The State of Banking Enforcement Actions: Why Fintech Partners Need Proactive Compliance Management
Key Takeaways:
- Regulators are tightening scrutiny on bank-fintech relationships to ensure compliance with BSA/AML and data protection standards.
- Recent penalties against banks and fintechs demonstrate the importance of proper due diligence and robust risk management.
- Banks must assess fintech partners’ compliance frameworks thoroughly before collaboration, including security, regulatory alignment, and financial stability.
- Assurance and advisory firms provide valuable services such as risk assessments, audit preparation, and strategic advice to strengthen compliance efforts.
- Ongoing evaluation of fintech partnerships, including regular audits and performance monitoring, is crucial for maintaining compliance and mitigating emerging risks.
Over the past decade, banks have increasingly partnered with financial technology (fintech) companies to enhance their service offerings, expand lending capabilities, and streamline their technology stacks, driving ongoing transformation in the financial industry. However, new technologies and efficiencies also introduce more opportunities for security and compliance issues.
Regulators have strict compliance requirements for banking operations and their financial technology providers, particularly regarding the Bank Secrecy Act (BSA), anti-money laundering (AML), and other safe and sound practices for customer relationships. These requirements govern how banking functions utilizing these services are performed, and ensure customer non-public personal information (NPPI) is properly used and protected.
With growing regulatory scrutiny in the banking and financial technology space, institutions and their fintech partners must take proactive steps to maintain compliance and stay ahead of enforcement actions that could have significant reputational, financial, and security impacts on their organization.
Regulatory Actions Highlight Increased Scrutiny on Banks & Fintechs
Throughout 2024, banks and their financial technology providers have faced increased regulatory scrutiny. Below are four examples of enforcement actions issued to banking institutions following recent regulatory examinations:
Evolve Bank & Trust
In June 2024, the Federal Reserve ordered Evolve Bank & Trust to enhance its risk management programs due to deficiencies in the bank’s AML, risk management, and consumer compliance programs. This action followed a 2023 examination that revealed inadequate policies at the Arkansas-based bank.
First & Peoples Bank
In August 2024, First & Peoples Bank in Russell, Kentucky, faced enforcement actions from several regulators, including the Federal Reserve Board, due to risky partnerships with fintech company U.S. Credit. These collaborations resulted in significant loan defaults, jeopardizing the bank’s financial stability and putting $200 million in customer deposits at risk.
TD Bank
In October 2024, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) assessed a record $1.3 billion penalty against TD Bank, N.A. and TD Bank USA, N.A. for violations of the BSA, the primary U.S. AML law that safeguards the financial system from illicit use. TD Bank is among the largest banks in the United States.
Clear Fork Bank
In November 2024, the Office of the Comptroller of the Currency (OCC) issued a Cease-and-Desist Order against Clear Fork Bank, N.A. in Albany, Texas, due to violations of law, and unsafe or unsound practices related to BSA and AML. The bank failed to address BSA issues identified during a 2021 examination and, throughout 2022 and 2023, did not implement an adequate AML/BSA compliance program to ensure and monitor compliance with legal requirements.
In addition to the banks above, several financial technology companies themselves were also subject to scrutiny from various regulatory bodies:
Synapse Financial Technologies, Inc
In April 2024, Synapse Financial Technologies, a fintech company that partners with multiple banks, filed for bankruptcy. This resulted in account freezes for many customers, with regulators estimating that tens of thousands may be affected. A trustee reported an $85 million gap between Synapse’s partner banks and depositor liabilities.
Chime Financial
In May 2024, the U.S. Consumer Financial Protection Bureau (CFPB) issued an order against Chime Financial, Inc. (Chime), a financial technology company that designs and services consumer banking accounts for two separate FDIC-insured “partner banks.”
The CFPB found that Chime failed to refund consumers’ balances within 14 days in thousands of cases, including instances where refunds were not issued within 90 days. This failure violated the Consumer Financial Protection Act of 2010. The order requires Chime to comply with regulations, pay a $3.25 million civil money penalty, and provide at least $1.3 million in consumer redress.
Compliance & Oversight Trends in Recent Enforcement Actions
Several key themes emerge from the enforcement actions outlined above. The table below highlights the correlation between these themes, offering insights into the specific areas of focus for regulatory bodies and providing guidance on how to address them:
How Assurance & Advisory Services Help Banks and Fintechs Navigate Regulations & Strengthen Partnerships
To address these enforcement actions, banks and fintech institutions can take various steps using advisory and assurance services. These services can aid in both remediating current issues and preventing future occurrences. Below are examples of these remediation and proactive prevention efforts:
Risk Assessments & Gap Analyses
Assurance and advisory firms can conduct comprehensive reviews of AML and BSA programs, fintech partnerships, and compliance frameworks to ensure alignment with regulatory standards across financial functions and technology.
