Regulatory Tracker

Regulatory Tracker — Page 4 of 7

Archive of enforcement actions, consent orders, and supervisory guidance impacting the BaaS and embedded finance ecosystem.

Subscribe to alerts
NYDFS

Yellowstone Capital

Judgment/Settlement

New York Attorney General Letitia James secured a judgment exceeding $1 billion against Yellowstone Capital and affiliates for predatory loans disguised as merchant cash advances to over 18,000 small businesses. The scheme involved usurious interest rates and hidden fees.

Bank of Lithuania

Alternative Payments

License Revocation

The Bank of Lithuania revoked the license of an unnamed EMI or PI, citing 10 regulatory violations, with one violation referred to the Court of Justice of the European Union (CJEU) concerning direct debit services.

Bank of Lithuania

Foxpay

License Revocation

The Bank of Lithuania revoked Foxpay's electronic money institution (EMI) license on November 22, 2024, for laundering approximately €17 million between 2023-2024 and bribing AML officers.

CFPB

The CFPB finalized a rule defining larger participants in the general-use digital consumer payment applications market, enabling supervision of nonbanks with 50 million or more annual transactions. This rule was published around November 2024.

FCA

The FCA published updated guidance on its approach to payment services and electronic money in November 2024, reflected in tracked-changes revisions to its 2017 approach document.

FCA

Unknown Payment Institution

Enforcement Operation

The FCA opened one enforcement operation against a Payment Institution in 2024, as disclosed in its November 2024 FOI data. The specific institution and details of the enforcement were not publicly named.

FCA

The FCA imposed voluntary requirements (VREQs) on three Electronic Money Institutions in 2024 through November. VREQs often restrict activities such as ceasing payment services, imposing onboarding bans, or requiring prior FCA consent for fund safeguarding.

FCA

The FCA disclosed aggregate enforcement data for Electronic Money Institutions (EMIs) and Payment Institutions (PIs) through November 2024, revealing ongoing use of VREQs, OIREQs, enforcement operations, and s166 skilled person reviews. In 2024 YTD, EMIs received 3 VREQs and 6 s166 reviews, while PIs received 1 enforcement operation, 1 OIREQ, 2 VREQs, and 1 s166 review.

FCA

Unknown EMIs (6 institutions)

s166 Skilled Person Review

The FCA commissioned six s166 skilled person reviews of Electronic Money Institutions in 2024 through November. These reviews are used to independently assess whether firms meet regulatory requirements.

FDIC

Sutton Bank

Consent Order

Sutton Bank faced FDIC examination and potential enforcement action related to its bank-fintech relationships. CEO J. Anthony Gorrell was reportedly involved in the heightened oversight.

BaFin

Solaris

Regulatory Oversight/Special Monitor

BaFin extended its special monitor mandate over German BaaS provider Solaris, requiring the company to obtain regulatory approval before onboarding new clients. The oversight dates back to 2022 and reflects ongoing concerns about the BaaS model following the Wirecard scandal.

FCA

The FCA fined Sigma Broking Limited £1,087,300 for transaction reporting failures. The base fine was doubled and a 40% aggravation increase was applied due to repeat offenses and failure to self-report.

OCC, Federal Reserve, FDIC

N/A — Industry-wide joint statement

Guidance / Joint Statement

The OCC, Federal Reserve, and FDIC jointly issued a statement on July 25, 2024, highlighting risks in third-party arrangements for bank deposit products and services. The statement emphasizes that banks retain full accountability for consumer protection, financial crimes prevention, and safe/sound practices despite outsourcing to fintechs.

OCC, FDIC, Federal Reserve

Industry-Wide

Guidance / Request for Information

The OCC, FDIC, and Federal Reserve issued a Request for Information seeking public comments on risks in bank-fintech arrangements, including accountability gaps, end-user confusion, rapid growth, concentration, liquidity, and data ownership.

NYDFS

NYDFS adopted Insurance Circular Letter No. 7 on July 11, 2024, establishing detailed requirements for insurers' use of artificial intelligence systems and external consumer data in underwriting and pricing. The guidance mandates discrimination assessments, actuarial validity testing, governance frameworks, and third-party vendor oversight.

Federal Reserve

Evolve Bank & Trust

Cease and Desist

The Federal Reserve issued a joint cease-and-desist consent order against Evolve Bank & Trust, in coordination with the Arkansas State Bank Department, for inadequate risk management of third-party fintech partnerships. The order cited deficiencies in AML compliance, consumer compliance, and fraud risk oversight.

CFPB

The Bancorp Bank

Consent Order

The CFPB issued a $3.25M consent order against Chime Financial for illegal overdraft fee practices on deposit accounts held through partner banks The Bancorp Bank and Stride Bank.

CFPB

BloomTech, Inc.

Consent Order

CFPB issued a consent order against BloomTech, Inc. for originating 11,000+ income share agreements (ISAs) that violated TILA/Regulation Z, UDAAP, and the FTC Holder Rule. BloomTech was fined $64,235 (entity) and $100,000 (CEO), barred from consumer lending, and ordered to rescind ISAs.

OCC

Blue Ridge Bank, N.A.

Cease and Desist Order

The OCC issued a Cease and Desist Order against Blue Ridge Bank, N.A. for unsafe or unsound practices, including BSA/AML deficiencies, capital ratio issues, strategic planning failures, liquidity risk management weaknesses, and IT control deficiencies. This order superseded a prior formal agreement from August 2022.

OCC

The OCC entered into a Formal Agreement with The First National Bank of St. Ignace for weaknesses in capital planning, stress testing, strategic planning, and dividend payment violations.

RBI

Paytm Payments Bank

Cease and Desist

The RBI barred Paytm Payments Bank from onboarding new customers and restricted basic payment services including UPI, effective February 29, 2024, due to persistent non-compliance including KYC lapses and suspicious transactions linked to potential money laundering.

NYDFS

NYDFS imposed an $8 million penalty on Genesis Global Trading for cybersecurity and virtual currency regulation violations. Genesis surrendered its BitLicense and ceased operations in New York.

FTC

FloatMe Corp.

Complaint

The FTC filed a complaint in January 2024 against FloatMe, a fintech offering subscription cash advance products, alleging deception, subscription-related violations, and ECOA violations for discriminating against recipients of public assistance income.

OCC

Blue Ridge Bank

Consent Order

Blue Ridge Bank received a second OCC consent order in 2024 related to ongoing monitoring deficiencies in its fintech partnerships. The bank had already shed over a dozen fintech partners in response to regulatory pressure.

Showing 7396 of 158