The FDIC recently entered into a consent order with Cross River Bank, one of the earliest banks to focus on Banking-as-a-Service (BaaS). Cross River is widely known as an active bank partner to both lending and cryptocurrency fintech companies, but the order primarily relates to its lending relationships. In particular, it precludes Cross River from onboarding new partners without FDIC approval and requires the bank to increase its supervision of management and credit underwriting controls, and to perform various risk assessments and audits of its lending practices and relationships.
The order is an important reminder of the emphasis that regulators place on BaaS banks’ oversight of their fintech partners. Such oversight must be based on strong contractual provisions that are properly operationalized. The oversight must be ongoing and should continue throughout the life of the BaaS relationships. Regulators also expect such banks to conduct fair lending risk assessments, develop a fair lending compliance plan, and ensure that their fintech partners have established appropriate compliance internal controls.