In 2008, ICANN approved the program to open up the Internet to thousands of new gTLDs in addition to existing ones such as .COM and .ORG. In response to the expansion and in recognition of what this could mean to financial institutions, their customers and Internet users, a coalition of banks, insurance companies and financial services trade associations partnered to establish fTLD Registry Services (fTLD) in order to apply for and operate the .BANK and .INSURANCE gTLDs on behalf of the global banking and insurance communities. fTLD was granted the right to operate .BANK on Sept. 25, 2014, and its application for .insurance is in the contracting phase with ICANN.
The following information is for organizations seeking to register domain names in .BANK. fTLD will post information about .INSURANCE when it is available.
In the domain name industry organizations and individuals that register domains are called registrants.
.BANK will be a protected, trusted, more secure and easily identifiable space on the Internet for the global banking communities and the customers it serves. The .BANK gTLD will have enhanced Security Requirements that exceed that of most existing and new gTLDs. In addition, it opens up much needed real estate on the Internet, providing new marketing and branding opportunities.
Only verified members of the global banking community are eligible to register domains. For banks it will include charter verification by the registrant's regulator.
- State, regional and provincial banks that are chartered and supervised by a government regulatory authority;
- Savings associations that are charted and supervised by a government regulatory authority;
- National banks that are chartered and supervised by a government regulatory authority;
- Associations whose members are primarily comprised of entities identified above;
- Groups of associations whose members are primarily comprised of associations identified above;
- Service providers that are principally owned by or predominantly supporting regulated entities identified above. (if approved by the Registry Operator Board); and
- Government regulators of chartered and supervised banks or savings associations or organizations whose members are primarily comprised of such government regulators (if approved by the Registry Operator Board).
Please see the .BANK Registrant Eligibility Policy for complete eligibility requirements.
You can only purchase domains that correspond to your company's trademarks, trade names or service marks. For guidance on selecting domains, please see the .BANK Name Selection Policy for more information.
General Availability for .BANK is estimated in June 2015. Before General Availability, there will be Sunrise and Founders Periods. See more below about the registration periods.
.BANK registrars are responsible for setting their domain registration fee. Domain registration fees will vary from registrar-to-registrar based on a number of factors including additional services they may offer to registrants. fTLD is responsible only for setting the fee it charges to registrars and it is the same fee for all.
fTLD's commitment to operating .BANK in a protected, trusted and more secure manner means its operational costs are significantly greater than traditional domains. For example, the verification and re-verification processes that will be conducted by Symantec to ensure registrations are only made to qualified entities is an expensive, multi-step process. Additionally, some of the enhanced security requirements that Verisign will support result in greater costs to fTLD. Finally, as compliance with all requirements is critical to ensuring the security, stability and resiliency of .BANK, monitoring and detection systems will be employed and they too result in increased operational expenses for fTLD.
Since we already have a .COM address, are we automatically entitled to register the same name in .BANK?
No. Domain names will be awarded on a first-come, first-served basis. If you own the trademark on the name to the left of your .COM address, you may register the trademark with ICANN's Trademark Clearinghouse and apply for the .BANK version of that domain name during the Sunrise period.
Registrants must provide the following information:
Legal Name of the Eligible Registrant (the organization name)
Registrant Contact Name
Registrant Contact Address (Street, City, State/Province/Region, Postal Code)
Registrant Contact Email Address
Registrant Contact Telephone Number
Government Regulatory Authority (if applicable)
Regulatory ID Number (if applicable)
Note: the Registrant Contact must be a full-time employee of the Registrant and cannot be a contract employee.
Registrars may request additional information such as a human resources contact name and telephone number who can verify the employment information of the Registrant Contact and the name and contact information for someone who can verify that the Registrant Contact is authorized to register the domains requested. The additional contact information is not required, but will expedite the verification process for your domains as will providing the Government Regulatory Authority and Regulatory ID Number.
fTLD has contracted with Symantec to ensure that registrations are made only with organizations that meet the eligibility requirements and verification is performed at the time of initial registration and at each renewal or every two years, whichever comes first.
