The Federal Deposit Insurance Corp. (FDIC) has taken regulatory action against two banks, Sutton Bank and Piermont Bank, in response to concerns regarding their third-party relationships and banking-as-a-service activities. In March 2024, the FDIC issued consent orders highlighting issues with internal controls and systems related to the nature, scope, complexity, and risk of third-party relationships. Piermont Bank, based in New York, was directed to review and assess data collection practices concerning third-party relationships, ensuring adequate information about business arrangements and associated bank activities.
Sutton Bank was instructed to develop and implement a revised plan for assessing and overseeing entities with which it enters business relationships, particularly concerning anti-money laundering and counter-terrorism financing regulatory requirements outsourced to third parties, in accordance with the Bank Secrecy Act. These regulatory actions reflect growing scrutiny from regulators regarding the risks and rewards associated with partnerships between traditional banks and fintech firms, as highlighted by acting Comptroller of the Currency Michael Hsu's remarks in February 2024 regarding the challenges of monitoring risk in such collaborative arrangements. Despite regulatory concerns, a PYMNTS Intelligence report found widespread participation in fintech partnerships among banks and credit unions, underscoring their perceived necessity in meeting customer expectations and enhancing digital product offerings.
