PYMNTS MonitorEdge May 2024

FDIC Consent Orders Highlight FinTech Risk in Financial Supply Chains

It’s been well-documented that banks and FinTechs have been collaborating together on financial services innovation, where they once were mainly competitors.

But for the banks striking partnerships with these digital-only players, regulators are weighing in, which may in result in new approaches to how those partnerships are forged and maintained — and by extension, forcing the banks to weigh risks and rewards.

Call it a reexamination of the vulnerabilities inherent within the financial supply chain.   

To that end, and as disclosed in documents last week, the Federal Deposit Insurance Corp. entered consent orders against two banks, Sutton Bank and Piermont Bank, last month. The orders spotlight issues with third-party relationships and banking-as-a-service activities.

Third-Party Oversight

In the order against Piermont Bank, which is based in New York, the FDIC said, “The FDIC considered the matter and determined, and the Bank neither admits or denies, the bank engaged in unsafe and unsound banking practices relating to” internal controls and systems appropriate for “the nature, scope, complexity, and risk of its Third-Party Relationships.”  

The FDIC also mandated that there be review and assessment of “the collection of sufficient Data about the Third-Party Relationship, including the nature of the business arrangement and any associated Bank Activities or proposed new Bank Activities and the anticipated volume of these Bank Activities.”

Separately, Sutton Bank was ordered to develop and implement a revised plan that “Includes the appropriate assessment and oversight, both initial and ongoing, of any entity or party that has entered into a business relationship or arrangement with the Bank … wherein any AML/CFT regulatory requirement or obligation of the Bank is outsourced to the Third Party” in compliance with the Bank Secrecy Act.

As reported in February, Michael Hsu, the acting comptroller of the currency, said in a speech that risk-monitoring responsibilities become unclear when multiple firms with different incentives are involved.

“From a bank regulatory, micro-prudential perspective, our focus during this period must be to ensure that bank safety and soundness is maintained, consumers are protected and the playing field is level,” Hsu said.

And PYMNTS Intelligence found this past summer that  65% of banks and credit unions have entered into at least one FinTech partnership in the past three years, with 76% of banks viewing FinTech partnerships as necessary to meeting customer expectations. And a full 95% of banks are focused on using partnerships to enhance their own digital product offerings.