Fintech Compliance

All Fintech

FDIC Bank Consent Orders: Key Insights & Examples

Apr 24, 2024




10 min read


Many fintechs partner with banks to deliver their services. Would you like to know how an FDIC consent order can impact your bank partnership? If so, you're in the right place to learn more about FDIC consent orders. 

InnReg fintech regulatory compliance experts have assembled this guide with key insights about FDIC bank consent orders and relevant past examples.

If the bank agrees to the order, FDIC cease-and-desist orders are called "Consent Orders." If the order results from legal proceedings or appeals, it's called an "Order to Cease and Desist." This blog post is dedicated to Consent Orders and their procedural aspects.

FDIC Bank Consent Orders
FDIC Bank Consent Orders

Understanding FDIC Bank Consent Orders

What is an FDIC Bank Consent Order?

An FDIC (Federal Deposit Insurance Corporation) bank consent order is an injunctive type of order that may be issued to a bank for violations of laws, rules, regulations, or unsound banking practices. The FDIC consent order is essentially a formal agreement between the FDIC and a bank that outlines actions the bank must take to address the identified deficiencies.

This agreement aims to address concerns about the bank's safety and soundness without resorting to formal enforcement measures, protecting depositors and guaranteeing the stability of the financial system. 

The receiving party is required to implement particular corrective measures and compliance steps to address issues stated in the order. These measures typically involve implementing new policies and procedures, enhancing risk management practices, or improving internal controls.

Read more: FDIC Enforcement Decisions and Orders

Navigating Consent Order Compliance and Enforcement

Who Monitors Compliance with FDIC Bank Consent Orders?

The FDIC monitors the bank's compliance with the order, and failure to comply may result in additional enforcement action or penalties imposed on the bank. The overarching goal is to urge the bank to swiftly address identified concerns and improve its overall operational and regulatory position.

The FDIC published a Formal and Informal Enforcement Actions Manual, which regulates the FDIC's minimal conditions for rescinding cease-and-desist and consent orders issued under section 8(b) of the Federal Deposit Insurance (FDI) Act.

According to the Manual, the following conditions may result in the termination of cease-and-desist or consent orders:

  • The institution fully complies with all order provisions and has corrected any legal violations, unsafe or unsound practices, or other conditions that resulted in the order's issuance

  • Any provisions deemed "not in compliance" have become out-of-date or irrelevant

  • Any deterioration or any provisions deemed "not in compliance" prompts the issuance of a new or revised formal action.

Are FDIC Consent Orders Public?

Yes, consent orders are public documents. When a regulatory agency, such as the FDIC or the Office of the Comptroller of the Currency (OCC), issues a consent order to a bank, it enters as a public record. 

FDIC Enforcement Decisions and Orders

A searchable database of FDIC Enforcement Decisions and Orders, including bank consent orders, can be accessed on the FDIC website.

OCC Enforcement Actions Page

You can search the Office of the Comptroller of the Currency (OCC) consent orders database:

This resource allows the public, including investors, analysts, and the general public, to learn about the issues addressed in the order, the corrective activities necessary, and any penalties or fines levied.

The FDIC Consent Order Process

The FDIC bank consent order process is a systematic process comprising several essential phases. 

Here is a summary of the process:

Step 1. Identification of Issues: The FDIC identifies deficiencies, violations of laws or regulations, or unsafe or unsound banking practices during examinations or investigations of the bank.

Step 2. Drafting the Consent Order: Based on the identified issues, the FDIC drafts a consent order outlining the specific actions that the bank must take to address the deficiencies and bring itself into compliance with banking regulations and best practices.

Step 3. Negotiation: The FDIC presents the draft consent order to the bank, and negotiations may occur between the two parties regarding the terms and conditions of the order. The bank may propose changes or modifications to the order.

Step 4. Agreement: Once both parties reach an agreement on the terms of the consent order, it is finalized and approved by the FDIC and the bank’s management or board of directors.

By stipulating to the order, the bank is waiving the right to an administrative hearing to challenge the allegations. Eliminating the administrative enforcement hearing allows the bank to avoid lengthy and costly legal proceedings.

