BlockRiver Blog | Regulators Are Tightening Banking Partnerships: Neobanks Need a New Path to Crypto Settlement

The regulatory posture toward bank-fintech arrangements has shifted from guidance to enforcement. In July 2024, the Federal Reserve, FDIC, and OCC issued a joint statement warning that banks relying heavily on third parties to manage deposits "can eliminate or reduce a bank's crucial existing controls" and "impair the bank's ability to determine its deposit obligations." That same month, the agencies launched a formal request for information on bank-fintech arrangements, signaling that supervisory action was imminent.

It arrived quickly. In May 2024, the FDIC entered into a consent order with Thread Bank, which offered banking-as-a-service support to multiple fintech applications. The FDIC alleged that Thread, which experienced rapid growth from 2021 onward, failed to scale up its internal operations to match its growth. Under the consent order, Thread agreed to expand its risk assessment and management programs, including by implementing a documented risk assessment of its fintech partners. Thread also agreed to terms requiring its board members to approve risk tolerance thresholds for each individual fintech partner "based on an enterprise-wide financial analysis of each fintech partner's financial projections under expected and adverse scenarios."

Thread is not an outlier. According to data from Klaros Group, 25.6% of the FDIC's formal enforcement actions have been directed at sponsor banks since the beginning of 2024. The pattern is consistent: banks that grew their fintech partnership programs faster than their corresponding risk management and operational capabilities are now under remediation orders. For neobanks that depend on these sponsor relationships, the implications are direct. Every enforcement action against a partner bank creates operational uncertainty, potential service disruption, and reputational exposure.

Survey data from Alloy's 2024 State of Embedded Finance Report found that 80% of sponsor banks reported that meeting embedded finance compliance requirements is challenging in the current environment. These compliance violations have resulted in material financial consequences: 75% of sponsor banks have lost $100,000 or more due to compliance violations, with 39% reporting losses of $250,000 or more. Ultimately, 29% of sponsor banks are considering shutting down or scaling back their embedded finance programs altogether.

This is the environment in which neobanks must now evaluate crypto and stablecoin settlement capabilities. The competitive pressure is real. Stablecoins now transfer more value than Visa and Mastercard, reaching $18.4 trillion in 2024 versus Visa's $15.7 trillion and Mastercard's $9.8 trillion. Stablecoin transfer volume rose from just $3.3 billion in 2018 to $18.4 trillion in 2024, representing one of the fastest adoption curves in financial history. Users increasingly expect instant, around-the-clock settlement, capabilities that legacy batch-processing rails cannot deliver.

But the traditional path to offering these capabilities, building crypto infrastructure in-house or layering it through a sponsor bank partnership, now carries disproportionate regulatory and compliance risk. New guidance on third-party risk management issued in 2024 requires banks to demonstrate continuous oversight of fintech partners, maintain real-time access to transaction data, and clearly define responsibility for AML, sanctions screening, and customer due diligence. For a neobank adding crypto settlement to an existing sponsor relationship, this means expanding the sponsor bank's regulatory surface area into a new asset class, precisely the kind of risk concentration that examiners are now scrutinizing.

The passage of the GENIUS Act in July 2025 has clarified the regulatory perimeter for stablecoins, but it has also raised the compliance bar. On July 18, 2025, President Trump signed into law the Guiding and Establishing National Innovation for US Stablecoins Act, legislation that establishes a regulatory framework for payment stablecoins. Insured depository institution and insured credit union subsidiaries that issue payment stablecoins are subject to the regulatory oversight of their primary financial regulator, and federally licensed nonbank stablecoin issuers are subject to oversight by the OCC. Permitted payment stablecoin issuers must maintain reserves backing outstanding payment stablecoins on at least a one-to-one basis, consisting only of certain specified assets, including US dollars and short-term Treasuries.

In December 2025, the FDIC Board of Directors approved a notice of proposed rulemaking that would implement the application provisions under the GENIUS Act. The GENIUS Act allows insured depository institutions to issue payment stablecoins through a subsidiary and to engage in certain related activities. The GENIUS Act requires the federal banking agencies to adopt a comprehensive regulatory framework for stablecoin issuers by July 18, 2026. Those forthcoming rules will set the baseline requirements for capital, liquidity, reserve assets, and governance.

This creates a structural opening. Rather than assuming the compliance burden of crypto settlement internally, or asking an already-stretched sponsor bank to absorb new asset-class risk, neobanks can embed settlement through regulated, ring-fenced infrastructure providers that operate under their own prudential supervision. The neobank gains access to 24/7 stablecoin rails and instant finality without expanding its own regulatory footprint. The sponsor bank avoids balance sheet exposure to crypto assets. And regulators see a clear separation of responsibilities that aligns with the accountability frameworks they are now demanding.

The architecture matters. A bank's use of third parties to perform certain activities does not diminish its responsibility to comply with all applicable laws and regulations. But the nature of the third-party relationship determines where compliance obligations reside. A neobank that routes stablecoin settlement through a separately licensed infrastructure provider is not layering unregulated crypto exposure onto its sponsor bank, it is accessing a parallel, regulated settlement layer that operates under its own examination framework.

This distinction is not academic. In various enforcement actions, the banking agencies have targeted institutions that purportedly grew their fintech partnerships programs faster than their corresponding risk management and operational capabilities. The inverse proposition, that carefully structured partnerships with appropriately licensed counterparties can manage risk rather than concentrate it, is what regulators have been urging banks to demonstrate.

For neobank product leads, the calculus has shifted. The question is no longer whether to offer crypto and stablecoin settlement, the competitive pressure makes that almost inevitable. The question is how to do so without triggering the kind of third-party risk concentration that regulators are now penalizing. Ring-fenced, regulated infrastructure offers a path: competitive capabilities without compliance contagion.

The regulatory environment will continue to evolve as the GENIUS Act framework matures and agencies finalize prudential standards. But the direction is clear: accountability for fintech partnerships now rests squarely with banks, and banks are responding by demanding cleaner separation of risk. Neobanks that align their settlement architecture with this reality will find themselves better positioned, not just with regulators, but with the sponsor banks whose relationships they depend on.