The news: Piermont Bank and Sutton Bank just joined the growing list of financial institutions with banking-as-a-service (BaaS) partnerships that have received consent orders from the Federal Deposit Insurance Corporation (FDIC), per American Banker.

Sutton’s consent order: The Ohio-based bank works with various fintechs, such as Robinhood, Square, and Upgrade, and provides the banking services behind many prepaid card programs.

• Its consent order alleges it failed to adequately ensure compliance related to the Bank Secrecy Act (BSA).
• Within 60 days, the bank must collect all required customer information for all prepaid card customers dating back to July 2020.
• This is to ensure the real identities of these customers are known, and suspicious activity is reported, per American Banker.

Piermont’s consent order: The New York-based bank offered banking services to fintechs both directly and through Treasury Prime and Unit, per Fintech Business Weekly.

• Piermont Bank’s consent order alleged that it lacked adequate internal controls and information systems relative to its size and the complexity of its third-party relationships, and that it also lacked insufficient oversight of business arrangements and displayed weaknesses in board supervision of asset growth. 
• The bank has already ended its relationship with Unit but will continue to partner with Treasury Prime.
• The bank was also ordered to review its EFT disputes since August 2020 and review all transactions since September 2022 to ensure it reported all suspicious activity, per Banking Dive.

Through multiple LinkedIn posts, Unit investors implied that Treasury Prime was to blame for Piermont’s consent order, per Fintech Business Weekly.

How the industry has reacted: Throughout the banking sector, there’s a general sense of regulatory dread around which bank will wind up in the news next.

• American Fintech Council CEO Phil Goldfeder also told American Banker that it feels as though regulators are unfairly targeting innovation in the banking industry.
• Piermont’s CEO Wendy Cai-Lee told American Banker, “Every bank that touches BaaS is getting an enforcement action.”
• And fintech advisor Jason Mikula said, “I imagine if regulators look hard enough at any bank doing BaaS/fintech…that they will find some problem.”

What’s next: Banks with BaaS relationships or fintech partnerships should expect the FDIC to dig deeper into those relationships, especially as they relate to BSA-related compliance. It’s past time to ensure that all activities remain 100% compliant with federal banking laws, particularly in BSA-related activity.

• But these relationships aren't going away, nor should banks avoid them if they help improve customer service. However, as we always say, calculate the costs of ensuring compliance into that equation.