In mid-2021, Blue Ridge Bank (BRB) and FVCBankcorp announced their merger. Nearly six months after the announcement, FVCBankcorp disclosed that the Office of the Comptroller of the Currency (OCC) had identified “certain regulatory concerns” with Blue Ridge Bank that could impact the merger application process and timing of the merger. This small news item, not really high on anyone’s radar, may seem minor to some, but in reality, this is a milestone moment in the evolution of fintech and definitely in the evolution of embedded finance.
Not all partnerships are created equal, and having the right embedded finance partner can be the difference between successfully launching sustainable, reliable financial services to your customers versus potentially becoming embroiled in damaging regulatory headaches that forever tarnish your brand’s reputation.
Choosing an embedded finance partner who is facing regulatory scrutiny directly or through a bank partner can affect the reliability of your offering, thereby eliminating any advantage of offering fintech solutions to customers and supporting the reputation and business of established brands.
In the statement, FVCBankcorp said, “Blue Ridge Bank had already commenced an initiative intended to fully address the OCC's concerns." It followed with Blue Ridge Bank’s CEO saying, "While we have additional work to do, we believe the OCC's concerns are ones that we can solve in a timely fashion and do not materially impact the strategic rationale of the merger."
A couple of months later, FVCBankcorp and Blue Ridge Bank announced that the merger had been called off. Apparently, the remediations that Blue Ridge Bank had to implement were not done, and the deficiencies were more significant than what was initially disclosed.
Why did the merger fall apart? At the end of August 2022, Blue Ridge Bank disclosed in an 8-K filing that it had entered into a formal written agreement with the OCC (the “Agreement”), which can be found here.
Several important deficiencies were identified
In the Agreement, the OCC noted that it had found “unsound and unsafe practices” at Blue Ridge Bank in the following areas:
- Third-Party Risk Management
- BSA/AML Risk Management
- Suspicious Activity Reporting
- IT Controls and IT Risk Governance
These deficiencies touch almost every component of Blue Ridge Bank’s control framework and are significant and meaningful. The shortcomings are detailed in the Agreement and represent a systemic failure touching every department and a complete failure in Blue Ridge Bank’s ability to onboard and manage fintech relationships.
Clearly, there was a breakdown in controls and material deficiencies throughout the Blue Ridge Bank organization. In the Agreement, the OCC specifically calls out Blue Ridge Bank’s third-party fintech partnerships. The OCC’s concerns about Blue Ridge Bank’s ability to manage its third-party fintech relationship were to the point that Article III, Section (3) of the Agreement states: “Prior to onboarding new third-party fintech relationship partners, signing a contract with a new fintech partner, or offering new products or services or conducting new activities with or through existing third-party fintech relationship partners, the Board shall obtain no supervisory objection from the OCC. At a minimum, the bank shall submit the due diligence package including supporting documentation, any proposed contract, and any management or board committee minutes approving the relationship.”
What does this mean?
Blue Ridge Bank will need to obtain prior regulatory approval from the OCC before onboarding any new programs or services for its fintech partners. If you are seeking an embedded finance partner that is not licensed and works with Blue Ridge Bank or with a bank under similar conditions, your program will be subject to greater risk, scrutiny, and prior approval by the OCC before it can launch.
And if successfully launched, it will be subject to a great degree of business continuity and reputational risk as it could be subject to termination or part of subsequent enforcement from the OCC or other regulators if Blue Ridge Bank can’t address these deficiencies in a timely manner.
Key takeaways
Blue Ridge Bank has their work cut out for them in the years ahead if they wish to onboard and support fintech businesses aiming to partner with them. Furthermore, Blue Ridge Bank requires approval from the OCC prior to onboarding any fintech, offering any new products or services, and conducting any new activities through an existing fintech partner.
When it comes to launching an embedded finance program in your business, here's what matters:
- The importance of having a robust and comprehensive enterprise-wide risk management and compliance program that satisfies bank partners and regulators. One that serves as a differentiator and that allows you to build long-term partnerships and establish and maintain the confidence of your partners.
- The importance of establishing a regulatory framework and strategy where embedded finance providers to non-financial entities are not entirely dependent on a third-party bank or a third-party provider that they have no control over.
- The importance of having partners that have a comprehensive compliance and risk management program themselves. Yes, the ones that make you jump through hoops and go above and beyond are the best to have because they keep you honest, help keep your reputation clean, and provide you with greater reliability.
If you are a business or brand looking to partner with an embedded finance company, due diligence is key to the success of your offering and to your reputation. Ask the following questions of your prospective embedded finance provider(s):
- Are you licensed? Besides the many other advantages they provide, regulatory licenses are a safety blanket that help ensure the embedded finance provider has a safe and reliable operation that has been vetted and approved by its regulators.
- Who are your bank partners? Are they under scrutiny or regulatory enforcement that places my ability to launch or maintain my desired financial services offering at risk?
- What is the makeup of your compliance and risk management program? How can I be sure that my brand’s reputation is protected?
At Alviere, we make the compliance and risk reduction practice a core priority and an integral part of our day-to-day culture and long-term strategy — it’s been in our DNA since our founding. Good reputations take years to build and can be destroyed by one weak choice. Alviere ensures reliable, trusted, and valued brands keep their reputations intact for their loyal customers.
