Regulatory Tracker

The Reserve Bank of India cancelled the banking licence of Paytm Payments Bank Limited, effective Apr 24, 2026. The RBI cited persistent KYC failures, transaction limit breaches, and failure to meet licence conditions.

On April 17, 2026, the OCC, Federal Reserve, and FDIC issued revised interagency guidance on model risk management, addressing vendor and third-party products. The guidance is relevant to bank-fintech relationships where models are sourced from or operated by third parties.

On April 17, 2026, the OCC, Federal Reserve, and FDIC issued revised interagency guidance on model risk management. The guidance addresses sound principles for model development, validation, monitoring, and governance, including considerations for vendor and third-party products.

Bhutan's Royal Monetary Authority fined Bank of Bhutan more than Nu 228 million for AML failures, including governance deficiencies and delayed suspicious transaction reporting. The bank also faces a dividend ban and mandatory system audits.

The OCC entered into a consent order with The Federal Savings Bank in Chicago over deceptive marketing of VA cash-out refinance loans between 2022 and 2024. The bank neither admitted nor denied the allegations.

The OCC terminated a March 2024 enforcement action against JPMorgan Chase over failures to monitor trading activity on at least 30 global venues. The original action, paired with a Federal Reserve order, carried $348.2 million in penalties.

On April 15, 2026, SEC staff issued no-action relief for a UK bank's bail-in, allowing exchange of bailed-in bonds for shares without Securities Act registration. SEC Chairman Atkins directed broader rulemaking for foreign bank resolutions.

The FDIC rescinded its prior guidance on non-sufficient funds (NSF) fees on April 10, 2026. This action removes previously issued supervisory expectations around NSF fee practices for FDIC-supervised institutions.

The FDIC and OCC adopted a joint final rule prohibiting the agencies from taking adverse action against financial institutions based on reputation risk, including risk stemming from customers' political, social, cultural, religious views, or lawful business activities. The rule takes effect June 6, 2026.

The Federal Reserve terminated its 2018 enforcement action against Goldman Sachs on April 10, 2026, citing improved compliance controls in FX trading operations. The original action had included a $54.75 million fine for unsafe practices and internal control gaps.

FinCEN, the FDIC, OCC, and NCUA jointly proposed a major overhaul of AML/CFT regulations, modernizing the framework for the first time since the 1970s Bank Secrecy Act. The proposal introduces a risk-focused approach, expands FinCEN's enforcement consultation role, and adds AML program requirements for payment stablecoin issuers.

FTC Chairman sent warning letters to PayPal, Stripe, Visa, and Mastercard against 'debanking' customers based on political or religious views, citing a Trump Executive Order and threatening FTC investigations.

On April 7, 2026, FinCEN proposed a rule to coordinate federal banking agencies' anti-money laundering (AML) oversight, potentially limiting enforcement to serious deficiencies in banks' BSA/AML programs. The proposal could indirectly affect bank-fintech AML compliance obligations.

The FCA fined Dinosaur Merchant Bank Limited £338,000 for market abuse and systems failures. The firm was categorized under electronic money and payment institutions.

The SEC and CFTC signed a landmark memorandum of understanding on regulatory harmonization in March 2026, potentially affecting bank-fintech partnerships involving digital assets.

The FDIC published a speech or update on reforms to its regulatory toolkit, potentially addressing BaaS and third-party risk management supervisory approaches.

The Central Bank of Nigeria released a Fintech Policy Insight Report on February 2, 2026, proposing collaborative regulation for fintechs. The report outlines a Standing Fintech Engagement Forum, a Compliance-as-a-Service platform, and an expanded regulatory sandbox.

In January 2026, the US Treasury heightened Bank Secrecy Act/AML scrutiny on banks for fraud detection, especially involving nonprofits and government funds. This indirectly raises compliance risks for fintech partners handling high-volume transactions.

The CFPB allocated $46 million related to the Synapse/Evolve situation, addressing harm to consumers affected by the Synapse Financial Technologies collapse. Evolve Bank & Trust was a key banking partner in the Synapse middleware ecosystem.

Ohio's banking regulator reversed course in October 2025, easing its licensing position for bank partnerships under the Small Loan Act. This represents evolving state-level regulatory guidance on BaaS partnership structures.

The OCC issued a formal agreement with First National Bank of Pasco for unsafe practices, including BSA/AML risk management, suspicious activity reporting, and due diligence deficiencies. While not explicitly tied to fintech partnerships, the areas cited are highly relevant to BaaS oversight.

The CFPB took enforcement action against Synapse Financial Technologies, a BaaS middleware provider. The citation references the CFPB's official enforcement actions page for Synapse.

The Bank of Lithuania issued guidance in 2025 preparing EMIs and PIs for the REGATA reporting transition (Q1 2026) and MiCAR crypto-asset reporting requirements, including new safeguarding reports due by June 30, 2026.

The Bank of Lithuania revoked KogoPay UAB's electronic money institution (EMI) license in August 2025 due to capital shortfalls, delayed financial reporting, and insolvency. Bankruptcy proceedings were initiated after the firm admitted inability to meet its obligations.