Evolve Hit With Fed Enforcement Action, But Why Did It Take This Long?
Evolve Hit With Fed Enforcement Action, But Why Did It Take This Long?
Synapse Trustee Asks Agency Heads For Help, May Fintech Funding Stats
Hey all, Jason here.
I really enjoyed my brief trip to Norway (and, it turned out, a side trip to Sweden I didn’t know was happening) — driving through the fjords is a truly stunning experience. Now, back to regular programming!
As a result of the ongoing Synapse situation, I’ve had a lot of folks reach out wanting to learn more about the banking-as-a-service space — that’s why I’ll remind folks I wrote a market overview of Banking-as-a-Service, covering the history, business models, partner banks, and middleware intermediaries last year.
You can buy that report at a 50% discount here.
Also, for those in the consumer credit and BNPL space, highly recommend checking on Alex Johnson’s BNPL Virtual Summit this week — more info & tickets here.
If you enjoy reading this newsletter each Sunday and find value in it, please consider supporting me (and finhealth non-profits!) by signing up for a paid subscription. It wouldn’t be possible to do what I do without the support of readers like you!If you build fintech, this event is for you
Sponsored content: fintech_devcon is a conference made for developers, by developers. Each year, hundreds of fintech builders gather to learn best practices, shortcuts, and industry secrets from actual builders in fintech today.
Join the best and brightest fintech developers, engineers, product leaders, and founders in hands-on workshops and roadblock talks designed to help builders overcome common hurdles while building amazing things.
Get your ticket to connect with a community of amazing fintech builders and to hang out with the incredible Kelsey Hightower.
August 7-9, 2024 • Austin, TX • See the speaker lineup
Evolve Hit With Fed Enforcement Action, But Why Did It Take This Long?
Evolve, perhaps the most prolific fintech partner bank, was hit with a wide-ranging enforcement action stemming from its 2023 safety and soundness examination by its regulators, the St. Louis Federal Reserve Bank and the Arkansas State Banking Department (Evolve is technically located in West Memphis, Arkansas, not in Tennessee.)
The Federal Reserve Board took the unusual step of specifying that the enforcement action is independent of the still-unfolding bankruptcy of Evolve middleware partner Synapse, which has seen end users lose access to their funds for six weeks and counting.
Why it took regulators this long to act, when there were clear signs of egregious compliance failures for years, is worthy of further investigation.
While Synapse has certainly drawn a lot of attention to Evolve and its questionable business practices, it’s worth remembering Synapse was not the bank’s only poorly supervised fintech partner.
The list of problematic companies Evolve has or currently works with is a long one, and includes bankrupt crypto firms FTX and BlockFi, “anti-woke” neobank GloriFi, unlicensed peer-to-peer payday lender SoLo Funds, joke-cryptocurrency reward startup DogeCard, and “anonymous crypto debit card” ZELF:
In addition to Synapse, Evolve has worked with another middleware firm, Solid.
Solid has been at the center of numerous lawsuits, including being sued by its own investors for $61 million, who accused it and its cofounders of fraud. The matter was ultimately settled, with Solid buying back the investment — at a 56% discount.
But Solid together with Evolve face other legal challenges. EZBanc, a Solid client, allegedly leveraged the platform to use Evolve’s systems to commit fraud, resulting in multiple suits seeking to reclaim funds.
EZBanc’s sole officer, Gregory Donahue, changed his name after being banned from the securities industry for allegedly using his position to steal funds from a client suffering from dementia and then lying about it in on-the-record testimony he gave to securities industry regulator Finra.
EZBanc and Donahue also have links to a convicted Russian money launderer.
Separately, Solid and Evolve have also been linked to a Chinese crypto “pig butchering” scheme, leading to the US Secret Service freezing $5 million at the bank earlier this year, and, as early as 2020, Synapse and Evolve were linked to a $35 million ponzi scheme.
This is all to say, Synapse wasn’t a one-off, but rather an example of Evolve’s pattern of serious compliance failures over a number of years.
Yet in December, 2022, as venture firms Sequoia and Craft were urging their portfolio companies to move funds off of Mercury due to its exposure to Evolve, an Evolve spokesperson told Fintech Business Weekly in part (emphasis added) “[T]his is an example of why sponsor bank model works [sic]. Because Evolve is a well-capitalized, FDIC-insured institution with processes and procedures designed to limit risk to the bank and our customers, customer funds are secure…”
What’s In The Order?
