July 15, 2025

From Consent Orders to Compliance: How Small Banks Can Stay Ahead

The message from regulators is loud and clear: financial institutions engaged in BaaS and third-party fintech partnerships must adopt robust compliance frameworks and adhere to compliance standards. Failure to do so will continue to result in significant enforcement actions, substantial financial penalties, and operational restrictions.

Since late 2023, the regulatory landscape has shifted dramatically. The explosive growth of fintech partnerships has increased complexity, and with it, regulatory pressure. Just take a look:

Institution Name Primary Regulator(s) Date of Action Primary Violations Cited
The Bancorp Bank FDIC, Delaware OSBC May 2020 (Terminated 2014 Order) BSA/AML, Sanctions
Anchorage Digital Bank OCC April 2022 BSA/AML
United Bank Limited FRB July 2018 AML, Risk Management
AllNations Bank FRB, Oklahoma SBD October 2018 BSA/AML, CDD, SAR
Vast Bank OCC October 2023 Capital, Strategic Planning, Liquidity Risk, IT Controls, Risk Management for New Products
First Fed Bank FDIC November 2023 Fair Lending, Third-Party Risk Management
Choice Financial Group FDIC, North Dakota DFI December 2023 BSA/AML, Third-Party Risk Management, CIP, CDD, SAR
Lineage Bank FDIC January 2024 Risk Management, Capital, Third-Party Risk Management
Blue Ridge Bank N.A. OCC January 2024 (Follow-up to 2022 Written Agreement) BSA/AML, Internal Controls, Independent Testing, BSA Staffing, Third-Party Risk Management
Piermont Bank FDIC February 2024 Unsafe/Unsound Practices, Internal Controls, Information Systems, BSA/AML, EFTA, TISA
Sutton Bank FDIC February 2024 Unsafe/Unsound Practices, BSA, AML/CFT
Evolve Bank & Trust FRB June 2024 Compliance, Risk Management, BSA/AML, OFAC, Consumer Compliance, Capital, Liquidity, Credit
Green Dot FRB July 2024 Deceptive Practices, Deficient Consumer Compliance Risk Management, BSA/AML
Axiom Bank, N.A. OCC October 2024 BSA/AML, Internal Controls, BSA Officer
Hatch Bank FDIC, California DFPI April 2025 (FDIC), May 2025 (DFPI) Unsafe/Unsound Practices, BSA/AML, Third-Party Oversight
Quaint Oak Bank FDIC May 2025 Unsafe/Unsound Practices, BSA, AML/CFT

The Key Themes in these Orders  

Third-Party Risk Management (TPRM):

Financial institutions must establish structured and robust processes for conducting due diligence during the onboarding of third-party fintech partners. Equally important is the need for ongoing monitoring of fintech activities throughout the partnership lifecycle, along with formalized offboarding procedures to mitigate residual risks.

Anti-Money Laundering (AML) and Bank Secrecy Act (BSA) Enhancements:
Banks must strengthen their compliance frameworks by addressing internal control gaps, ensuring independent testing, and maintaining adequate staffing levels. Suspicious activity must be identified promptly, and timely, accurate reporting is critical to maintaining regulatory compliance.

Senior Management Oversight and Strategic Planning:
Boards and senior management must be actively involved in the oversight of fintech and BaaS programs. This includes establishing formal governance structures and aligning fintech strategies with institutional risk appetite. Several recent enforcement actions, such as Lineage’s, have introduced capital planning requirements, including asset growth restrictions and mandatory capital buffers.

Fintech partnerships are powerful, they offer innovation, new revenue channels, and expanded reach. But they also create compliance risks, particularly for small banks and credit unions with limited staff, budgets and the know-how to handle them. Regulatory penalties are painful, but reputational damage is even more enduring.

How Across Helps

At Across, we provide end-to-end risk management tailored for small banks and credit unions. Whether you’re evaluating a new fintech partner, monitoring transaction activity, or preparing for an exam, our AI-powered platform and expert analysts help you stay compliant without stretching your internal resources.

Our services include:

Read Next Blog

© 2025 Across Technology Inc. All right reserved
Privacy policy
Terms of Use