It feels like with every week that goes by, there is another regulatory action, Matter Requiring Attention, fine or rumor swirling around the Embedded Banking space.
The clear message? Compliance is effectiveness, and if you are ineffective, you’ll be punished.
Another week, another news story
It is no longer a secret that banks, BaaS programs, and program management platforms have undergone significant scrutiny following the fall of FTX in 2022 and Silvergate, Signature, and Silicon Valley Bank earlier this year.
In fact, we have seen more formal regulatory action this year against embedded banking, embedded payments, and BaaS programs than ever before. As recently as this week, The Federal Reserve Board of Governors and the New York State Department of Financial Services have ordered New York-based Metropolitan Commercial Bank(MCB) to pay a total of $30 million in fines for violations of customer identification rules and for deficient third-party risk management practices relating to the bank's issuance of prepaid card accounts.
This comes on the heels of a number of other fines, penalties, orders and MRAs issued in recent months, and rumor is that this is not ending anytime soon.
The message is effectiveness matters
When I was Head of Financial Crime at a regulated bank, I remember endless conversations about how we could measure, improve, and evidence the effectiveness of our financial crime controls. Back then, the only way to attempt this was by manually dip sampling a tiny percentage of accounts - 1% if we were lucky.
Regulators have made it pretty clear with the latest action against MCB, as well as the very clear message in the now infamous Blue Ridge order, that effectiveness really does matter, and that dip sampling records are no longer sufficient.
Financial crime is more prevalent and criminals are more creative than ever before. This paradigm has created a complex landscape that requires a change in our approach to testing financial crime control effectiveness.
The change in approach is automated effectiveness testing, and that is why I started Cable.
With automated effectiveness testing, you can see immediately when any single regulatory requirement has been breached or control has failed, based on continuous monitoring of 100% of your accounts and transactions. You can align priorities, terminology, and remediation steps all within an auditable paper trail, finally providing the evidence you need to explain to your executive team, board, auditors, and regulators what your compliance situation really is.
To continue discussing why compliance is effective, we will be hosting a series of discussions on the topic of current regulation and how to best prepare yourselves and your fintech partners.
The first of these is on Thursday, November 16th, when we will invite a number of banks to share how they are weathering the current storm and advice on how to set banks up for success in 2024 and beyond. We hope you will join us.