Who is Symantec and why are they involved in the verification process? I thought verification was being handled by fTLD?
fTLD is responsible for approving requests for domains in .BANK. fTLD has contracted with Symantec to serve as its Registry Verification Agent. Symantec is responsible for reviewing the information provided by the registrar/registrant and providing a recommendation to fTLD to approve or deny a request. fTLD makes the final decision.
Symantec is a global leader in security, backup and availability solutions. The use of a third-party in the verification process ensures an impartial and expert entity for the initial examination of eligibility for registration of each registrant and provides registrants with global support in this important process.
My country does not have a specific license or charter document that is provided to us as a separate document. If this is requested by Symantec, what should we send?
Symantec understands that different countries have different regulations regarding bank certification and will accept other materials applicable to your specific locale.
- Security Check – To support compliance with applicable local and international laws, every application will undergo a security check to ensure that Symantec does not approve any organizations or persons found on any government and/or Symantec-maintained restricted lists/black lists or lists provided by fTLD.
- Organization, Jurisdiction, and Banking Credentials Verification – Symantec will verify that the registrant is a registered and active organization in a jurisdiction appropriate to its business location and has valid credentials proving that it meets the requirements of the .BANK Registrant Eligibility Policy.
- Verification of Domain Name Selection – Symantec will verify that the applied-for domain names meet the requirements of the .BANK Name Selection Policy.
- Verification of Physical Address – Symantec will verify the address listed in the application as a valid address for the registrant organization using Symantec approved databases.
- Verification of Telephone Number – Symantec will verify the registrant organization's telephone number using Symantec approved databases.
- Registrant Contact Employment – Symantec will initiate telephony contact to verify with registrant organization's human resources (or appropriate department) that the registrant organization's contact person is a full-time/non-contracting employee of the organization.
- Registrant Contact Authority – Symantec will initiate telephony contact to identify the Registrant Contacts manager within the registrant organization with Human Resources (or appropriate department) and contact this person to confirm that the registrant contact is authorized to request domains on behalf of the organization.
Verification is initiated as soon as your registration is processed by your registrar and approval is generally expected to conclude within days or less of the request. However, because the verification process requires telephone contact with the registrant's organization to verify certain information (i.e., the requestor is a full-time employee of the company and it authorized to make registrations on their behalf), the verification make take longer to complete. Registrants can expedite verification by ensuring that all individuals that may be contacted are aware of the need to respond to these requests as quickly as possible.
Symantec is the verification service provider for the .BANK domain. Symantec uses information provided by you to your registrar during registration to confirm your eligibility for a domain. Symantec will contact you via email or telephone if specific additional information is needed. It is important that you respond to their request(s) promptly as your domain is not registered until the verification process is complete. Information about how to contact Symantec is provided on emails that you receive from them or can be located at www.symantec.com/support. If you have questions about the status of your registration, please contact your registrar.
I am renewing my .BANK domain and I have been notified that my name is being re-verified. I haven't changed anything so why is my information being checked again?
Part of the security requirements for .BANK is to periodically reconfirm that each registration continues to have accurate registration information. fTLD checks each time a domain is renewed that all of the information is still accurate and that the registrant is still eligible for that .BANK domain. A complete re-verification will be done, including contacting the registrant organization to confirm the contact's eligibility as a contact and their authority to register domain names.
I registered my domain for five years and haven't changed any information. It is now two years into the registration and I got a notification that my domain is being re-verified. What triggered this review?
Part of the security requirements for .BANK is to periodically reconfirm that each registration continues to have accurate registration information. It is possible that registration data and/or eligibility may change over time. In the case of registration terms beyond two years, it's important that fTLD ensures the registration continues to comply with .BANK eligibility requirements. A complete re-verification will be done, including contacting the registrant organization to confirm the contact's eligibility as a contact and their authority to register domain names.
No. The verification process facilitated by Symantec is the process that fTLD has mandated for all .BANK registrations.
In contrast, the Whois verification process is required by ICANN to be conducted annually by registrars and the purpose is to confirm accurate contact information. Registrars are required to contact their registrants to conduct this verification and a positive confirmation of details is required. Registrants may risk having their domain suspended or cancelled for failure to respond to this verification request.
