Financial institutions must be prepared for regulatory enforcement actions like consent orders and cease and desist orders. It seems like every few weeks, a new bank has a negative headline in the news after a consent order issues for poor risk management controls. While these consent orders result from varying issues from fake account scandals to insufficient capital controls, many of them come down to letting through the wrong customers.
The scale can vary. Many consent orders are issued because a bank has poor control over identity verification and entity resolution (e.g. they were letting through an unsafe amount of fraud or found themselves open to money laundering). But it can go all the way to a bank falling under a consent order after letting through accounts that were financing terrorism.
The Regulatory Landscape and the Complex Web of Financial Oversight
A consent order is a binding legal order issued by financial regulators that requires an institution to formally address significant violations of regulatory standards. The regulatory landscape for financial institutions is complex, with oversight from agencies like the Financial Crimes Enforcement Network (FinCEN), Consumer Financial Protection Bureau (CFPB), Office of Foreign Assets Control (OFAC), and various prudential regulators at the federal and state level. Enforcement actions can stem from regularly scheduled exams, referrals from other agencies, or law enforcement investigations into suspicious activities.
While consent orders are “agreed upon” with the institution, the process of negotiating the terms is hardly a negotiation at all. Before news breaks of a consent order, a bank would have been contacted months in advance with potential violations. The orders contain detailed Matters Requiring Attention (MRAs) that the institution must address through extensive remediation efforts over several years until ultimately being released from the order. Since 2020, financial institutions have been hit by “regulation by enforcement”, where regulatory agencies are trying to instill stricter controls.
The Impact of Consent Orders: Beyond the Monetary Penalties
The impacts of a consent order go far beyond just the monetary penalties. Companies can see an immediate 5.5% stock value decline when an order is announced, followed by long-term reputational damage. Regulators also levy substantial fines, but they are dwarfed by the costs of remediation. For many compliance officers, receiving a consent order can be career-altering.
In addition, sponsor banks that use their services for fintechs or loyalty credit card services are also at greater risk of consent orders or even cease and desist orders due to the difficulty of digital identity verification. For fintechs and banking partners, a consent order at a sponsor bank means increased scrutiny as fintechs are considered “virtual branches.” Because sponsor banks are currently facing systemic enforcement actions related to their banking-as-a-service model, fintechs need the robust compliance controls, oversight, and decision logic management across the entire partner portfolio.
Regulators now require sponsor banks to have demonstrable control over onboarding and entity resolution, no matter where they come from. This goes beyond basic customer identification programs (CIP) and into oversight of identity fraud settings, document verification, and fraud scorecards as well as behavioral transaction monitoring, Customer Due Diligence and Know Your Customer and customer risk ratings.
Proactive Compliance: Transforming Regulatory Burdens into Competitive Advantages
The best way to fix a consent order? Get your house in order beforehand. Many times, regulators will perform an assessment and give tips or warnings that a problem needs to be fixed. You can make compliance an advantage in the first place by implementing the best technologies and oversight available. If a bank is under a consent order, implementing better identity verification can be one of the remediation tactics.
Solutions like Socure’s Portfolio Scrub and Control Center platform can help institutions proactively identify risks, update customer information, quantify customer risk scores, enhance decision logic and controls, and demonstrate compliance. These tools also come with a clear audit trail and a unified ID verification solution to make complying with regulations easy. Socure also offers a sanctions watchlist solution to weed out flagged identities. With the right tools in place, financial institutions can navigate consent orders, mitigate risks, and manage their regulatory responsibilities with confidence.
For more information on how to deal with consent orders and their impact on sponsor banks, read our new eBook on the changing compliance environment.
While consent orders are highly disruptive events, having a clear understanding of the process and impacts can position institutions to turn compliance requirements into a strategic advantage through well-executed remediation efforts. Robust identity verification is one of the first things a regulator will ask for when making these changes, so one may as well get ahead of the game.
Debra Geister
With more than two decades of experience in the banking compliance and anti-money laundering industries, Geister is a recognized leader in the financial crime detection field. She has worked with many of the largest financial institutions as well as technology and data companies, both global and domestic, to help eliminate and reduce money-laundering, fraud, and related financial risks.