Thread Bank receives latest FDIC enforcement action

The year 2024 is quickly becoming the summer of settlement orders for smaller banks.

Since the news on Friday (June 28) that Tennessee-based Thread Bancorp has become the latest financial institution to be targeted by the Federal Deposit Insurance Corporation (FDIC), managing the operational, compliance and strategic risks associated with third-party collaborations has become a top priority for banks and their FinTech partners.

FDIC enforcement actions are typically made public on the last Friday of the month, and the order to Thread, a popular partner bank for dozens of FinTechs, is unique in that it explicitly mentions the bank’s banking-as-a-service (BaaS) and loan-as-a-service (LaaS) programs.

The May 21 order requires Thread Bank to implement a series of corrective actions without admitting or denying unsafe or unsound banking practices. The corrective actions include establishing a more comprehensive third-party risk management program and establishing enhanced due diligence, monitoring and exit planning for Thread’s fintech partners. This requirement reflects the regulator’s increased attention to banks’ relationships with technology companies.

“Within one hundred twenty (120) days of the effective date of this ORDER, the Bank’s BaaS and LaaS programs policies and procedures should be thoroughly and completely documented, addressing, at a minimum, approval requirements for third-party partners and customers, due diligence processes, growth and stress modeling, ongoing monitoring of compliance with anti-money laundering and anti-terrorist financing regulations, and steps for winding down third-party business lines, including FinTech partners,” the FDIC wrote.

Thread’s FinTech and BaaS partners include Unit, through which the company serves as a provider for Relay, Toolbox, Sequin, Currence, Arpari, and many other platforms.

“When vetting potential fintech clients, both Thread and Unit place a strong emphasis on compliance and oversight,” Unit wrote in a 2023 blog post.

“We remain committed to working with regulators at the state and federal levels because we believe the regulatory framework, if implemented properly, is necessary and can help create a strong banking system for consumers and small businesses,” Chris Black, CEO, president and director of Thread Bancorp, Inc. and Thread Bank, said in a statement to PYMNTS.

“As such, we are committed to meeting all obligations and have already made significant investments over the past three years to enhance our policies, processes, procedures and controls – all in collaboration with the FDIC and the Tennessee Department of Financial Institutions (TDFI). We will continue to invest in our teams and services to ensure we meet the needs of our customers and partners and provide them with strong protections well into the future,” Black added.

Read more: Payments executives say banking-as-a-service providers have forgotten the banking part

FinTech risks in financial supply chains

Navigating the complex web of financial regulations is a daunting task for any business, especially for FinTech startups with limited resources. By partnering with established banks, FinTech companies can rely on their partners’ robust regulatory frameworks, reducing compliance burdens.

At least that was the hope of BaaS: a common compliance model that would enable FinTechs to operate within regulatory requirements while focusing on innovation and growth. But so far, things haven’t quite gone according to plan.

Just one year ago (on June 6, 2023), the FDIC, the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) (collectively, the “Authorities”) issued final guidance on managing risks associated with third-party relationships.

Since then, the fallout from Synapse’s messy bankruptcy has severely tested the interconnectedness of the BaaS and FinTech landscape. To make matters worse, Synapse’s own main banking partner Evolve fell victim to a major cyberattack last week (June 26), putting its risk controls under the spotlight.

“Regulators are now awake,” Thredd CEO Jim McCarthy told PYMNTS. “Too many people are focused on the ‘as-a-service’ part – but have the banking part as a ‘secondary’ part, if at all… if you want to play in this space, I would argue that if you fail at banking, the service part doesn’t matter.”

Read more: The demise of Synapse is a hard lesson for its B2B partners

When the middle falls out of the middleware

PYMNTS Intelligence found last summer that 65% of banks and credit unions have entered into at least one FinTech partnership in the past three years. 76% of banks view FinTech partnerships as necessary to meet their customers’ expectations. And a full 95% of banks are focused on leveraging partnerships to enhance their own digital product offerings.

And Thread Bancorp, formerly known as Civis, already had a history of regulatory action. The company’s recent FinTech partnerships have enabled it to grow rapidly, from less than $100 million to over $720 million from the end of 2020 to the first quarter of 2024, based on FDIC call reports.

“With complex ecosystems, you have a higher number of partners than in the past,” Larson McNeil, co-head of marketplaces and digital ecosystems at JP Morgan Payments, told PYMNTS. This is leading to new considerations for the company’s treasury function, including managing those partners and counterparty risk.

The Thread Bank case can serve as an indicator of how regulators are addressing the interface between traditional banking and fintech. As the financial landscape evolves, the key to leveraging the BaaS model is to foster strong, transparent and mutually beneficial relationships between banks and FinTech companies. This way, they can work together to drive the future of banking toward greater inclusivity, efficiency and innovation.