In a recent development, Thread Bank, a financial institution based in Rogersville, Tennessee, has come under the regulatory radar with the issuance of a consent order by the Federal Deposit Insurance Corporation (FDIC). This order casts a spotlight on the bank’s need for major revamping in its banking practices, particularly in the realms of information technology (IT) procedures, anti-money laundering (AML) measures, and overall risk management strategies.
Thread Bank, renowned as a prominent banking-as-a-service provider for over 20 distinct FinTech partners, now faces a critical juncture necessitating substantial improvements in several operational facets to align with regulatory standards.
Key Points of Concern:
- FDIC Mandate: The consent order, effective from May 21, 2024, delineates crucial areas of concern that Thread Bank must promptly address. These areas encompass strengthening board oversight, updating strategic blueprints, refining enterprise risk schemes, and enhancing policies and procedures to ensure robust AML and countering the funding of terrorism (CFT) compliance. Of significant importance is the heightened focus on monitoring their banking-as-a-service and lending-as-a-service offerings.
Key Requirements Outlined in the Consent Order:
Board Oversight:
The Board must meticulously document actions taken to meet the order’s requisites in meeting minutes. They must also ascertain that the bank possesses adequate policies, workforce, and systems to adhere to the order’s stipulations.
Strategic Plan:
Within a span of 120 days, the board must revise the bank’s strategic framework to account for examination results and recommendations. This plan should encompass financial objectives, profit strategies, liquidity management, and bolstering support for AML/CFT initiatives.
Enterprise Risk Management:
The bank is obligated to renovate its risk management schema based on examination findings. This includes establishing risk thresholds tailored to fintech partners through financial evaluations under diverse scenarios.
AML/CFT Compliance:
Thread Bank must evaluate its AML/CFT capacities and appoint a proficient individual to supervise compliance. A written plan outlining compliance strategies must be devised and submitted to the FDIC within 120 days, ensuring internal controls are robust to abide by AML/CFT regulations.
Fintech Partnerships Oversight:
The bank’s third-party risk management program requires a facelift to navigate the complexities of FinTech collaborations. This involves instituting documented risk assessments, customer due diligence protocols, and surveillance mechanisms for detecting suspicious transactions.
Policies and Procedures:
A comprehensive review and update of all policies and procedures are mandated to align with current objectives and risk thresholds. An internal control framework must be established to monitor policy modifications and assess adherence.
In Conclusion:
The FDIC’s consent order accentuates the escalating regulatory scrutiny confronting banks entwined in FinTech alliances. Thread Bank, recognized for its collaboration with various fintech entities, must now elevate regulatory compliance standards, primarily focusing on overseeing its array of FinTech partners in the wake of recent industry incidents. This move underscores the evolving landscape of regulatory oversight directed towards banks engaged in FinTech operations, emphasizing accountability towards FinTech partner customers and their financial assets.