Regulatory Tracker

Regulatory Tracker — Page 5 of 7

Archive of enforcement actions, consent orders, and supervisory guidance impacting the BaaS and embedded finance ecosystem.

Subscribe to alerts
FDIC

Cross River Bank

Consent Order

Cross River Bank faced regulatory penalties for fintech partnership oversight failures prior to 2024. The action prompted calls for stricter oversight and enhanced compliance requirements for the bank's fintech relationships.

CFPB

Atlantic Union Bank

Consent Order

The CFPB issued a consent order against Atlantic Union Bank in December 2023 for failures in obtaining and documenting consumer affirmative consent for regulated overdraft services during 2017–2020. The order required new phone opt-in procedures including sending disclosures and obtaining signatures.

FDIC

First Fed Bank

Consent Order

The FDIC issued a consent order against First Fed Bank for unsafe practices, deceptive acts, and FTC Act violations stemming from its joint venture with fintech Quin Ventures. The bank was cited for misrepresenting credit products as unemployment insurance, approving unqualified consumers, and inaccurate fee disclosures.

CFPB

The CFPB fined Enova International $15 million for violating a 2019 consent order through unauthorized debits, failure to honor extensions, and misrepresentations under the Consumer Financial Protection Act. Enova faced a 7-year ban on certain short-term loans.

FDIC

Discover Financial Services

Consent Order (Proposed)

Discover Financial faced an FDIC probe prompting a leadership shift and enhanced risk and compliance efforts. CEO Roger Hochschild departed amid the investigation, with interim leadership appointed.

OCC

N/A — OCC internal reorganization

Organizational Announcement

The OCC established a new Office of Financial Technology in early 2023 to enhance supervisory expertise on digital assets, fintech partnerships, and emerging business models affecting OCC-supervised banks.

Bank of Lithuania

PayrNet (Railsr subsidiary)

Cease and Desist / Restrictions

The Bank of Lithuania imposed restrictions on PayrNet, a subsidiary of British BaaS provider Railsr, after finding gross and systematic AML violations. Grant Thornton Baltic was appointed to monitor mandatory AML improvements.

BaFin

Solaris

Cease and Desist

BaFin banned Solaris from entering new partnerships without regulatory approval and ordered AML-related upgrades. The BaaS provider was also required to observe transfer and cash payment limits for certain accounts.

CFPB

The CFPB proposed a rule in February 2023 to create a registry for supervised nonbanks that use restrictive form contracts, signaling heightened scrutiny of nonbank fintech practices. The rule targeted terms and conditions that seek to waive consumer rights.

NYDFS

Coinbase

Consent Order

The NY Department of Financial Services issued a consent order against Coinbase on January 4, 2023, for deficiencies in BSA/AML, KYC/CDD, transaction monitoring, and OFAC compliance. The order required remediation via an independent consultant and built on a prior MOU from February 2022.

CFPB

The CFPB fined ACI Worldwide $25 million in 2023 for processing $2.3 billion in unlawful payments tied to mortgage servicer Mr. Cooper, which caused overdraft fees for consumers. Banks remain liable for such third-party vendor failures.

FDIC

The FDIC published a rule on official sign and advertising requirements, false advertising, and misrepresentation of insured status in December 2022. The rule addresses how FDIC insurance status must be communicated, particularly relevant to fintech-bank deposit arrangements.

NYDFS

NYDFS established a prior approval requirement for virtual currency activities in 2022, requiring regulated entities to obtain approval before engaging in new or significantly different virtual currency-related business activities.

DFPI

In October 2022, the DFPI issued desist and refrain orders against 11 entities — nine crypto trading schemes, one DeFi platform, and one additional entity — for securities violations related to crypto activities.

DFPI

Nexo Group

Desist and Refrain Order

The California DFPI joined seven other states in a multi-state action against Nexo for offering its Earn Interest Product as unregistered securities via crypto deposit accounts. The desist and refrain order was issued on September 26, 2022.

OCC

Blue Ridge Bank

Formal Agreement

Blue Ridge Bancorp operated under a 2022 OCC formal agreement requiring improvements to BSA/AML compliance and third-party risk management. The order required OCC non-objection before onboarding new fintech partners or offering new products through existing third-party relationships.

OCC

The OCC outlined supervisory expectations for banks' use of artificial intelligence, relevant to BaaS platforms leveraging AI in lending and compliance. The guidance established standards for AI risk management in banking.

California DFPI

FinWise Bank

Cross-complaint (True Lender enforcement action)

The California DFPI filed a cross-complaint against OppFi in April 2022, alleging that OppFi—not its partner FinWise Bank—was the 'true lender' on high-interest loans, thereby violating California's 36% interest rate cap under AB 539. On February 24, 2026, a Los Angeles County Superior Court granted summary judgment in favor of OppFi, rejecting the DFPI's true lender theory.

FSB

The Financial Stability Board (FSB) issued observations in 2022 highlighting risks from Big Tech and fintech outsourcing to traditional banks, noting that complex structures complicate supervision of third-party fintech services.

CFPB

The CFPB announced on March 16, 2022, that it would leverage its UDAAP authority to prohibit discrimination in noncredit products such as deposits and payments. This guidance affects banks and their fintech partners offering these products.

DOJ

Unknown Sponsor Bank

Initiative/Investigation

The Department of Justice initiated redlining investigations using HMDA data, targeting banks and non-depository lenders—including potential fintech collaborators—for mortgage discrimination. The initiative bypasses prudential regulators in pursuing fair lending violations.

OCC

SoFi Bank, National Association

Conditional Charter Approval

The OCC conditionally approved SoFi's national bank charter, subjecting the fintech-turned-bank to full federal supervision. The approval included restrictions on crypto activities to ensure safe deposit and lending practices.

FTC

GLBA Safeguards Rule amendments became effective in January 2022 with a compliance deadline of December 2022. The amendments expanded coverage to 'finders' in fintech and mandated qualified overseers for information security programs.

Showing 97120 of 158