The cease and desist against Evolve Bank & Trust and its bank holding company, Evolve Bancorp, appears to be the most wide-reaching enforcement action received by a BaaS bank in the current period of heightened regulatory scrutiny.
The order focuses squarely on Evolve’s Open Banking Division (OBD) and flags deficiencies with the bank’s risk management and compliance with laws, rules, and regulations relating to anti-money laundering, including the Bank Secrecy Act, AML requirements of Reg H, and regulations issued by the Office of Foreign Asset Control.
Interesting elements of the enforcement action include requiring:
the bank holding company to serve as a “source of strength,” including by providing necessary financial and managerial resources, to the bank
the board to strengthen oversight, including of BSA/AML and OFAC compliance
a written plan to enhance risk management of the OBD, including how the bank and its fintech partners handle consumer compliance and complaints
improvements to the bank’s capital planning framework to take into account elevated risks from its OBD activities and fintech partners
improvements to the bank’s liquidity risk management that take into account OBD’s activities and funding concentration risks
improvements to lending and credit risk management policies and procedures for OBD
enhancements to interest rate risk management appropriate for the size and complexity of the bank
a plan and timetable to correct information technology security deficiencies (for example, incorrectly configured security on Evolve’s support ticketing system exposed records of dozens of fintech clients like Mercury, Rho, and Yotta; it’s not clear if Evolve or fintechs ever made legally required data breach notifications)
enhancements to internal audit processes
an independent third party to review Evolve’s BSA/AML program and prepare a written report and recommendations
a written BSA/AML compliance program
a written customer due diligence plan, including how to remediate previous inadequate due diligence on fintech program end users
an independent third party to evaluate and make recommendations on Evolve’s transaction monitoring system
interim procedures for monitoring high-risk international wire transactions (like those used to facilitate the “pig butchering” scam mentioned above)
a written program to ensure timely reporting of suspicious transactions
an independent third party to do a lookback review on domestic and international wires associated with Evolve’s fintech partners for the period April 1, 2023, to September 30, 2023
submit a written plan to address Evolve’s compliance with OFAC regulations
supervisory non-objection before Evolve establishes any new fintech partners, subsidiaries, business lines, products, programs, services, or program managers related to OBD, or new products, programs, or services to an existing fintech partner, program manager, or subsidiary of OBD
providing supervisors with a liquidity impact analysis before exiting any existing fintech relationship
a written plan for planned sources and use of cash for debt service
supervisory non-objection before declaring or paying dividends, conducting share repurchases, or making any other capital distribution
supervisory non-objection before incurring or guaranteeing any new debt
Responding to questions about the enforcement action, an Evolve spokesperson attempted to downplay its significance, telling Fintech Business Weekly, “This order, which stemmed from a routine regulatory review in 2023 and is similar to orders received by others in the industry, does not affect our existing business, customers, or deposits.”
Despite Evolve’s protestations to the contrary, its enforcement action is remarkable, even in the context of other recent actions against BaaS banks.
For anyone in the bank-fintech partnership space, it is worth taking the time to closely read the order in its entirety, as it is instructive in regulators’ expectations of what controls are necessary and appropriate in banking-as-a-service operating models.
Were Arkansas, Fed Asleep At The Wheel?
In December 2023, just five days before Synapse cofounder Sankaet Pathak took the first tranche of a total of $320,000 of funds out of the company in the form of a personal loan and as Synapse was spiraling towards bankruptcy, the House Financial Services Committee held a field hearing in Arkansas on the topic of “Building Innovation Ecosystems Across America.”
As part of that hearing, the commissioner of the Arkansas Bank Department, Susannah Marshall, gave testimony touting the state’s pro-innovation bona fides. Marshall is also a member of the Conference of State Bank Supervisors board of directors and serves on the group’s Fintech and Innovation Steering group as well as being a liaison to the Federal Financial Institutions Examination Council.
In her testimony, Marshall emphasized the role of state regulators in protecting consumers, saying (emphasis added), “State regulators are the ‘boots on the ground,’ protecting consumers from companies that run afoul of or seek to circumvent state law. Their approach to consumer protection is strong and effective. State regulators are closer to the consumer and are locally accountable, a dynamic that greatly benefits consumers in need of regulatory assistance.”
