Regulatory Tracker — Page 3 of 6

The FCA opened one enforcement operation against a Payment Institution in 2024, as disclosed in its November 2024 FOI data. The specific institution and details of the enforcement were not publicly named.

Sutton Bank faced FDIC examination and potential enforcement action related to its bank-fintech relationships. CEO J. Anthony Gorrell was reportedly involved in the heightened oversight.

BaFin extended its special monitor mandate over German BaaS provider Solaris, requiring the company to obtain regulatory approval before onboarding new clients. The oversight dates back to 2022 and reflects ongoing concerns about the BaaS model following the Wirecard scandal.

The FCA fined Sigma Broking Limited £1,087,300 for transaction reporting failures. The base fine was doubled and a 40% aggravation increase was applied due to repeat offenses and failure to self-report.

The OCC, Federal Reserve, and FDIC jointly issued a statement on July 25, 2024, highlighting risks in third-party arrangements for bank deposit products and services. The statement emphasizes that banks retain full accountability for consumer protection, financial crimes prevention, and safe/sound practices despite outsourcing to fintechs.

The OCC, FDIC, and Federal Reserve issued a Request for Information seeking public comments on risks in bank-fintech arrangements, including accountability gaps, end-user confusion, rapid growth, concentration, liquidity, and data ownership.

The OCC, FDIC, and Federal Reserve jointly issued a statement reminding banks of risks in third-party arrangements with fintechs for delivering deposit, payment, and lending products. The statement outlines risk management examples without creating new rules.

NYDFS adopted Insurance Circular Letter No. 7 on July 11, 2024, establishing detailed requirements for insurers' use of artificial intelligence systems and external consumer data in underwriting and pricing. The guidance mandates discrimination assessments, actuarial validity testing, governance frameworks, and third-party vendor oversight.

The Federal Reserve issued a joint cease-and-desist consent order against Evolve Bank & Trust, in coordination with the Arkansas State Bank Department, for inadequate risk management of third-party fintech partnerships. The order cited deficiencies in AML compliance, consumer compliance, and fraud risk oversight.

The CFPB issued a $3.25M consent order against Chime Financial for illegal overdraft fee practices on deposit accounts held through partner banks The Bancorp Bank and Stride Bank.

CFPB issued a consent order against BloomTech, Inc. for originating 11,000+ income share agreements (ISAs) that violated TILA/Regulation Z, UDAAP, and the FTC Holder Rule. BloomTech was fined $64,235 (entity) and $100,000 (CEO), barred from consumer lending, and ordered to rescind ISAs.

The OCC issued a Cease and Desist Order against Blue Ridge Bank, N.A. for unsafe or unsound practices, including BSA/AML deficiencies, capital ratio issues, strategic planning failures, liquidity risk management weaknesses, and IT control deficiencies. This order superseded a prior formal agreement from August 2022.

The OCC entered into a Formal Agreement with The First National Bank of St. Ignace for weaknesses in capital planning, stress testing, strategic planning, and dividend payment violations.

The RBI barred Paytm Payments Bank from onboarding new customers and restricted basic payment services including UPI, effective February 29, 2024, due to persistent non-compliance including KYC lapses and suspicious transactions linked to potential money laundering.

NYDFS imposed an $8 million penalty on Genesis Global Trading for cybersecurity and virtual currency regulation violations. Genesis surrendered its BitLicense and ceased operations in New York.

The FTC filed a complaint in January 2024 against FloatMe, a fintech offering subscription cash advance products, alleging deception, subscription-related violations, and ECOA violations for discriminating against recipients of public assistance income.

Blue Ridge Bank faced regulatory penalties related to its BaaS partnerships with fintechs. The enforcement action highlights inadequate oversight of third-party relationships in the bank's embedded finance operations.

Cross River Bank faced regulatory penalties for fintech partnership oversight failures prior to 2024. The action prompted calls for stricter oversight and enhanced compliance requirements for the bank's fintech relationships.

Blue Ridge Bank received a second OCC consent order in 2024 related to ongoing monitoring deficiencies in its fintech partnerships. The bank had already shed over a dozen fintech partners in response to regulatory pressure.

The CFPB issued a consent order against Atlantic Union Bank in December 2023 for failures in obtaining and documenting consumer affirmative consent for regulated overdraft services during 2017–2020. The order required new phone opt-in procedures including sending disclosures and obtaining signatures.

The FDIC issued a consent order against First Fed Bank for unsafe practices, deceptive acts, and FTC Act violations stemming from its joint venture with fintech Quin Ventures. The bank was cited for misrepresenting credit products as unemployment insurance, approving unqualified consumers, and inaccurate fee disclosures.

The CFPB fined Enova International $15 million for violating a 2019 consent order through unauthorized debits, failure to honor extensions, and misrepresentations under the Consumer Financial Protection Act. Enova faced a 7-year ban on certain short-term loans.

Discover Financial faced an FDIC probe prompting a leadership shift and enhanced risk and compliance efforts. CEO Roger Hochschild departed amid the investigation, with interim leadership appointed.

The OCC established a new Office of Financial Technology in early 2023 to enhance supervisory expertise on digital assets, fintech partnerships, and emerging business models affecting OCC-supervised banks.