Cross River Bank enters consent order with FDIC over fair lending compliance practices

Fair Lending Compliance
In re: Cross River Bank
Date: May 18, 2023

Issue: Cross River Bank’s consent order with the FDIC over unsafe fair lending compliance allegations.

Case Summary: Cross River Bank entered a consent order with the FDIC to resolve claims the bank engaged in unsafe or unsound fair lending compliance practices.

CRB is widely considered to be the largest and among the most sophisticated banking partners of financial technology companies. The bank provides technology infrastructure to fintech firms and technology companies.

CRB has a charter that allows it to originate and sell loans issued to consumers and small businesses through CRB’s lending partners. Fintech firms cannot obtain a traditional bank charter and partner with banks such as CRB to make loans. The bank also enables money movement for payment processors and collects funds for lending programs.

CRB allegedly failed to establish and maintain internal controls, information systems and prudent credit underwriting practices. CRB is required to promptly “self-correct” any violations of fair lending laws, and “appropriately address” the alleged deficiencies and weaknesses identified in its lending activities. CRB neither admits nor denies it engaged in these practices.

The consent order requires CRB to make three immediate changes. First, CRB must strengthen lending and third-party compliance controls. The bank must increase supervision and oversight of internal controls, information systems, credit underwriting practices and internal audit systems relating to its marketplace lending. Under the consent order, CRB’s fair lending compliance obligations will also include marketing practices associated with its credit products. This includes: considering the terms describing a credit product in its marketing materials; contractually requiring the recordkeeping of marketing materials in its agreements with new third parties; and overseeing the terms and conditions in marketing materials about a credit product distributed by a third party.

Second, CRB must comply with credit product and third-party disclosure and non-objection processes. CRB must identify all its credit products and all third parties offering its credit products, and then seek FDIC’s written non-objection before offering new credit products or partnering with new third parties. These non-objection requirements imposed extensive due diligence obligations on CRB when offering new credit products or permitting new third parties to offer its products.

Lastly, CRB must prepare assessments and reports on information systems and fair lending. CRB must engage independent third parties acceptable to FDIC to prepare certain assessments and reports on CRB’s information systems and fair lending compliance. These assessments will evaluate whether each third party offering one or more CRB credit products for a six or months complied with applicable fair lending laws and regulations. In addition, CRB must prepare a written report reflecting the findings of the fair lending compliance assessment.

Bottom Line: The consent order suggests heightened FDIC scrutiny of bank-fintech partnerships.

Documents: Consent Order