Marshall even pointed out her state’s authority to supervise non-bank service providers, like Synapse, saying (emphasis added), “The Bank Service Company Act authorizes federal regulators to examine bank service providers for potential risks. Many state bank regulators, including my agency, have the same responsibility and explicit authority under state law to oversee the same vendors.”
Yet, despite the obvious and long-standing problems at Evolve, which Marshall, together with counterparts at the St. Louis Federal Reserve Bank, oversaw, and Synapse’s deteriorating financial condition, neither agency took any public action until after Synapse’s collapse — though, it’s worth noting, it’s impossible to know if any non-public actions, like raising matters requiring attention (MRAs), were previously issued, as these are deemed confidential supervisory information.
One can’t help but wonder if the hardship Synapse’s end users are now experiencing, which include harrowing stories of everyday people unable to buy food or pay rent, and even one distraught user contemplating suicide, could have been avoided had state and federal regulators acted sooner.
Evolve’s problematic practices and Synapse’s collapse didn’t come out of nowhere; indeed, they were an open secret in banking and fintech circles and had been brewing in plain sight for years.
As is too often the case, it can take a crisis like the one now unfolding to spur legislators and regulators to take action.
Industry sources have suggested Congressional hearings could shed additional light on what went wrong and how to avoid similar situations in the future.
What Does This Mean For Evolve and Fintech At Large?
Evolve grew at astonishing rate thanks to its fintech partnerships, with its on-balance sheet deposits growing by 313% from 2019 to 2022 — that aggressive growth alone should have been a red flag inviting further scrutiny to ensure that the bank’s controls were scaling to keep up with its expanding business.
Beyond Synapse, Evolve still works with numerous high-profile and large fintech firms, including names like Mercury, Stripe, Dave, Affirm, Airwallex, Branch, Step, Prizepool, and numerous others. Given the constraints placed on Evolve by the enforcement action, these firms are likely to look to shift business to other, unencumbered bank partners if and when they are able to.
Some other banks that have had similar consent orders have opted to exit the banking-as-a-service space altogether, and it is an open question whether or not Evolve may do the same. But unwinding these fintech relationships is likely to be far more complicated than it was to build them in the first place.
Banks and fintechs that had nothing to do with Evolve or Synapse are likely to experience ripple effects as well. Banks operating “complex, technology-driven partnerships” have already experienced heightened scrutiny, and that is only likely to increase.
Fintechs looking for new bank partners have already encountered markedly higher expectations around their financial condition and compliance capabilities, which also seem likely to get ratcheted up.
While it is certainly true that not all banks, middleware intermediaries, and fintechs present the same risks that Evolve, Synapse, and their partners did, every participant in the ecosystem is likely to be impacted by their failures.
Synapse Trustee Asks Regulators For Help As Progress On Returning Funds Appears To Slow
Last week’s status report and hearing saw incremental updates in Synapse’s bankruptcy case, as users’ inability to access their funds stretched into its sixth week.
New information in that Chapter 11 trustee’s filing includes:
The overall gap in funds remains between $65 million and $96 million. The reason it is a range “is due to there being held at certain Partner Banks approximately $31 million in Synapse-related funds from interest and rebate payments; however, further reconciliation efforts must be completed to determine the extent to which these funds belong to end users.”
The trustee has been in touch with two former engineer employees of Synapse in an attempt to gain access to Synapse’s AWS instance, but the former employees stated they do not have the necessary credentials.
Lineage holds $338,769 of remaining DDA funds to distribute.
Lineage holds about $61.8 million of DDA and FBO funds, of which about $61.4 million are FBO funds.
Lineage filed its own status report, documenting its reconciliation efforts to date, but noting challenges due to Synapse’s structure, saying, “Synapse’s business model was dependent on its accessibility to multiple FDIC-insured banking institutions. Against the backdrop of this framework, Synapse spread end-user funds across multiple banks. Thus, a single end- user could have a $50 balance at Bank A, a $100 balance at Bank B and a $50 overdraft at Bank C. This significantly complicates the reconciliation process.”
Lineage’s filing further stated that “[t]he Synapse-provided trial balance data available to Lineage is contradictory, does not match the actual flow of funds, and cannot be verified at the fintech platform level.”
AMG has paid out about $99 million of FBO funds with an additional $11 million waiting to be distributed.
