On a July 19, the Federal Reserve Board announced it has issued a consent order against a Utah-based bank and its parent company for engaging in unfair and deceptive acts and practices in violation of Section 5(a)(1) of the FTC Act, as well as for having a faulty consumer compliance risk management program. In addition to the consent order, the Federal Reserve imposed a $44 million fine.Continue Reading Fed Cracks Down on Utah Bank for Alleged Compliance Failures with $44 Million Fine

On June 14, the Federal Reserve Board (Fed) released a cease and desist order against an Arkansas-based banking-as-a-service (BaaS) provider for compliance and risk management failures. As part of the order, the bank is prohibited, without prior approval, from (i) establishing any new fintech partners, subsidiaries, business lines, products, programs, services, or program managers, or (ii) offer new products, programs, or services to an existing fintech partner, program manager, or subsidiary.Continue Reading Federal Reserve Board Issues Cease and Desist Order Against Banking-As-A-Service Provider

On January 19, the Federal Reserve Board (FRB) and New York Department of Financial Services (NYDFS) each issued orders settling an action against a large global bank for alleged BSA/AML violations and other compliance failures. The FRB issued a cease and desist order with a $2.4 million civil money penalty, while the NYDFS issued a consent order with a $30 million civil money penalty.Continue Reading Federal Reserve and NYDFS Penalize Large Global Bank for BSA/AML and Other Compliance Failures

On August 27, the Federal Reserve, FDIC, and OCC jointly published guidance on the types of due diligence community banks should engage in when contemplating arrangements with financial technology companies or FinTechs.  While the diligence guidance is voluntary, the banking agencies suggest that community banks should conduct due diligence with respect to FinTechs in six key areas:  (i) business experience and qualifications, (ii) financial condition, (iii) legal and regulatory compliance, (iv) risk management and controls, (v) information security, and (vi) operational resilience.  The guidance then provides subcategories for due diligence within each category, and provides relevant considerations for the bank for each subcategory, and potential sources of information.  The subcategories are as follows:
Continue Reading Banking Agencies Release Due Diligence Guidance on Community Bank-FinTech Relationships

On July 13, the Federal Reserve, FDIC, and OCC proposed risk management guidance to help banking organizations manage risks related to third-party relationships, including relationships with vendors, FinTech companies, affiliates, and the banking organizations’ holding companies.  The proposal is based on existing but disparate third-party risk management guidance from the three prudential regulators, and is intended to promote consistency across the banking agencies.  If finalized, it will replace the guidance that each agency has released independently.
Continue Reading Federal Agencies Request Comments on Risk Management Guidance for Third-Party Relationships