Federal Reserve Board Issues Cease and Desist Order Against Banking-As-A-Service Provider

On June 14, the Federal Reserve Board (Fed) issued a cease and desist order against an Arkansas-based banking-as-a-service (BaaS) provider due to significant compliance and risk management failures.

The order restricts the bank from, without prior approval: (i) establishing new fintech partners, subsidiaries, business lines, products, programs, services, or program managers, and (ii) offering new products, programs, or services to existing fintech partners, program managers, or subsidiaries.

The Fed’s examination in August 2023 identified risk management deficiencies, and a follow-up review in January 2024 found further non-compliance with anti-money laundering (AML), Bank Secrecy Act (BSA), and Office of Foreign Asset Control (OFAC) requirements. Additionally, the Fed noted deficiencies in the bank’s management of consumer compliance risks.

The order mandates the bank to implement several corrective measures, including:

1. Board Oversight Plan: The board of directors must develop a plan to enhance its oversight of the bank’s management, operations, and compliance with BSA/AML and OFAC regulations.
2. Risk Management Enhancement: The bank must submit a plan to improve its risk management practices. This plan should include:
   • Written policies and procedures to identify and manage risks associated with fintech partners.
   • Steps to ensure staff are adequately trained, possess sufficient expertise, and maintain independence in managing fintech partnerships.
   • A process to swiftly identify and report risk exposures related to its fintech partner program.
3. Independent Audit: An independent third party must be hired to audit and review the bank’s fintech partner program for compliance with consumer laws and regulations.
4. Capital Risk Management: The bank must develop a plan to improve its capital risk management in light of its fintech partner program and assess the adequacy of its capital. It must also devise a plan to enhance its liquidity risk management.
5. BSA/AML Program Improvement: The bank must improve its processes and controls related to its BSA/AML program.
6. Lending and Credit Risk Management: Enhancements must be made to the bank’s lending and credit risk management practices concerning its fintech partner program.

Putting It Into Practice

This order places the bank among a growing number of BaaS providers required to enhance oversight of their fintech partnerships. Similar orders in the past underscore federal regulators’ concerns that banks often lack adequate oversight over their fintech partners, leading to unsafe and unsound banking practices. This latest order emphasizes the necessity for banks to reassess their fintech partnerships and risk management practices in accordance with prudential regulators’ final interagency guidance to ensure compliance and mitigate risk.

Source: natlawreview.com

The post Federal Reserve Board Issues Cease and Desist Order Against Banking-As-A-Service Provider appeared first on HIPTHER Alerts.