Blue Ridge Bank, N.A.
Martinsville, Virginia
In February 2024, the OCC escalated its enforcement against Blue Ridge Bank, N.A. by issuing a Cease and Desist Order (Docket Nos. AA-ENF-2023-68 and AA-ENF-2024-13), superseding the August 2022 formal agreement. The order cited unsafe or unsound practices including systemic BSA/AML deficiencies that violated laws, inadequate capital ratios, failures in strategic planning and liquidity risk management, and IT control weaknesses. Blue Ridge Bank is a well-known BaaS/sponsor bank that partners with fintechs in digital banking and payments. Although the order summary does not explicitly reference fintech or third-party risk, the bank's heavy reliance on fintech collaborations is widely understood to have amplified the operational risks that the OCC addressed, particularly with respect to BSA/AML compliance failures despite prior warnings.
Verified from source: The OCC issued a Cease and Desist Order against Blue Ridge Bank, N.A., Martinsville, Virginia, for unsafe or unsound practices including BSA/AML deficiencies, capital ratios, capital and strategic planning, liquidity risk management, and IT controls. The OCC also terminated the bank's formal agreement dated August 29, 2022, which was superseded by the cease and desist order.
- Signals that the OCC is willing to escalate from formal agreements to cease-and-desist orders when BaaS/sponsor banks fail to remediate compliance deficiencies
- Highlights BSA/AML compliance as a critical vulnerability for banks with extensive fintech partnership models
- May increase regulatory scrutiny of third-party oversight practices at other sponsor banks
- Demonstrates that prior enforcement actions do not shield banks from further escalation if root causes are not addressed
- OfficialOCC News Release NR 2024-15