Thread Bank regulatory action calls out its BaaS business

A consent order against Thread Bancorp from the Federal Deposit Insurance Corp. calls out its banking-as-a-service business by name.

This is unusual because the terms "banking-as-a-service" and "BaaS" are largely absent from consent orders issued by the FDIC, including those against banks predicated on these types of fintech relationships. The consent order issued against Lineage Bank in February, which brought up "BaaS" nine times, is one exception.

Typically, the language is a generic "third party" or "partners," said Jason Henrichs, founder and CEO of community bank consortium Alloy Labs Alliance, via email.

The filing, which was made public on Friday, requires the Rogersville, Tennessee-based Thread to formalize certain financial goals in its profit plan, improve oversight and due diligence of its fintech partners, bulk up its anti-money laundering and counter-terrorism financing program, and review liquidity funds management. 

Folded into the oversight piece is a stipulation that beneficial ownership information be documented and maintained — a complication at the heart of a complex legal situation involving bankrupt middleware provider Synapse and its partner financial institutions, notably Evolve Bank & Trust, in which $85 million of customer deposits are unaccounted. 

BankThink Synapse's failure is nobody's responsibility and everybody's problem

The bankruptcy of fintech middleware provider Synapse has left thousands of customers unable to access their savings, with seemingly no one empowered to put it back in their hands. Regulators and lawmakers need to do something about it, but first they need to talk about it.

June 25

John Heltman

American Banker

The consent order took effect on May 21.

"We are dedicated to meeting all obligations, and we have already made substantial investments to improve our policies, processes, procedures and controls over the past three years, all in collaboration with the FDIC and the Tennessee Department of Financial Institutions," said Chris Black, CEO, president and director of the $722 million-asset Thread Bank, in a statement on Friday. "We will continue to invest in our teams and services to ensure we meet the needs of, and provide strong protection for, our customers and partners as we move forward." 

The requirement to develop and maintain an exit plan jumped out at Andrew Grant, partner at Runway LLC, a legal consulting firm for those involved in innovation efforts at financial services companies and fintechs. 

"Others have talked about wind-down plans but this is the first time I remember it being called out so explicitly," said Grant, who reviewed the consent order. 

The "exit plan" is more of a contingency plan, in his view, for managing interruptions in the bank-fintech relationship. But the requirement to monitor third, fourth and fifth party relationships and have a plan for notifying customers, external stakeholders and regulator agencies of a service disruption stood out to him. 

"It's this idea that you need to have insight into the whole supply chain, and what will happen if something goes wrong?" he said.

The consent order is one in a long line of enforcement actions against banks engaging in banking-as-a-service relationships, including Evolve Bank & Trust, Sutton Bank, Piermont Bank, Blue Ridge Bank and others. 

"Regulators need to find ways to encourage innovation and not simply look to consent orders and penalties to regulate," said Phil Goldfeder, CEO of the American Fintech Council, in an interview. Thread Bank is one of the AFC's members. "Banks are responsible for their partners and the innovation they embrace. Banks are also responsible to maintain a gold standard for compliance, but that requires clarity and rules of the road from regulators."

Chris Napier, a partner at Mitchell Sandler, sees this action as consistent with the FDIC's continued scrutiny of banks involved in this space, as well as its past actions. 

"While the order against Thread addresses certain safety and soundness issues that have not appeared in similar orders, I see those particular terms as issues specific to that bank and not necessarily reflective of BaaS models more generally," he said via email. "I also do not necessarily see this line of consent orders as an indictment of BaaS relationships more broadly, but rather as an outgrowth of concern among regulators that the banks most active in this space have tended to be small institutions that they fear lack the resources and capacity to properly manage the risk."

A group of investors and private equity firms recapitalized Volunteer Bancorp and its subsidiary, Civis Bank, in May 2021. The bank was renamed to Thread in May 2022.

"What Thread seeks to do is deploy embedded banking into Main Street economies, small business banking solutions, and consumer banking solutions, but digitally instead of within brick and mortar branches," said Black, the bank's CEO, in a March 2023 interview with American Banker. 

In the same interview, he said the bank's partners are better than most banks at acquiring customers and developing a good user experience.

However, "We are a risk management and regulatory compliant bank first," he said. "We will not compromise those duties as a fiduciary to our shareholders, our customers and our regulators."