2024 is fast becoming the summer of consent orders for smaller banks.
That’s because, with the news Friday (June 28) that Tennessee-based Thread Bancorp is now the latest financial institution (FI) to come under the Federal Deposit Insurance Corporation’s (FDIC) scrutiny, managing for the operational, compliance and strategic risks that come with third-party tie-ups is top of mind for both banks and their FinTech partners.
FDIC enforcement actions are typically made public on the last Friday of the month, and the order issued to Thread, a popular partner bank for dozens of FinTechs, is unique in that it explicitly calls out the bank’s Banking-as-a-Service (BaaS) and Loan-as-a-Service (LaaS) programs.
Dated May 21, the order requires Thread Bank to implement a series of corrective measures without admitting or denying any unsafe or unsound banking practices. The corrective measures include establishing a more comprehensive third-party risk management program and setting up improved due diligence, monitoring and exit planning for Thread’s FinTech partners. This requirement reflects the regulator’s increased attention to banks’ relationships with technology firms.
“Within one-hundred twenty (120) days of the effective date of this ORDER, the Bank’s BaaS and LaaS program policies and procedures should be thoroughly and completely documented, addressing, at a minimum, third party partner and customer approval requirements, due diligence processes, growth and stress modeling, ongoing AML/CFT compliance monitoring, and steps to unwind third-party business lines, including FinTech partners,” the FDIC wrote.
Thread’s FinTech and BaaS partners include Unit, through which it is a provider for Relay, Toolbox, Sequin, Currence, Arpari and many other platforms.
“When vetting potential fintech clients, both Thread and Unit prioritize maintaining a strong focus on compliance and oversight,” Unit wrote in a 2023 blog post.
“We remain steadfastly committed to collaborating with regulators at the state and federal levels because we believe the regulatory framework is necessary, when conducted properly, and can help create a strong banking system for consumers and small businesses,” Chris Black, CEO, president and director at Thread Bancorp, Inc. and Thread Bank, said in a statement to PYMNTS.
“As such, we are dedicated to meeting all obligations, and we have already made substantial investments to improve our policies, processes, procedures and controls over the past three years — all in collaboration with the FDIC and the Tennessee Department of Financial Institutions (TDFI). We will continue to invest in our teams and services to ensure we meet the needs of, and provide strong protection for, our customers and partners as we move forward,” Black added.
Read more: Payments Execs Say Banking-as-a-Service Players Forgot the Banking Part
Navigating the complex web of financial regulations is a daunting task for any company, particularly for FinTech startups with limited resources. By partnering with established banks, FinTech companies can rely on their partners’ robust regulatory frameworks, reducing the burden of compliance.
That, at least, was the hope of BaaS: a shared compliance model that allows FinTechs to operate within the bounds of regulatory requirements while focusing on innovation and growth. But the way things have played out to-date hasn’t gone quite according to plan.
It was just a year ago (June 6, 2023) that the FDIC, the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) (collectively, the agencies) issued final guidance on managing risks associated with third-party relationships.
Since then, the fallout from Synapse’s chaotic bankruptcy has sorely tested the interconnectedness of the BaaS and FinTech landscape. Adding insult to injury, Synapse’s own primary banking partner, Evolve, last week (June 26) suffered a serious cyberattack, putting its risk controls under the spotlight.
“The regulators are now awake,” Thredd CEO Jim McCarthy told PYMNTS. “Too many people are focused on the ‘as a service’ part — but have ‘minored’ in the banking part, if at all … if you’re going to play in that space, I’d argue that if you fail at the banking, the service piece doesn’t matter.”
Read more: Synapse’s Downfall Provides Hard Lessons for Its B2B Partners
PYMNTS Intelligence found this past summer that 65% of banks and credit unions have entered into at least one FinTech partnership in the past three years, with 76% of banks viewing FinTech partnerships as necessary to meeting customer expectations. And a full 95% of banks are focused on using partnerships to enhance their own digital product offerings.
And Thread Bancorp, which was previously known as Civis, already had a history of regulatory actions. The company’s recent FinTech partnerships have enabled it to grow rapidly, from less than $100 million to over $720 million in from the end of 2020 to Q1’24, based on FDIC call reports.
“With complex ecosystems, you have a higher number of partners than you may have historically had” in the past, Larson McNeil, co-head of marketplaces and digital ecosystems at J.P. Morgan Payments, told PYMNTS. This creates new considerations for the corporate treasury function, including management of those partners and counterparty risk.
The Thread Bank case may serve as an indicator of how regulators are approaching the intersection of traditional banking and financial technology. As the financial landscape continues to evolve, the key to leveraging the BaaS model lies in fostering strong, transparent and mutually beneficial relationships between banks and FinTech firms. By doing so, they can collectively drive the future of banking toward greater inclusivity, efficiency and innovation.