If the bank declines to stipulate, the FDIC issues a notice of charges, which starts the formal administrative enforcement proceeding.

Step 5. Implementation: The financial institution must implement the actions outlined in the consent order within specified timeframes. 

Step 6. Monitoring and Compliance: The FDIC monitors the bank’s progress in complying with the consent order's provisions. The bank is required to provide periodic progress reports to demonstrate its compliance efforts.

Step 6. Completion or Termination: Once the bank has fully addressed the deficiencies and complied with the terms of the consent order, the order may be terminated by the FDIC. 

It's important to note that the specific steps and details of the FDIC consent order process may vary depending on the circumstances of each case and the agreements reached between the FDIC and the bank (source).

Successful compliance may result in the termination of the consent order, emphasizing the collaborative effort between the regulatory authority and the bank. This outcome is ideal for the seamless resolution of identified issues and for maintaining the stability of the financial system. 

Conversely, non-compliance may lead to additional regulatory proceedings, unwanted reputational damage, and penalties.

Recent Examples of FDIC Bank Consent Orders

Analyzing real-life cases provides invaluable insight into various regulatory scrutiny challenges that banks face and the accompanying steps required to ensure compliance. 

These examples will deepen your understanding of FDIC bank consent orders and their consequences in the context of regulatory compliance.

Cross River Bank Consent Order

Example 1: Cross River’s FDIC Consent Order

On April 28, 2023, the FDIC issued a consent order against Cross River Bank, one of the leading BaaS providers, alleging non-compliance with the bank's fair lending program and deficiencies in its management of fintech lending partners.

The order requires the bank to conduct due diligence and obtain FDIC approval before entering into any new fintech relationship, significantly limiting the bank's BaaS program. The consent order also compels the bank to take several steps to improve its fair lending and third-party risk management compliance program.

This example illustrates that banks must promptly examine their fair lending regulations and third-party risk management programs. Banks should prioritize compliance obligations, such as reviewing the roles of the board and bank management to ensure fair lending compliance and evaluating the frequency and scope of the bank's procedures for assessing the fair lending risk of its fintech partners.

Need help with fintech compliance?

Fill out the form below and our experts will get back to you.

Discover Bank Consent Order

Example 2: Discover Bank FDIC Consent Order

The FDIC issued a consent order in September 2023 to Discover Bank after discovering failures to establish, maintain, and monitor a compliance management system to comply with consumer financial protection regulations. In addition, neither the board of directors, nor the bank management committed to a compliance or risk management system. The claimed breaches resulted in shortcomings in change management and third-party risk management.

In response, the bank pledged to restructure its supervision, oversight, and monitoring systems by creating enterprise risk management and corporate governance frameworks, as well as consumer and compliance vendor management programs.

Blue Ridge Bank Consent Order

Example 3: Blue Ridge Bank’s OCC Consent Order

The Office of the Comptroller of the Currency (OCC) issued a similar consent order against Blue Ridge Bank in 2022, alleging that the bank engaged in unsafe and unsound operations concerning its fintech relationships.

The OCC required Blue Ridge Bank to adopt, implement, and follow a written program to adequately analyze and manage the risks posed by its third-party fintech connections. According to the agreement, the bank must also obtain a non-objection from the OCC for any future technology agreements. Several additional criteria focus on enhancing risk assessment and controls per the Bank Secrecy Act (BSA).

Shortly after this order, Mr. Michael J. Hsu, Acting Comptroller of the Currency, stated that the OCC was adopting a more targeted approach to assessing banks that use BaaS as a core component of their business model and that the OCC intended to engage more directly with fintechs that work with banks. Mr. Hsu also stated that the OCC is collaborating with other authorities on BaaS issues.

Wells Fargo Consent Order

Example 4: Wells Fargo FDIC Consent Order

Over the years, different regulatory agencies have issued several consent orders against Wells Fargo. The most recent one, issued in December 2022, uncovered numerous infractions and imposed a civil penalty of $1.7 billion. 

Additionally, the consent order required Wells Fargo to pay more than $2 billion in redress to the affected customers and adhere to federal consumer financial law. Some of Wells Fargo's violations included incorrectly applying payments and imposing fees for auto loan servicing, wrongfully rejecting mortgage loan modifications, and unjustly freezing customer accounts.