Evolve has now distributed about $5.369 million of DDA funds to 3,317 end users and has an additional $644,000 to distribute to 12,339 end users.
Evolve still holds about $47 million in FBO funds it received as RDFI for Synapse Brokerage
Evolve filed its own status report, which included a jaw-dropping example of how user funds apparently have gone “missing,” as first reported by CNBC’s Hugh Son.
Evolve details that in ledger data for April 11, 2024, Yotta end users had a total of $109 million American Bank, AMG National Trust, and six banks that are part of American Depository Management’s sweep network.
Yet, a month later, the ledger data showed a mere $1.4 million of Yotta end users’ funds held at AMG, and no funds at American or ADM’s sweep network — but, Evolve says, it didn’t receive any funds from those institutions during that period.
Evolve’s statement calls for “[a] detailed investigation of what happened to these funds, or alternatively, why the Synapse-provided ledger reflected money movement that did not actually occur, must be undertaken to determine their actual disposition. One of the key questions that this investigation must answer is: How did the Synapse ledger amounts for Yotta end users at AMG, American Bank and the six Program Banks via ADM, go down but Yotta end users have not been paid any funds by any of these entities?”
If the funds are no longer at AMG, American, or in ADM’s sweep network but weren’t moved to Evolve, logic would suggest that Lineage Bank is the one holding those funds.
Synapse Trustee, Former FDIC Chair McWilliams, Asks Agencies To Help End Users
In an unprecedented move, the Chapter 11 trustee, former FDIC Chair Jelena McWilliams, sent letters to the heads of all relevant regulatory agencies: Fed Chair Jerome Powell, outgoing FDIC Chair Martin Gruenberg, Acting Comptroller of the Currency Michael Hsu, SEC Chair Gary Gensler, and President and CEO of Finra Robert Cook.
To date, no regulatory agency has directly commented on or addressed the impact of Synapse’s collapse, apart from the disclaimer in the FRB’s enforcement action against Evolve that the action was independent of the bankruptcy.
The FDIC did issue a consumer bulletin about “third party apps,” which did not specifically mention Synapse, but is widely understood to be a response, if an ineffectual one, to the still-unfolding disaster.
In her letter, McWilliams explained the background of the situation and requested that the agencies make resources available to assist end users affected by Synapse’s collapse.
McWilliams emphasized the seriousness of the situation, writing that (emphasis added) “[t]he impact of Synapse’s bankruptcy on end-users has been devastating. I understand that, without these funds, many end-users are unable to pay for basic living expenses and food.”
Specifically, McWilliams requested the agencies:
“encourage” partner banks reconciliation efforts to proceed
facilitate communication efforts with impacted end users, particularly the Federal Reserve, FDIC, and OCC, which each have consumer protection divisions, including by helping end users understand which Synapse partner banks hold their deposits and interaction with those partner banks
that the SEC and Finra leverage their consumer protection resources to help end users “with the ultimate goal of helping end-users whose funds are held in FBO accounts in the name of Synapse Brokerage”
that the agencies “establish a public-facing webpage, either jointly or in connection with your agencies’ existing websites, that will provide contact information at each agency to which affected end-users may direct their inquiries”
McWilliams closed her letter by inviting the agencies to provide status updates to the court in connection with the trustee’s weekly status reports.
Fintech Funding: Steady As She Goes
FT Partners released its June fintech market update and analysis, with month over month fundraising levels up slightly to about $5 billion in May. Recent funding highlights include Mexican payments and e-commerce enablement platform Clip’s $100 million round, US neobank for migrants Majority, and banking infrastructure for the underserved platform MoCaFi.
Other Good Reads
Fintech needs to grow up, and quick, to survive (The Hill)
Treasury Foresaw the Synapse Collapse Two Years Ago (The American Prospect)
Plaid Rolls Out Identity Verification Across Apps and Services (PYMNTS)
Apple scraps ‘buy now, pay later’ service in US just months after rollout (FT)
Semiannual Risk Perspective for Spring 2024 (Office of the Comptroller of the Currency)
About Fintech Business Weekly
Looking to work with me in any of the following areas? Email me.
Vendor, partner & investment opportunity advice and due diligence
Fintech advising & consulting
Sponsoring this newsletter
News tip or story suggestion — reach me on Signal at +1-316-512-1571