Registrants should respond promptly to all requests related to verification from fTLD, Symantec and their registrar, and failing to respond could result in rejection of your registration or inactivation of your domain. If you want to confirm whether the request is legitimate, contact the requesting verification entity directly with the identifying information provided.
The three registration periods in .BANK are Sunrise, Founders and General Availability. Domains will be awarded on a first-come, first-served basis in all registration periods as this is the most fair and equitable allocation method. Please see the estimated Timeline for the following:
Sunrise: For eligible members of the global banking community that have registered their trademark with ICANN's Trademark Clearinghouse to register domains. For more information about the Trademark Clearinghouse, see below.
Founders: For founding members of fTLD. Founders are identified on the Endorsers' page.
General Availability: For eligible members of the global banking community to register domains.
ICANN's Trademark Clearinghouse is a global repository for trademark data. Designed to meet global needs for the domain name system, the Clearinghouse will verify trademark data worldwide and maintain a database with the verified trademark records. The Trademark Clearinghouse is not a trademark office. It is a centralized database of verified trademarks.
There is a cost to use the Trademark Clearinghouse. Learn more at the Trademark Clearinghouse website.
- Priority Registration
During the 30-day Sunrise period trademark holders that meet fTLD's eligibility requirements have an advance opportunity to register domain names that are exact matches to their marks before names are available to other eligible members of the community. Only trademark holders who have registered their trademark with ICANN's Trademark Clearinghouse may purchase domains during the Sunrise period.
If your registered trademark is different from the domain name you are seeking, you will not be able to register during this period. For example, if your registered trademark is “XYZ bank” and it is registered in ICANN's Trademark Clearinghouse, you can only apply for “XYZbank.BANK” during the Sunrise Period not “XYZ.BANK.”
The Trademark Claims period follows the Sunrise period and runs for at least the first 90 days of General Availability. During the Trademark Claims period, anyone attempting to register a domain name matching a mark that is recorded in the Trademark Clearinghouse will receive a notification displaying the relevant mark information.
If the notified party registers the domain name, the Trademark Clearinghouse will send a notice to those trademark holders with matching records in the Clearinghouse, informing them that someone has registered the domain name.
The Trademark Clearinghouse will accept and verify registered trademarks, marks protected by statute or treaty or court validated marks as well as any other marks that constitute Intellectual Property (IP) rights in accordance with the registry's policies and that meet the eligibility requirements of the Trademark Clearinghouse. Learn more about accepted marks at the Trademark Clearinghouse website.
Registered Trademarks – A registered trademark is a nationally or regionally (i.e., multi-nationally) registered mark on the principal or primary register in the mark's jurisdiction. This means that the trademark in question must have national effect and be registered at the time it is submitted for verification.
Marks Protected by Statue or Treaty – For marks protected by statute or treaty, the relevant statute or treaty must be in effect at the time the mark is submitted to the TMCH for inclusion. These marks may include but are not limited to geographical indications and designations of origin.
Court Validated Marks – Court validated marks refer to a mark that has been validated by a court of law or other judicial proceeding at the national level, such as unregistered (common law) marks and/or well-known marks. In the case of a mark validated by judicial proceedings, the judicial authority must have existed as a competent jurisdiction as of the date of the order or judgment. Any referenced authority must have the indicia of authenticity and must on its face confer the specified rights (i.e., the documentation must be sufficient to show validation of the mark without the need for the TMCH to consult outside resources).
Do I need to have my organization's name trademarked and in the Trademark Clearinghouse (TMCH) to register it as a .BANK domain?
No, your organization's name does not have to be trademarked and in the TMCH for it to be registered.
However, in order to secure a domain during the Sunrise period, it must be registered in the TMCH.
In selecting your domains, please be sure to first review the .BANK Name Selection Policy as all domains must correspond to your trademark, trade name or service mark. Please also review the Policy's Implementation Guidelines for examples of formats of names that comply with the “corresponding” requirement.
What's the best way to get my desired domain if I am not eligible to participate in the Sunrise period?
Domain names in all registration periods in .BANK will be made on a first-come, first-served basis. To ensure you have the best chance at getting your desired domain, you should engage with an Approved Registrar as early as possible.
