2024 is fast becoming the summer of consent orders for smaller banks. With the news Friday (June 28) that Tennessee-based Thread Bancorp is now the latest financial institution (FI) to come under the Federal Deposit Insurance Corporation’s (FDIC) scrutiny, managing for the operational, compliance, and strategic risks that come with third-party tie-ups is top of mind for both banks and their FinTech partners.
FDIC Enforcement and Thread Bank’s Response
FDIC enforcement actions are typically made public on the last Friday of the month, and the order issued to Thread Bank, a popular partner bank for dozens of FinTechs, is unique in that it explicitly calls out the bank’s Banking-as-a-Service (BaaS) and Loan-as-a-Service (LaaS) programs.
Dated May 21, the order requires Thread Bank to implement a series of corrective measures without admitting or denying any unsafe or unsound banking practices. The corrective measures include establishing a more comprehensive third-party risk management program and setting up improved due diligence, monitoring, and exit planning for Thread’s FinTech partners. This requirement reflects the regulator’s increased attention to banks’ relationships with technology firms.
“Within one-hundred twenty (120) days of the effective date of this ORDER, the Bank’s BaaS and LaaS program policies and procedures should be thoroughly and completely documented, addressing, at a minimum, third party partner and customer approval requirements, due diligence processes, growth and stress modeling, ongoing AML/CFT compliance monitoring, and steps to unwind third-party business lines, including FinTech partners,” the FDIC wrote.
Thread’s FinTech and BaaS partners include Unit, through which it is a provider for Relay, Toolbox, Sequin, Currence, Arpari, and many other platforms. “We remain steadfastly committed to collaborating with regulators at the state and federal levels because we believe the regulatory framework is necessary, when conducted properly, and can help create a strong banking system for consumers and small businesses,” Chris Black, CEO, president, and director at Thread Bancorp, Inc. and Thread Bank, said in a statement to PYMNTS.
Bank’s Commitment to Compliance
“As such, we are dedicated to meeting all obligations, and we have already made substantial investments to improve our policies, processes, procedures, and controls over the past three years — all in collaboration with the FDIC and the Tennessee Department of Financial Institutions (TDFI). We will continue to invest in our teams and services to ensure we meet the needs of, and provide strong protection for, our customers and partners as we move forward,” Black added.
Navigating the complex web of financial regulations is a daunting task for any company, particularly for FinTech startups with limited resources. By partnering with established banks, FinTech companies can rely on their partners’ robust regulatory frameworks, reducing the burden of compliance.
That, at least, was the hope of BaaS: a shared compliance model that allows FinTechs to operate within the bounds of regulatory requirements while focusing on innovation and growth. But the way things have played out to-date hasn’t gone quite according to plan.
It was just a year ago (June 6, 2023) that the FDIC, the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) (collectively, the agencies) issued final guidance on managing risks associated with third-party relationships.
The Impact on FinTech Partnerships
Since then, the fallout from Synapse’s chaotic bankruptcy has sorely tested the interconnectedness of the BaaS and FinTech landscape. Adding insult to injury, Synapse’s own primary banking partner, Evolve, last week (June 26) suffered a serious cyberattack, putting its risk controls under the spotlight.
“The regulators are now awake,” Thredd CEO Jim McCarthy told PYMNTS. “Too many people are focused on the ‘as a service’ part — but have ‘minored’ in the banking part, if at all … if you’re going to play in that space, I’d argue that if you fail at the banking, the service piece doesn’t matter.”
When the Middle Falls out of Middleware
PYMNTS Intelligence found this past summer that 65% of banks and credit unions have entered into at least one FinTech partnership in the past three years, with 76% of banks viewing FinTech partnerships as necessary to meeting customer expectations. And a full 95% of banks are focused on using partnerships to enhance their own digital product offerings.
Thread Bancorp, which was previously known as Civis, already had a history of regulatory actions. The company’s recent FinTech partnerships have enabled it to grow rapidly, from less than $100 million to over $720 million from the end of 2020 to Q1 2024, based on FDIC call reports.
“With complex ecosystems, you have a higher number of partners than you may have historically had in the past,” Larson McNeil, co-head of marketplaces and digital ecosystems at J.P. Morgan Payments, told PYMNTS. This creates new considerations for the corporate treasury function, including management of those partners and counterparty risk.
The Thread Bank case may serve as an indicator of how regulators are approaching the intersection of traditional banking and financial technology. As the financial landscape continues to evolve, the key to leveraging the BaaS model lies in fostering strong, transparent, and mutually beneficial relationships between banks and FinTech firms. By doing so, they can collectively drive the future of banking toward greater inclusivity, efficiency, and innovation.
