Effects of Enforcement Actions on Fintech

Ryan Salame just demonstrated that in FinTech/Crypto, “move fast and break things” can be very dangerous. Most of the media coverage about the former chief executive of FTX pleading guilty yesterday to multiple charges focused on the $1.5bn asset seizure order and the possible 10 year jail sentence he faces. But delving into the specific charges contains a valuable lesson for FinTech/Crypto companies. Specifically, one charge that Salame pled guilty to was the dry sounding “Conspiracy to Operate an Unlicensed Money Transmitting Business.” The background was FTX had no bank accounts to handle customer deposits/withdrawals. FTX tried to open one, but their bank (likely Silvergate) refused without FTX having the needed registration and licenses (money transmitter business license, primarily). Rather than let that slow them down, Salame and SBF pushed forward. Initially, they illegally used the bank accounts of Alameda (SBF’s trading businesses) for FTX customer deposits/withdrawals. Knowing that was not a durable solution, they then incorporated a new entity, misrepresented that entity’s business (not disclosing it would deal with FTX’s customers and was not licensed), and opened a bank account. That behaviour might have hewed well to the disruption ethos of many in tech (think the early days of Meta and Alphabet). But financial services is different as it is heavily regulated. This underscores the unique complexity of FinTech/Crypto. The need to balance the disruptive possibilities of new technology against a very well-established regulatory infrastructure. Many correctly cite the need for regulatory change for novel technologies Iike crypto. But they must also understand many foundational regulations in financial services are not up for debate: protection/separation of customer funds, KYC, anti-money laundering, anti-terrorism financing, sanctions compliance (to name but a few). Those FinTechs/Crypto companies that manage that balance between disruption and compliance will be successful. Those who don’t……. As Salame has aptly demonstrated yesterday, you can’t ignore financial regulations because it slows you down. In financial services, “move fast and break things” can easily land you in jail. Ex-FTX Executive Salame Pleads Guilty to Criminal Charges https://lnkd.in/eG2Vvytc

The Federal Reserve Bank of Philadelphia issued an enforcement action against the $21B asset, Customers Bank. Another blackeye for the #baas #fintech banking world. While there are some general #risk management issues, the majority of the 13-page order is with regard to "significant deficiencies" in their #AML and #OFAC program that covered both mainline bank AND their #digitalassets and instant payments business. The general risk issues were for their digital assets business. But the rest appear to be across the whole bank. As always, the pdf below gives you the highlights. But the notes show some interesting trends as it relates to the last few batches of failing AML programs: NEW trends - 1) Investigatory standards as an integral part of any effective suspicious activity program. This is the 3rd order in recent memory that specifically highlights this deficiency. It is basic, but makes sense. If you have a big team (and outsource any part of that function to a 3rd party) - you *must* have clear investigatory standards, to include *what* will be researched (OSINT), types of analysis (not just general "perform analysis on transactions"), expectations for work product (critical thinking is a good req) and the escalation path. 2) OhhhhFAC! It is here to stay... well technically, its been here since the 1950's. But no one seems to really care about it. This is the third time in the last 2 months of orders where federal banking agencies are penalizing #banks for issues related to mgmt of risks. Finally! The deficiencies they outlined all pointed to a lack of adherence to the US Treasury's OFAC Framework document that is out there for everyone to operationalize. 3) Poor KPI reporting. I've had 4 conversations in the last week about this. Trad KPIs used at board reporting levels 📢 Do.Not.Fit.AML. Period. Stop trying to fit a square peg into a round hole. It has a bigger impact than you think. It snowballs... see pg. 3 re: ineffective board and bad data... and then look at pgs. 5-10... the result. Sh*tty KPIs lead to bad oversight by the board, which leads to AML deficiencies, which leads to an order. 4) "Source of wealth" - noted as a must have part of the #CDD program. Haven't seen that in the US, in some time. Looks like an examiner either has experience in auditing private wealth OR they see what other countries require. I like it! OLD trends - 5) Staffing. Again. Again. Again. When will banks learn? 6) Alert dispositions must have evidence of critical thinking. Hint... #AI won't solve this problem. 7) Effectiveness testing for the suspicious activity monitoring system. Literally in every order, yet every publication I see re: "model validations" is about statistical nonsense. No room for testing true effectiveness, but rather performance measurements under the guise of "effectiveness". Two more in the comments below! #ifollowdirtymoney

Fed hits Synapse Partner Evolve Bank with Enforcement action (quoted from the article) Evolve Bank & Trust was hit with a Federal Reserve enforcement action Friday over shortcomings in the bank’s anti-money laundering, risk management and consumer compliance programs. An examination last August revealed West Memphis, Arkansas-based Evolve, a partner bank of bankrupt fintech middleware firm Synapse, engaged in unsafe and unsound banking practices “by failing to have in place an effective risk management framework” for its fintech partnerships, the Fed said in a Friday release. The order was issued jointly with the Arkansas State Bank Department on Tuesday and reflects - The bank’s agreement “to take certain measures to further bolster our compliance oversight and enterprise risk management functions.” - Strengthen board oversight of the bank’s management and operations and its compliance with Bank Secrecy Act/AML requirements and Office of Foreign Assets Control regulations. - Submit a plan to enhance its risk management framework around its fintech partnership , featuring policies and procedures to identify risk associated with partners and programs - Steps to ensure staff have sufficient expertise and independence, and that staffing levels are adequate - Steps to quickly identify and report risk exposures related to fintech partners, programs or services - Measures to make sure the bank’s board gives approval in writing before on new fintech partners or adds products or programs with those partners. - Tap an independent third party to review its fintech partner program for compliance with consumer laws and regulations. That third party will draft a report with its findings and recommendations. - Design a written plan to improve its capital risk management in consideration of its fintech partnerships and activities, evaluate the adequacy of the bank’s capital, include measures to improve the bank’s capital planning framework, accounting for its “elevated risk profile” and fintech partners - Come up with a plan to improve its liquidity risk management, with respect to fintech partner activities “and significant funding concentrations.” - The order included conditions mandating that the bank improve its lending and credit risk management policies related to its fintech partnerships - Enhance its interest rate risk management practices; correct IT and information security deficiencies - Bolster its internal audit program. - Evolve failed to maintain a risk management program or controls sufficient to comply with AML and consumer protection laws, the Fed said. #enterpriserisk #fintechduediligence #liquidity #AML #internalaudit #ITcybersecurity https://lnkd.in/g6u6wiAf