Breaking: Blue Ridge In "Troubled Condition" After Receiving 2nd OCC Enforcement Action

Latest Action Signals Regulatory Scrutiny of BaaS Is Far From Over

Hey all, Jason here.

I know, it’s early Friday morning (actually, late Thursday on the US West Coast), but, when fintech news breaks, you know I’ve got you covered.

Don’t worry, there will still be a regular Sunday morning newsletter. Buckle up, because it feels like 2024 might be another bumpy ride for fintech and banking, at least from a regulatory perspective.

If you enjoy reading this newsletter each Sunday and find value in it, please consider supporting me (and finhealth non-profits!) by signing up for a paid subscription. It wouldn’t be possible to do what I do without the support of readers like you!

Blue Ridge In “Troubled Condition” After Receiving 2nd OCC Enforcement Action

On Wednesday, January 24th, Blue Ridge Bank entered into a new material agreement with its federal regulator, the OCC, Fintech Business Weekly can be the first to report.

The new enforcement action is the second the bank has entered into in less than 18 months — regulatory scrutiny of banking-as-a-service spilled into public view with Blue Ridge’s first order in September 2022.

The new order generally incorporates and expands on provisions from the prior order, suggesting Blue Ridge hasn’t made sufficient progress on meeting the conditions and mitigating the concerns raised in 2022’s order, which focused heavily on BSA/AML compliance, staffing adequacy, and change management and controls in IT systems.

Blue Ridge has historically worked both with direct fintech partners and via a relationship with banking-as-a-service middleware platform Unit. Following the consent order, Blue Ridge has retreated from the fintech/partner banking space, and, at the end of last year, announced a $150 million capital raise in a private placement deal.

The new order doubles down on Blue Ridge and its partners’ apparent failures to comply with Bank Secrecy Act (BSA), anti-money laundering (AML), and third-party risk management (TPRM) requirements.

Among other things, the new order requires the bank and its board of directors to:

• Maintain a compliance committee to monitor and oversee compliance with the order

• Submit a written BSA compliance plan and “to address all Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) deficiencies, violations and corrective actions communicated to the Bank”

• Develop a written program to effectively assess and manage risks posed by third-party relationships

• Receive written non-objection from the OCC before onboarding new fintech relationships or offering new products or services through existing relationships

• Ensure onboarding of new end user accounts in existing fintech relationships and their subpartners meet BSA/AML requirements, and that risks are effectively controlled for each existing third-party fintech relationship

• Adopt a revised and expanded BSA audit program

• Ensure the bank’s BSA department is appropriately staffed with personnel with the needed experience, training, and authority

• Improve and expand risk-based processes for collecting and analyzing customer due diligence, enhanced due diligence, and beneficial owner information

• Develop and implement an enhanced risk-based program to ensure the bank, including accounts and sub-accounts provided through third parties, meet compliance obligations in filing suspicious activity reports (SARs)

• Conduct an expanded review of the bank’s suspicious activity monitoring, “including with respect to high risk customer activity involving the Bank’s third-party relationships”

• Implement a program to effectively assess and manage IT activities, including those conducted by third-parties

• Develop a three-year strategic plan that must be submitted to and receive non-objection from the OCC; any significant deviations from the plan must receive OCC non-objection

• Maintain a leverage ratio of 10.00% and total capital ratio of 13.00%

• Submit to the OCC for review and non-objection an acceptable written capital plan

As a result of receiving the order, Blue Ridge Bank is deemed to be in “troubled condition,” which “limits the Bank’s ability to receive expedited OCC review of certain filings.”

Based on the troubled condition determination, Blue Ridge must also notify the OCC prior to adding or replacing a member of its board of directors and must receive prior approval from the OCC and FDIC before entering into agreements to make severance or indemnification payments to “institution-affiliated parties,” which functionally restricts “golden parachute” payments to bank executives.

The new action against Blue Ridge would seem to signal regulators, and the OCC in particular, are far from done with their review of banks engaged in banking-as-a-service business models.

Representatives for Blue Ridge Bank and Unit, a banking-as-a-service platform that partners with Blue Ridge, were not immediately available for comment.

About Fintech Business Weekly

Looking to work with me in any of the following areas? Email me.

• Vendor, partner & investment opportunity advice and due diligence

• Fintech advising & consulting

• Sponsoring this newsletter

• News tip or story suggestion — reach me on Signal at +1-316-512-1571