First Fed Bank Consent Order

Example 5: First Fed Bank FDIC Consent Order

The FDIC issued a consent order to First Fed Bank in November 2023 concerning the bank's relationship with Quin Ventures.

Apart from rectifying all the infractions mentioned in the order, the FDIC mandated that the board of First Fed Bank must engage in actively supervising the bank's compliance management system. Among the corrective measures, the FDIC requested that the company provide a list of all bank products and the names of the third parties that offer them to establish appropriate measures to improve its third-party oversight.

Lessons Learned from FDIC Bank Consent Orders

Collectively, these cases highlight the importance of complying with laws and regulations by effectively managing risks and proactively communicating with regulatory organizations to anticipate and address potential issues in the ever-changing financial services industry.

Recommended Compliance Programs for Banks and Fintechs

What programs should banks and fintechs implement to avoid consent orders?

Banks and fintechs must strategically fortify themselves against consent orders to safeguard their stability and reputation. This section examines crucial programs that these institutions should proactively implement.

Robust Compliance Programs and Audits:

Establish and maintain policies and processes to prevent violations from arising, detect and document existing violations, and resolve any compliance breaches as soon as possible. 

Third-Party Oversight: 

Banks and fintechs should guarantee that their vendors follow regulatory compliance standards and extend the compliance framework to all parties involved.

Training Programs:

Training should focus on a range of critical areas, such as fair lending laws, non-discriminatory practices, consumer protection, vendor management, ethical conduct and professional standards, among others.

Corporate Governance:

The Board of Directors and senior management should actively participate in regulatory compliance-focused discussions and be responsible for the institution's regulatory compliance.

Navigating the FDIC Consent Order Lifecycle

The length of an FDIC consent order can vary depending on the circumstances, such as the severity of the violations and the complexity of required corrective measures. It typically lasts anywhere from 30 to 120 days, as seen from recent FDIC consent orders.

For example, the order issued by FDIC on August 2, 2023, to Citizens Bank provided 30-90 days for the bank to adhere to several conditions and rectify the violations. The order further states the various corrective actions, including measures such as requiring the bank to engage an independent third-party loan consultant, restricting overdraft facilities, reducing the bank’s risk in assets, and extending credit to adversely classified borrowers. 

The Herring Bank was granted an order on October 24, 2023, requiring corrective steps to be undertaken within 30-120 days of the order's issuance. Among the corrective measures, the consent order required the completion of a comprehensive user access review, monitoring and logging plan, independent review of all outside party connections, and inventory management.

While some consent orders may indeed be relatively short-term, lasting for a matter of months, others can extend for much longer periods, even years, particularly if the violations are severe or the corrective measures are complex and require significant time to implement.

In general, consent orders are intended to give the financial institution a reasonable amount of time to correct its violations and demonstrate ongoing compliance with regulatory standards.

Conclusion: FDIC Consent Orders Are All About Perspective

FDIC consent orders are not punishments or criminal cases, although sometimes they carry fines to underline the seriousness of violations. 

Some of the biggest and best banks and financial institutions receive them from time to time because their operations and compliance are constantly under a microscope to ensure public confidence and protection. 

The FDIC and OCC provide fair opportunities to discuss, appeal, or remediate deficiencies and free institutions from having to admit guilt by making voluntary adjustments to policies, procedures, systems or processes to become compliant again. 

Amicable resolutions of FDIC consent orders help financial institutions and the public understand that when mistakes happen, they are quickly resolved in the public's interest. 

If you received an FDIC consent order, our team will provide a tailored solution to reduce negative impact and damage to your organization while validating whether the order has merit. Reach out today for a free consultation.

How Can InnReg Help?

InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013.

We are especially effective at launching and scaling fintechs with innovative compliance strategies and delivering cost-effective managed services, assisted by proprietary regtech solutions.

If you need help with compliance, reach out to our regulatory experts today:

Published on Apr 24, 2024


Last updated on Apr 24, 2024

Latest LinkedIn Posts