hours of completing an initial investigation absent exceptional circumstances. In all other complaints not involving security, stability or criminal activity, Registry Operator will seek to resolve the matter through an escalated notification process: email, telephone, certified mail.

6.4 Follow-Up

Where, as a result of a complaint, there is found to be abusive/non-compliant activity, Registry Operator will follow-up on each complaint to update the status of the domain name after the issue has been resolved. Registry Operator will also engage with the Registrant to educate them about how to avoid future remediation actions.

7.0 Amendment

Registry Operator reserves the right to modify this Policy at its sole discretion in accordance with its rights and obligations set forth in its Registry Agreement. Such revised Policy shall be posted on Registry Operator’s website at at least 15-calendar days before its effective date.