BaaS Community Banks Under the Microscope: Are They Taking Regulatory Oversight Seriously?

As someone with deep experience in navigating regulatory compliance and improving board governance, I’ve been diving into how community banks specialized in working with FinTechs are handling increased scrutiny from regulators. Spoiler: it's a mixed bag.

These banks, each with less than $10 billion in assets, have been driving growth by partnering with FinTechs and rolling out BaaS (that’s Banking-as-a-Service, for the uninitiated). But with innovation comes a whole lot of scrutiny. And since January 2023, several of these banks have been hit with public fines, Cease & Desist Orders, or Consent Orders, basically the bank regulator’s version of, "We need to talk."

The orders are straightforward when it comes to boards: strengthen board oversight, particularly around compliance, anti-money laundering (AML), and third-party risk management. Some of these banks were also told to set up a Compliance Committee to ensure appropriate supervision. But "tone at the top" matters. Strong leadership, starting with the board, is essential to ensuring these changes are effective. The question is, are these banks taking the necessary steps by bringing in the right expertise?

I looked at 15 banks hit with these regulatory findings. My goal: to see whether they’ve added new board members to address the increased pressure. Based on publicly available information (proxy statements, press releases, and LinkedIn profiles) six of these banks haven’t made any board changes within the six months before or 12 months after their regulatory actions. One bank, Thread Bank, added a board observer with FinTech expertise, but not a full board member.

Table: BaaS Community Banks Regulatory Actions and Board Additions

January 2023 - August 2024

Limited Action Raises Big Questions

About half of these banks are making moves to bring on board members with the expertise regulators want to see, compliance, risk management, fintech chops, that kind of thing. But the other half? Not much action to speak of. And this matters. Board members aren’t just there for the optics, they set the tone for how the bank addresses its most critical challenges, especially under the microscope of regulatory scrutiny.   

For those adding new people, the message is clear: "We’re taking this seriously." For those who haven’t? Well, the message is a little murkier.

It’s also important to remember that these are just the public regulatory actions. Beneath the surface, there’s likely a significant number of Matters Requiring Attention (MRAs) that haven’t come to light yet. MRAs can serve as warning signs for deeper issues, often giving banks a chance to self-correct before more severe enforcement actions are taken. The fact that so many institutions are still dealing with public Cease & Desist or Consent Orders suggests that even more risk and compliance concerns could be brewing behind the scenes.

Conclusion: Doing the Hard Work

Regulatory scrutiny of BaaS models isn’t just going to fade away, it’s only going to increase. Banks need to do the hard work to address their current regulatory findings, starting with board governance. Having the right people in the room can make the difference between regulatory headaches and long-term growth. When the leadership gets it right, regulatory scrutiny can become a roadmap for building a stronger, more resilient institution.

For boards, this is about more than just compliance. It’s about setting up their institutions for future success. Strengthening governance isn’t optional, it’s essential for survival in this evolving financial landscape.