Regulatory Tracker

Regulatory Tracker — Page 6 of 7

Archive of enforcement actions, consent orders, and supervisory guidance impacting the BaaS and embedded finance ecosystem.

Subscribe to alerts
OCC

Blue Ridge Bank

Consent Order

The OCC issued a consent order against Blue Ridge Bank for unsafe practices in its BaaS program involving approximately 50 fintech partners. The order required improvements in third-party fintech oversight, AML/SAR compliance, and IT controls, and remained active into late 2023.

California DFPI

California DFPI issued a consent order against Wheels Financial Group (LoanMart), an auto title loan servicer, following a 'true lender' investigation into its partnership with a Utah state-chartered bank to potentially evade interest rate caps. LoanMart agreed not to market or service high-interest loans under $10,000 through state-chartered banks.

FinCEN

CommunityBank of Texas, N.A.

Civil Money Penalty

FinCEN assessed an $8 million civil money penalty against CommunityBank of Texas (CBOT) for willful AML program deficiencies spanning 2015–2019. The bank received a $1 million credit for a prior OCC penalty related to the same conduct.

California DFPI

Nano Banc

Cease and Desist

California DFPI issued a cease-and-desist order against Nano Banc, a fintech-chartered bank, for making unapproved management changes that violated a prior consent order. The action addresses governance and compliance failures.

FCA

The FCA imposed requirements on Viola Money (Europe) Limited, an authorised electronic money institution, to cease all regulated electronic money and payment services on 14 December 2021 due to serious concerns about its business operations and client dealings.

FinCEN

FFIEC released its third 2021 update to the BSA/AML Examination Manual on December 1, 2021. The update added examiner evaluations for risks from charities/non-profits, PEPs, and independent ATM operators.

Bank of Lithuania

The Bank of Lithuania imposed a €65,000 penalty on European Merchant Bank for failing to manage risks of high-risk clients and other AML violations. The regulator also restricted its ability to serve existing and new payment institutions.

OCC

Trustmark National Bank

Civil Money Penalty / Consent Order

The DOJ, CFPB, and OCC settled a redlining lawsuit against Trustmark National Bank, a Mississippi-based national bank, imposing a $4 million OCC penalty for violations of the Fair Housing Act.

CFPB

The CFPB published a proposed rule on small business lending data collection under the Equal Credit Opportunity Act (Regulation B), with implications for fintech and bank-fintech lending partnerships.

CFPB

JPay LLC

Consent Order

The CFPB issued a consent order against JPay LLC for violations of the Electronic Fund Transfer Act (EFTA). JPay handles payment services for incarcerated individuals.

FFIEC

The FFIEC issued updated authentication guidance for internet-based financial services on August 11, 2021. The guidance emphasizes risk assessments, layered security including multi-factor authentication, and customer waivers to mitigate unauthorized transaction liability.

Federal Reserve

The Federal Reserve published a guide in August 2021 for community banks on conducting due diligence for fintech third-party relationships. The guide covers legal compliance, risk management processes, contract provisions for audits, and consumer protection alignment.

BSP (Bangko Sentral ng Pilipinas)

Lyka

Cease and Desist

The Bangko Sentral ng Pilipinas (BSP) ordered Lyka to suspend its payment system operations and register with the central bank. The action targeted Lyka's unregistered payment system activities.

OCC | FDIC | Federal Reserve

Industry-Wide (All Banks)

Proposed Interagency Guidance

The OCC, FDIC, and Federal Reserve jointly issued proposed interagency guidance on managing risks in third-party relationships, including fintech partnerships. The guidance emphasized enhanced due diligence across six key areas.

CFPB

GreenSky, LLC

Consent Order

The CFPB issued a consent order against fintech GreenSky, LLC for enabling merchants to originate loans without consumer authorization. The order imposed up to $9 million in consumer redress and a $2.5 million civil money penalty.

FTC

The FTC reached an $18 million settlement with LendingClub over charges that the company misrepresented fees to consumers. LendingClub agreed to pay the amount to resolve claims of deceptive practices related to hidden fees.

FinCEN

FinCEN published AML/CFT national priorities for financial institutions, including fintechs partnering with banks, requiring institutions to tailor their AML compliance programs to identified threats. Regulators began examining compliance with these priorities.

FDIC

The FDIC fined a bank $1.8 million for UDAP violations related to collecting commercial debt. The specific bank name was not provided in the available source excerpt.

California DFPI

Chime Financial, Inc.

Settlement Agreement

The California Department of Financial Protection and Innovation (DFPI) reached a settlement with Chime Financial, Inc. for misleading use of the term "bank" without holding a banking license. Chime was required to stop using "chimebank.com," add bold disclosures near banking terminology, implement compliance procedures, and submit a progress report by June 15, 2021.

FTC

Beam Financial Inc.

Stipulated Final Order (Consent Order)

The FTC settled with Beam Financial, a mobile banking app operator, banning it from offering financial services. The settlement required full refunds to customers due to misrepresentations about fund access and interest rates.

NYDFS

NYDFS published its report on the Apple Card investigation in March 2021, examining potential discrimination in credit underwriting by Goldman Sachs, the issuing bank behind the Apple Card.

FDIC

The FDIC published a final rule on parent companies of industrial banks and industrial loan companies (ILCs), establishing conditions and commitments for ILC parent companies. The rule was published in the Federal Register on February 23, 2021.

NCUA

Live Life Federal Credit Union

Cease and Desist Order

The NCUA imposed its first penalty against a credit union for AML compliance failures related to servicing marijuana-related businesses (MRBs). Live Life Credit Union was found to be relying on manual compliance processes to monitor approximately 150 MRB customers instead of implementing required automated systems.

FinCEN

FinCEN and federal banking agencies issued FAQs on January 19, 2021, clarifying Suspicious Activity Report (SAR) requirements and risk-based approaches for financial institutions, including those handling high-risk clients like MSBs via partnerships.

Showing 121144 of 158