No. There are companies unrelated to fTLD that will try to sell “pre-registration,” but there is no such thing for .BANK. The only registrations that will take place before General Availability will occur during the Sunrise and Founders periods.
Similar to “pre-registration,” an “expression of interest” does not guarantee a domain name. There are companies that will falsely claim to give you priority registration. The only registrations that will take place before General Availability will occur during the Sunrise and Founders periods.
No. You can continue using your current domain.
If you plan to activate your .BANK domain, you can use the .BANK Transition Guide (Guide) to help you plan the use of your .BANK domain. You may also want to consider initiating a plan for your transition to your .BANK domain as soon as you know what new .BANK domain you will be using. The Guide is currently under development and will be available soon. Once the Guide is available, you should have the information you need to plan the details for using your .BANK domain.
Although there are additional steps to using your .BANK domain for your website, email and other services, there are specific steps that need to be taken to complete the process for each service. fTLD is developing a .BANK Transition Guide (Guide) that will provide information about these steps that are needed to take advantage of the protected, trusted, more secure and easily identifiable environment provided with a .BANK domain.
Your registrar or core service provider may already be working with you to develop a transition plan addressing the tasks identified in the Guide. If not, contact them to see how they can assist your transition or contact fTLD@fTLD.com if you have additional questions.
fTLD requires compliance with a set of requirements that are not currently mandated by the operators of other commercially available gTLDs, including:
- Mandatory Verification of Charter/Licensure for Regulated Entities ensures that only legitimate members of the global banking community are awarded domain names.
- Mandatory Re-verification of Registration Data every two years or at domain renewal, whichever comes first, ensures ongoing eligibility for domain names.
- Domain Name System Security Extensions (DNSSEC) ensures that Internet users are landing on participants' actual websites and not being misdirected to malicious ones. fTLD will require that all domain levels, from fTLD as the top-level registry operator to your entity as the registrant, utilize DNSSEC for domains that resolve on the Internet.
- Email Authentication to mitigate spoofing, phishing and other malicious activities propagated through emails to unsuspecting users.
- Multi-Factor Authentication to ensure that any change to registration data is made only by authorized users of the registered entity.
- Enhanced Encryption to ensure security of communication over the Internet to prevent eavesdropping, data tampering, etc.
- Prohibition of Proxy/Privacy Registration Services to ensure full disclosure of domain registration information so bad actors cannot hide.
Proxy/Privacy Registration Services are used to conceal the true identity of the domain name owner and their contact information. fTLD does not support this practice as it makes it difficult to identify and contact a registrant that is alleged to be using their domain for practices that are in violation of fTLD's Acceptable Use / Anti-Abuse Policy.
Yes, there are some additional requirements for registrants that are included in your registration agreement with your .BANK registrar. The following enhanced Security Requirements should be reviewed: 13, 15, 23, 24, 25, 26, 27, 28, and 29.
fTLD and in some cases its Registry Service Provider, Verisign, will be responsible for monitoring compliance with the relevant requirements. Registrars will play a role in enforcement as they have the direct relationship with the registrant. fTLD always retains the right to take action if the registrar fails to do so.
All fTLD Policies are located here.
gTLD – or generic top-level domain – refers to the letters to the right of the dot at the end of a web address. Common gTLDs are .COM, .ORG, .NET
fTLD Registry Services, LLC was formed in 2011 by a coalition of banks, insurance companies and financial services trade associations from around the world. In 2012, fTLD submitted community-based applications to the Internet Corporation for Assigned Names and Numbers (ICANN) for the .BANK and .INSURANCE gTLDs. fTLD was granted the right to operate .BANK on September 25, 2014, and its application for .INSURANCE is in the contracting phase with ICANN.
The Internet Corporation for Assigned Names and Numbers, or ICANN, is an oversight body responsible for the stability and unification of the Internet. Its key responsibilities include policy development for existing and new generic Top-Level Domains (gTLDs). In June 2011, ICANN’s board of directors authorized the launch of the New gTLD Program. The program’s goals include enhancing competition and consumer choice, and enabling the benefits of innovation via the introduction of new gTLDs.