They also perform tailored risk assessments that evaluate risks related to company operations, customer data protection, and the products/services offered. Finally, by providing detailed reports with actionable insights and prioritized recommendations, they help management address areas needing remediation.
Developing & Implementing Compliance Frameworks
Assurance and advisory firms are valuable resources for designing policies and procedures that align with regulatory requirements, including AML, BSA, and general fintech risk management.
Beyond creating policies and procedures, these firms can also help design controls to support these frameworks and establish first lines of defense, such as transaction monitoring, security measures, and documentation.
Regulatory Exam Preparation
Assurance and advisory firms can assist in preparing an organization for review by a regulatory body. This can include conducting simulated regulatory exams, drafting and executing action plans to address prior regulatory findings, and acting as an intermediary with regulators to clarify expectations and ensure smooth communication throughout the process.
Independent Monitoring & Auditing
Assurance and advisory firms can conduct periodic third-party audits to identify, document, and address any gaps in control implementation in a timely manner, strengthening the overall environment.
Additionally, these firms can offer guidance and recommendations to management on how to remediate findings in line with regulatory requirements. Annual audits further help ensure that management remains committed to addressing previous observations within the specified timeframes.
Strategic Advisory on Fintech Partnerships
Assurance and advisory firms can provide strategic guidance for a bank’s fintech partnerships by leveraging their deep industry expertise, analytical tools, and network of professionals. They assist management in selecting and overseeing fintech collaborations, ensuring alignment with the bank’s goals.
These firms offer valuable insights on regulatory compliance, risk management, and technological integration, helping navigate the complexities of partnerships. Ultimately, their support ensures the collaboration drives innovation, enhances customer experience, and optimizes operational efficiency.
6 Considerations for Selecting a Fintech Provider
In addition to utilizing the services of assurance and advisory firms, it’s important to consider conducting thorough due diligence and ongoing monitoring when selecting a fintech provider for a third-party agreement.
Reviewing and acknowledging these provisions before executing the agreement helps ensure that various risks – such as strategic, reputational, and transactional – are properly addressed. Below we break down the six key items to consider:
- Thorough due diligence, including background checks to verify the fintech provider’s licensing, corporate history, experience, and financial stability. This process should also involve board oversight to approve high-risk vendors.
- A review of regulatory compliance, including an assessment of the provider’s BSA/AML policies and procedures to ensure they align with the bank’s programs, regulatory reporting practices, and an evaluation of their regulatory compliance history.
- An evaluation of the technology and security in place, including security frameworks that ensure system integrity, resilience, and scalability. This also involves aligning with industry standards and reviewing data protection mechanisms, such as encrypting sensitive data both at rest and in transit, which are essential for the success of fintech providers’ security operations.
- Ongoing monitoring of relevant reports such as SOC 1 and SOC 2 evaluations, as well as key performance indicators (KPIs) such as service uptime and customer complaint resolution efficiency.
- Penetration testing, including security assessment testing application and mobile-based connectivity and data sharing.
- Contingency planning to ensure appropriate business continuity and disaster recovery plans are in place for a catastrophic event. Additionally, implementing customer impact mitigation strategies to minimize disruptions in the event of a partnership termination.
How Can You Strengthen Compliance in Bank-Fintech Partnerships?
Overall, regulators have increased scrutiny on banks developing and strengthening relationships with fintech partners to ensure the privacy, security, and safety of banking customers. In many cases, insufficient due diligence is conducted on fintech companies before integrating their products into the banking environment.
This lack of thorough evaluation has led to significant BSA/AML and compliance-related issues for banking customers. As a result, several institutions have faced enforcement actions and consent orders, serving as a cautionary tale for others forming similar partnerships.
Fintech companies must establish robust compliance and risk management practices before entering relationships with banks. Likewise, banks need to adopt a careful, thoughtful approach to evaluate the compliance requirements specific to their fintech partners. This ensures that these relationships maintain the regulatory and compliance oversight necessary.
Both fintech and banking institutions play crucial roles in maintaining compliance. As fintech companies scale and are more heavily relied upon by partners and prospects, they must implement early-stage processes for due diligence to ensure ongoing compliance as their business grows.
At Wolf, we can assist in strengthening due diligence processes, ensuring robust risk management, and helping both fintech and banking institutions stay compliant with evolving regulatory requirements.
Contact us today to learn how we can optimize your compliance strategy and safeguard your partnerships.
