Trump-led administration predicted to foster a more 'moderate' regulatory climate for Thread Bank CEO

Trump-led administration predicted to foster a more 'moderate' regulatory climate for Thread Bank CEO

In a move to address regulatory concerns, Thread Bank has been ordered by the Federal Deposit Insurance Corp. (FDIC) to strengthen its third-party risk management (TPRM) program, particularly in relation to its Banking-as-a-Service (BaaS) business. This action follows a growing emphasis on TPRM in the evolving landscape of BaaS and crypto-asset safekeeping services.

The consent order requires Thread Bank to ensure its TPRM program addresses the level of risk and complexity of fintech partners in its BaaS program. This includes robust due diligence and risk oversight, ongoing monitoring and controls over third-party performance and data access, compliance with applicable federal and state laws, integration of third-party risks into the bank’s enterprise risk management (ERM), and audit coverage of third-party engagements relevant to BaaS offerings.

To bolster earnings, Thread Bank was also ordered to identify strategies and goals as part of a profit plan. Despite these challenges, the bank's CEO, Chris Black, remains optimistic about the future of BaaS and fintech partnerships. He believes that banks who have endured the current environment will be the standard-setters in this field.

Thread Bank executives are growing their partnerships with existing partners and evaluating potential new ones. The bank aims to partner with companies serving small business and consumer customers, and sees increasing opportunity beyond tech firms, such as companies in specific verticals with strong customer bases. However, Chris Black declined to name any of the bank's fintech partners or specify how many it has.

The bank's roster has experienced some "natural churn, over time," like any portfolio, according to Chris Black. Thread Bank has partnered with middleware fintech Unit and has been confident in its regulatory relationships. The bank's CEO, Chris Black, is hopeful that the second Trump administration will bring a more welcome attitude toward innovation in the banking industry.

In addition to Thread Bank, regulators have taken a harder look at banks' third-party partnerships in recent months, with Evolve Bank & Trust, Blue Ridge Bank, Piermont Bank, Sutton Bank, and Lineage Bank among those hit with enforcement actions related to their BaaS programs. Thread Bank's CEO, Chris Black, stated that the bank has come out stronger after weathering a regulatory hurricane in the banking industry.

The $47 million recapitalization led by Patriot Financial Partners LP and Hermann Companies, carried out in 2020, was intended to address the bank's capital regulatory requirements and to invest heavily in embedded banking capabilities. Bank executives will be closely watching Congressional activity and the banking agencies' response to Congress's approach as indicators of intermediate trends.

The FDIC order also required updates to Thread Bank's strategic plan, enterprise risk management framework, anti-money laundering/countering the funding of terrorism program, and liquidity management policy. Thread Bank was specifically called out by the FDIC for its BaaS business in the consent order. Some banks have opted to exit the BaaS space, but Thread Bank remains committed to its BaaS business and is hopeful about its future. The bank was also required to ensure beneficial ownership information is documented and maintained.

The current regulatory requirements for banks’ TPRM programs in the context of BaaS programs in the United States largely align with existing interagency guidance on third-party risk management, with heightened attention due to the evolving landscape of BaaS and crypto-asset safekeeping services. Key regulatory expectations include robust due diligence and risk oversight, ongoing monitoring and controls over third-party performance and data access, compliance with applicable federal and state fiduciary standards, anti-money laundering laws, and digital asset regulatory requirements, integration of third-party risks into the bank’s broader ERM and internal control assessments, and audit coverage of third-party engagements relevant to BaaS offerings.

These expectations have been reinforced by the 2023 Interagency Guidance on Third-Party Relationships: Risk Management and recently issued joint statements on crypto-asset safekeeping from July 2025, which underscore the need for banks to maintain responsibility even when using third-party sub-custodians, making clear that outsourcing does not reduce a bank’s accountability for compliance and risk control. In the context of Banking-as-a-Service, where banks partner with fintechs or other service providers to deliver banking products, the regulatory focus is on ensuring that banks have transparent contractual arrangements providing for effective supervision and risk mitigation, and maintaining accountability for customers' assets and data, even when managed by third parties.

In summary, banks offering BaaS programs must implement comprehensive TPRM programs that fulfill interagency guidance requirements, emphasizing due diligence, contractual clarity, ongoing monitoring, compliance diligence, and audit oversight to manage the unique risks posed by these evolving service models and associated digital assets.

1. Thread Bank has been ordered by the FDIC to strengthen its TPRM program, especially in relation to its BaaS business, due to the growing emphasis on TPRM in the changing landscape of BaaS and crypto-asset safekeeping services.
2. The consent order requires Thread Bank to ensure its TPRM program addresses the level of risk and complexity of fintech partners in its BaaS program, including robust due diligence and risk oversight, ongoing monitoring, and integration of third-party risks into the bank’s ERM.
3. Thread Bank was also directed to identify strategies and goals as part of a profit plan, despite the challenges presented by regulatory requirements.
4. Despite these challenges, the bank's CEO, Chris Black, remains optimistic about the future of BaaS and fintech partnerships, believing that banks who have endured the current environment will be the standard-setters in this field.
5. The FDIC order also required updates to Thread Bank’s strategic plan, enterprise risk management framework, anti-money laundering/countering the funding of terrorism program, and liquidity management policy, specifically calling out the bank for its BaaS business.
6. In addition to Thread Bank, other banks have faced regulatory enforcement actions related to their BaaS programs in recent months, such as Evolve Bank & Trust, Blue Ridge Bank, Piermont Bank, Sutton Bank, and Lineage Bank.
7. Banks offering BaaS programs must implement comprehensive TPRM programs that fulfill interagency guidance requirements, emphasizing due diligence, contractual clarity, ongoing monitoring, compliance diligence, and audit oversight to manage the unique risks posed by these evolving service models and associated digital assets.

Read also: