2024 is quickly becoming the summer of consent orders for small banks.
This is because with the news Friday (June 28) that the Tennessee-based Bancorp Wire is now the last financial institution (FI) to be subject to the Federal Deposit Insurance CorporationFederal Financial Information Service (FDIC) oversight, operational, compliance and strategic risk management related to third-party partnerships are a top priority for banks and their FinTech partners.
FDIC enforcement actions are typically made public on the last Friday of the month, and the order issued to Thread, a popular partner bank for dozens of fintechs, is unique in that it explicitly mentions the bank’s Banking-as-a-Service (BaaS) and Loan-as-a-Service (LaaS) programs.
Dated May 21, the order requires Thread Bank to implement a series of corrective actions without admitting or denying any unsafe or unsound banking practices. The corrective actions include implementing a more comprehensive third-party risk management program and implementing enhanced due diligence, monitoring, and exit planning for Thread’s fintech partners. The requirement reflects the regulator’s increased focus on banks’ relationships with technology companies.
“Within one hundred and twenty (120) days of the effective date of this ORDER, the Bank’s BaaS and LaaS program policies and procedures must be thoroughly and completely documented, addressing, at a minimum, third-party partner and customer approval requirements, due diligence processes, growth and stress modeling, ongoing AML/CFT compliance monitoring, and measures to decommission third-party lines of business, including FinTech partners,” the FDIC wrote.
Thread FinTech and BaaS partners include Unit, through which it is a supplier for Relay, Toolbox, Sequin, Currence, Arpari and many other platforms.
“When evaluating potential fintech clients, Thread and Unit prioritize maintaining a strong focus on compliance and oversight,” Unit said. wrote in a 2023 blog post.
“We remain firmly committed to working with regulators at the state and federal levels because we believe that regulatory frameworks are necessary, when applied properly, and can help create a strong banking system for consumers and small businesses,” Chris Black, CEO, chairman and director of Thread Bancorp, Inc. and Thread Bank, said in a statement to PYMNTS.
“We are committed to meeting all of our obligations and have already made substantial investments to enhance our policies, processes, procedures and controls over the past three years, all in collaboration with the FDIC and the Tennessee Department of Financial Institutions (TDFI). We will continue to invest in our people and services to ensure we meet the needs of our customers and partners and provide them with strong protection as we move forward,” Black added.
Learn more: Payments executives say banking-as-a-service players have forgotten the banking part
FinTech Risks in Financial Supply Chains
Navigating the complex web of financial regulations is a daunting task for any business, especially for FinTech startups with limited resources. By partnering with established banks, FinTech companies can rely on their partners’ robust regulatory frameworks, reducing the compliance burden.
At least that’s what BaaS was hoping for: a shared compliance model that allows FinTechs to operate within regulatory requirements while focusing on innovation and growth. But so far, things haven’t gone as planned.
It was just one year ago (June 6, 2023) that the FDIC, the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) issued their final determination advice on risk management associated with relationships with third parties.
Since then, the fallout from Synapseit’s chaotic bankruptcy has put to the test the interconnection of the BaaS and FinTech landscape. Adding insult to injury, Synapse’s primary banking partner, Evolve, last week (June 26) suffered a serious cyberattack, highlighting its risk controls.
“THE regulators are now awake, Thread CEO Jim McCarthy “Too many people focus on the ‘as a service’ part – but have ‘neglected’ the banking part, if at all… If you want to play in this space, I would say if you fail in banking, the service part doesn’t matter.”
Learn more: Synapse’s fall offers harsh lessons to its B2B partners
When the middleware fails
PYMNTS Intelligence found last summer 65% of banks and credit unions have entered into at least one FinTech partnership in the last three years, and 76% of banks see FinTech partnerships as necessary to meet customer expectations. And 95% of banks are working to use partnerships to enhance their own digital product offerings.
And Thread Bancorp, which was formerly known as Civis, already had a history regulatory measures. The company’s recent FinTech partnerships have allowed it to grow rapidly, from less than $100 million to more than $720 million between the end of 2020 and the first quarter of 2024, according to FDIC call reports.
“With complex ecosystems, you have a greater number of partners than what you may have had historically in the past, Larson McNeilco-head of marketplaces and digital ecosystems at JP Morgan PaymentsPYMNTS said. This creates new considerations for the company’s treasury function, including managing those partners and counterparty risk.
The Thread Bank case can serve as a bellwether for how regulators are approaching the intersection between traditional banking and fintech. As the financial landscape continues to evolve, the key to leveraging the BaaS model lies in fostering strong, transparent, and mutually beneficial relationships between banks and fintech companies. In doing so, they can collectively advance the future of banking toward greater inclusion, efficiency, and innovation.
