Listen to this post

On March 28, the Federal Reserve (Fed) issued a cease-and-desist order to a Wyoming-based bank holding company, citing deficiencies identified in a September 2023 inspection related to its “fintech business strategy, board oversight, capital, earnings, liquidity, risk management, and compliance” in connection with the banking-as-a-service activities of its bank subsidiary. 

Among other things, the order requires the bank to:

  • strengthen board oversight, including maintaining effective control over major operations and activities such as capital, earnings, liquidity, and risk management, developing a staffing assessment and succession plan, and providing adequate funding to ensure sufficient staffing levels;
  • strengthen risk management programs, including adopting written policies and procedures to manage compliance and fraud risks and ensuring oversight personnel are qualified and have clear roles and adequate resources;
  • ensure compliance with regulations governing affiliate transactions;
  • seek prior written approval of the Fed with respect to any expansionary activities related to its fintech business strategy; and
  • submit a wind-down plan for its fintech-related business, detailing the timeline and all associated costs and expenses.

According to the consent order, following the September 2023 inspection, the holding company had voluntarily stopped pursuing its fintech business strategy and had been winding down all related activities.

Putting It Into Practice: This cease-and desist order from the Fed highlights a shared concern among federal regulators that banks lack proper oversight over their fintech partners, resulting in unsafe and unsound banking practices. While this examination happened late last year, the parade of consent orders against bank/fintech partnerships has been nonstop (see our blog posts on similar consent orders in the past here, here, and here). This order once again underscores the need for banks to reassess their fintech partnerships and current risk management practices against the prudential regulators’ final interagency guidance.