Federal Reserve Board Cracks Down on Arkansas Bank Over Fintech Compliance Lapses

The Federal Reserve Board and Arkansas state regulators have taken formal enforcement action against Evolve Bancorp, Inc. and its subsidiary Evolve Bank & Trust over deficient risk management and compliance controls related to the bank's fintech partnership business model.

In a consent cease and desist order announced Friday, the Fed and Arkansas State Bank Department cited the West Memphis-based bank for "unsafe and unsound" practices involving failures to maintain an effective risk management framework, comply with anti-money laundering rules, and meet consumer protection requirements.

The severe regulatory rebuke stems from examinations this year that identified a litany of lapses in how Evolve was overseeing the banking products and services it offers through partnerships with various financial technology companies, according to the 22-page order.

Evolve has pursued a strategic focus on its "Open Banking Division" that primarily involves providing deposit accounts, payment processing and other services to fintechs who then distribute them to end customers.

However, the order states examiners found Evolve lacked adequate policies, procedures and controls to manage compliance risks, perform customer due diligence, and monitor transactions across this line of business dealing with third-party tech platforms.

Under the terms of the order, Evolve is required to implement sweeping remedial measures, subjecting it to stringent regulatory scrutiny going forward. This includes:

• Overhauling board oversight and risk management specifically for the fintech partnership activities
• Enhancing compliance with Bank Secrecy Act/anti-money laundering requirements through improved policies, monitoring systems, customer due diligence and suspicious activity reporting
• Correcting deficiencies in complying with consumer protection laws and handling customer complaints related to these products and services
• Reviewing past wire transaction activity to identify any missing suspicious activity reporting
• Retaining independent third-party consultants to conduct reviews and validate the bank's compliance overhaul in areas like BSA/AML and transaction monitoring

The order also imposes a moratorium on Evolve establishing any new fintech partnerships, business lines or products without prior regulatory approval.

Limitations were placed on capital distributions like dividends and stock buybacks, as well as new debt issuance to ensure Evolve maintains adequate financial resources during its remediation.

In a statement responding to the order, Evolve said it has already begun taking actions to strengthen its compliance programs and risk management and is committed to meeting regulatory expectations.

The public enforcement action signals the heightened scrutiny regulators are applying to banks rapidly growing their fintech partnership activities and the need for commensurate controls over the unique regulatory risks involved.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.