Blue Ridge Bank
Charlottesville, Virginia
The OCC issued a consent order against Blue Ridge Bank due to unsafe or unsound banking practices in its banking-as-a-service (BaaS) program, which encompassed approximately 50 fintech partners. The order mandated improvements in third-party fintech oversight, anti-money laundering controls, suspicious activity reporting, and IT controls. As a result, Blue Ridge Bank offboarded roughly 12 fintech partners and was restricted from entering new third-party contracts without prior OCC approval. The bank also faced elevated capital requirements, including a 10% leverage ratio and 13% total capital ratio. The consent order remained active and impactful through 2023, as the bank continued restructuring its BaaS operations. This action became one of the most prominent examples of regulatory crackdowns on the sponsor bank model.
Verified from source: The OCC issued a 2022 consent order against Blue Ridge Bank after finding unsafe or unsound practices in its BaaS fintech partnership program involving roughly 50 partners, requiring improvements in third-party fintech oversight, AML risk management, suspicious activity reporting, and IT controls. The order remained active into late 2023 with the bank offboarding partners and facing higher capital requirements.
- One of the landmark enforcement actions that signaled intensified OCC scrutiny of the BaaS sponsor bank model
- Elevated capital requirements set a precedent for punitive capital buffers on banks with poorly managed fintech programs
- Restriction on new fintech partnerships without OCC approval effectively froze BaaS growth at Blue Ridge
- Prompted industry-wide reassessment of third-party risk management frameworks for BaaS banks
- NewsBanking Dive