- The Office of the Comptroller of the Currency (OCC) ordered Charlottesville, Virginia-based Blue Ridge Bank to improve its oversight of third-party fintech partnerships, according to a Securities and Exchange Commission (SEC) filing Thursday. The bank also must bolster its anti-money laundering risk management, suspicious activity reporting and information technology controls after the regulator “found unsafe or unsound practice(s),” the filing indicated.
- The filing did not detail any specific problematic relationship. But Blue Ridge was the subject of an April 2021 letter the Student Borrower Protection Center and other advocacy groups wrote to the OCC over an “income-share” lending option the bank offered in partnership with the fintech MentorWorks, in which students pledge some of their income earned after graduation.
- Blue Ridge and FVCB in January terminated a planned merger that would have created the fourth-largest Virginia-headquartered community bank. The banks delayed the transaction in November over “certain regulatory concerns” the OCC found with Blue Ridge. But neither institution detailed those concerns in publicly available writing. Nor did they blame the OCC’s findings for the disintegration of the tie-up.
Under the order, Blue Ridge must obtain the OCC’s non-objection before entering into any new contracts with fintech partners or adding new products in cooperation with existing partners.
The bank agreed to detail in an “action plan” how it would better monitor suspicious activity, including "high risk customer activity involving … third-party fintech partners."
Blue Ridge, within 10 days, must appoint a compliance committee composed mostly of members from outside the bank to meet quarterly and assess progress. The OCC ordered that panel to provide the regulator — by Dec. 31, and then quarterly thereafter — with details of the corrective actions Blue Ridge intends to implement, the timelines to complete them, the names of the people responsible and status updates on those measures.
The OCC also ordered Blue Ridge to write and implement, within 60 days, guidelines for assessing risks posed by third-party fintech partnerships and addressing how the bank identifies risks from those partners’ products, services and activities, as relates to the Bank Secrecy Act (BSA), compliance, liquidity, credit and operations.
Within 90 days, the OCC wants Blue Ridge to have written BSA risk assessment guidelines, a separate document governing BSA audits and another set of standards meant to assess and manage the bank’s information technology activities, including those conducted by third-party partners.
The audit program, in particular, must have an “expanded scope" encompassing fintech partner activities, and the bank must ensure its BSA department is "appropriately staffed with personnel that have requisite expertise, training, skills and authority," the filing indicated.
The filing did not detail any monetary penalties Blue Ridge may incur from the order.
The bank, however, said it "continues to cooperate with the OCC, and to work to bring the Bank's fintech policies, procedures and operations into conformity with OCC directives,” according to American Banker.
"The Bank's board of directors and management are committed to fully addressing the provisions of the Agreement within the required timeframes, and believe the Bank has made progress in addressing the requirements to date," the bank said.
An OCC spokesperson declined to comment, telling American Banker the regulator does not comment on specific banks or enforcement actions.