Cable

In light of Senator Warren’s recent statement on BaaS and fintech partnerships, it’s clear that regulatory oversight in this space is more critical than ever. The rapid growth of partnerships between traditional banks, BaaS providers, and fintechs like Stripe, Finastra, and Chime presents new risks to consumers and the broader financial system. The collapse of fintech firms like Synapse highlights how insufficient oversight can leave consumers exposed. As BaaS revenue is projected to grow tenfold by 2026, the need for real-time compliance testing is more urgent than ever. Relying on outdated, manual methods will no longer be enough to safeguard against the rising risks. Banks and fintechs must move beyond reactive and manual compliance approaches, embracing automated solutions to test that their third-party compliance vendors and controls are TRULY effective and working. With increased scrutiny on BaaS partnerships, the call for stronger compliance oversight is clear. We’re here to help banks and fintechs move from manual to proactive and automated compliance, providing peace of mind in an industry where the stakes are only getting higher. Stay tuned for a deeper dive in my upcoming blog on Monday.

The Office of the Comptroller of the Currency dropped an #AML and #Sanctions consent order this afternoon for #WellsFargo. This $1.74T asset bank is a behemoth and fittingly, received a massive order. While it is 28 pages, the amount of effort it will take to right this ship is overwhelming and I'm just rubbernecking. Some highlights below... 1) Failures in front and second line functions… the word #effective was used so many times. “To ensure effective implementation…” “an effective process to ensure the bank maintains sufficient front-line staff…” “to ensure effective testing by personnel…” Makes me wonder how big banks like this will go about ensuring the talent of their front/second line? It cannot just be certifications and resumes… what about hard wiring? (Like what we have developed at Hyper-S Research) 2) Audit function… if your audit function isn’t asking for MIS exports and reviewing the effectiveness of your AML monitoring system… get a new auditor. Something new though, their new Audit Plan, must “include appropriate audit test scripts designed to ensure consistent execution of BSA/AML and OFAC Sanctions audits across the enterprise”. Very specific. 3) Risk Assessment… same old stuff. BUT huge task ahead of WF folks. The RA must – 1) have an assessment separately within the Bank’s business lines *and* on a consolidated basis across all of the Bank’s products, channels, transactions, customers, and geographies; 2) be presented to the Board promptly and the Board must “provide credible challenge to the BSA/AML and OFAC Sanctions Risk Assessment and any subsequent updates and document its review in the Board minute”; and 3) targeted RAs must have “meaningful risk analysis” regarding certain products, services, customers, geographies, and affiliate relationships and shared services. 4) #Data again! Unique task ahead of them… WF must establish a methodology for, and conduct, an assessment to evaluate whether the Bank’s entirety of their systems from soup to nuts is effective, and whether additional investments are needed to upgrade all of those systems (they listed several, pg. 16) 5) Data landscape again…requiring a Data Integrity Program, which at a bank this big is a massive undertaking given all the siloed and subs. Very expensive and time consuming. Hopefully they get the right AML folks, not just data folks in this effort. The order outlines almost 2 pages of what this Program must cover. 6) #OFAC being an issue again. This section has less words but mainly screams “why didn’t you operationalize the Treasury Framework??” 7) Restrictions on new businesses, products, services, and geographies. In a bank this size, who will be the wrangler of all of those sub systems & product decision makers? So many lessons to learn from in this order. Just as a refresher... in the last 2 months we have seen detailed orders w/ pillar violations from a $63MM bank *AND* this $1.75T bank. No matter your size, pillar issues matter. #ifollowdirtymoney