The message from regulators is loud and clear: financial institutions engaged in BaaS and third-party fintech partnerships must adopt robust compliance frameworks and adhere to compliance standards. Failure to do so will continue to result in significant enforcement actions, substantial financial penalties, and operational restrictions.

Since late 2023, the regulatory landscape has shifted dramatically. The explosive growth of fintech partnerships has increased complexity, and with it, regulatory pressure. Just take a look:

The Key Themes in these Orders  

Third-Party Risk Management (TPRM):

Financial institutions must establish structured and robust processes for conducting due diligence during the onboarding of third-party fintech partners. Equally important is the need for ongoing monitoring of fintech activities throughout the partnership lifecycle, along with formalized offboarding procedures to mitigate residual risks.

Anti-Money Laundering (AML) and Bank Secrecy Act (BSA) Enhancements:
Banks must strengthen their compliance frameworks by addressing internal control gaps, ensuring independent testing, and maintaining adequate staffing levels. Suspicious activity must be identified promptly, and timely, accurate reporting is critical to maintaining regulatory compliance.

Senior Management Oversight and Strategic Planning:
Boards and senior management must be actively involved in the oversight of fintech and BaaS programs. This includes establishing formal governance structures and aligning fintech strategies with institutional risk appetite. Several recent enforcement actions, such as Lineage’s, have introduced capital planning requirements, including asset growth restrictions and mandatory capital buffers.

‍

Fintech partnerships are powerful, they offer innovation, new revenue channels, and expanded reach. But they also create compliance risks, particularly for small banks and credit unions with limited staff, budgets and the know-how to handle them. Regulatory penalties are painful, but reputational damage is even more enduring.

How Across Helps

At Across, we provide end-to-end risk management tailored for small banks and credit unions. Whether you’re evaluating a new fintech partner, monitoring transaction activity, or preparing for an exam, our AI-powered platform and expert analysts help you stay compliant without stretching your internal resources.

Our services include:

• Third-party fintech risk assessments during onboarding 
• Real-time and post-transaction monitoring including  investigations of suspicious cases
• Periodic risk evaluation
• AML backtesting

‍