FDIC Issues Consent Orders to Piermont Bank and Sutton Bank Over BaaS Failures

On April 3, 2024, the FDIC issued formal consent orders to Piermont Bank and Sutton Bank, citing compliance deficiencies tied to their Banking-as-a-Service partnerships. The enforcement actions focused on Bank Secrecy Act (BSA) and anti-money laundering shortcomings stemming from insufficient oversight of fintech partner activities. Sutton Bank, a prominent BaaS sponsor bank serving major fintechs such as Robinhood, Square, and Upgrade, was specifically required to retroactively collect customer identification data going back to July 2020.

The orders reflect a broader pattern of FDIC scrutiny targeting banks that provide infrastructure for fintech programs without maintaining adequate compliance controls. Industry analysts noted that these actions are part of an escalating regulatory trend aimed at ensuring safety, soundness, and consumer protection in bank-fintech arrangements. The consent orders are expected to force sponsor banks across the industry to re-evaluate their third-party risk management frameworks and invest more heavily in compliance infrastructure.

The development has significant implications for the BaaS ecosystem, potentially increasing costs and timelines for fintech companies seeking banking partners.