The OCC issued a consent order against Community Federal Savings Bank (CFSB), a small New York-based bank with under $1 billion in assets, citing serious AML deficiencies tied to its fast-growing payment-processing business. CFSB has roughly quadrupled in size since 2020 after launching a merchant-acquiring division and positioning itself as an issuing sponsor for fintech-branded debit cards.
The OCC found faulty suspicious activity monitoring, ineffective customer due diligence, and risk management that failed to keep pace with the bank’s rapid transaction volume growth in wire transfers and ACH activity, including with foreign institutions. The agency noted its concerns were largely unrelated to digital asset customers specifically. CFSB must complete a comprehensive end-to-end review of its compliance program, overhaul internal controls and CDD processes, and engage an independent consultant for a “look-back” review to assess whether additional SARs need to be filed or prior filings amended. The OCC reserved the right to assess a fine later.
What you should do: OCC and regulatory actions against Fintech may have slowed down, but they aren’t going away. This case illustrates the core risk of fintech partnership banking: rapid growth in transaction volume without proportional compliance infrastructure upgrades.
Consent order: www.occ.gov/static/enforcement-actions/eaAA-ENF-2025-21.pdf