Regulatory Tracker — Page 5 of 6

FFIEC released its third 2021 update to the BSA/AML Examination Manual on December 1, 2021. The update added examiner evaluations for risks from charities/non-profits, PEPs, and independent ATM operators.

The Bank of Lithuania imposed a €65,000 penalty on European Merchant Bank for failing to manage risks of high-risk clients and other AML violations. The regulator also restricted its ability to serve existing and new payment institutions.

The DOJ, CFPB, and OCC settled a redlining lawsuit against Trustmark National Bank, a Mississippi-based national bank, imposing a $4 million OCC penalty for violations of the Fair Housing Act.

The CFPB published a proposed rule on small business lending data collection under the Equal Credit Opportunity Act (Regulation B), with implications for fintech and bank-fintech lending partnerships.

The CFPB issued a consent order against JPay LLC for violations of the Electronic Fund Transfer Act (EFTA). JPay handles payment services for incarcerated individuals.

The FFIEC issued updated authentication guidance for internet-based financial services on August 11, 2021. The guidance emphasizes risk assessments, layered security including multi-factor authentication, and customer waivers to mitigate unauthorized transaction liability.

Federal banking agencies (Federal Reserve, OCC, FDIC) issued joint guidance in August 2021 advising community banks on conducting due diligence when entering fintech partnerships. The guidance emphasizes risks including legal/regulatory compliance, AML, consumer protection, and contract terms.

The Federal Reserve published a guide in August 2021 for community banks on conducting due diligence for fintech third-party relationships. The guide covers legal compliance, risk management processes, contract provisions for audits, and consumer protection alignment.

The Bangko Sentral ng Pilipinas (BSP) ordered Lyka to suspend its payment system operations and register with the central bank. The action targeted Lyka's unregistered payment system activities.

The OCC, FDIC, and Federal Reserve jointly issued proposed interagency guidance on managing risks in third-party relationships, including fintech partnerships. The guidance emphasized enhanced due diligence across six key areas.

The CFPB issued a consent order against fintech GreenSky, LLC for enabling merchants to originate loans without consumer authorization. The order imposed up to $9 million in consumer redress and a $2.5 million civil money penalty.

The FTC reached an $18 million settlement with LendingClub over charges that the company misrepresented fees to consumers. LendingClub agreed to pay the amount to resolve claims of deceptive practices related to hidden fees.

FinCEN published AML/CFT national priorities for financial institutions, including fintechs partnering with banks, requiring institutions to tailor their AML compliance programs to identified threats. Regulators began examining compliance with these priorities.

The California Department of Financial Protection and Innovation (DFPI) reached a settlement with Chime Financial, Inc. for misleading use of the term "bank" without holding a banking license. Chime was required to stop using "chimebank.com," add bold disclosures near banking terminology, implement compliance procedures, and submit a progress report by June 15, 2021.

The FDIC fined a bank $1.8 million for UDAP violations related to collecting commercial debt. The specific bank name was not provided in the available source excerpt.

The FTC settled with Beam Financial, a mobile banking app operator, banning it from offering financial services. The settlement required full refunds to customers due to misrepresentations about fund access and interest rates.

NYDFS published its report on the Apple Card investigation in March 2021, examining potential discrimination in credit underwriting by Goldman Sachs, the issuing bank behind the Apple Card.

The FDIC published a final rule on parent companies of industrial banks and industrial loan companies (ILCs), establishing conditions and commitments for ILC parent companies. The rule was published in the Federal Register on February 23, 2021.

The NCUA imposed its first penalty against a credit union for AML compliance failures related to servicing marijuana-related businesses (MRBs). Live Life Credit Union was found to be relying on manual compliance processes to monitor approximately 150 MRB customers instead of implementing required automated systems.

New York enacted S.B. 5470, a TILA-like disclosure law for commercial financing that explicitly applies to fintech platforms using bank partner arrangements. Civil penalties up to $10,000 per willful violation are enforceable by the NY Department of Financial Services.

FinCEN and federal banking agencies issued FAQs on January 19, 2021, clarifying Suspicious Activity Report (SAR) requirements and risk-based approaches for financial institutions, including those handling high-risk clients like MSBs via partnerships.

The CFPB fined Santander $4.75 million in December 2020 for inaccurate auto loan data reporting under the Fair Credit Reporting Act. The action was not BaaS-related but involved consumer lending compliance.

The FDIC finalized a new brokered deposits rule on December 15, 2020, that excluded certain fintech-bank arrangements from brokered deposit restrictions. The rule was supportive of BaaS partnerships rather than punitive.

FinCEN issued guidance in December 2020 encouraging broader use of Section 314(b) voluntary information sharing among financial institutions for AML/CTF purposes. The guidance emphasized legal protections and benefits, potentially encompassing fintech entities in partnership with banks.