Top Executives Exit Evolve Bank Following Regulatory Scrutiny and Security Breach

Three executives at Evolve Bank & Trust have departed following regulatory challenges, a cybersecurity breach, and an enforcement action. The bank has been providing banking services to crypto-friendly fintechs like Mercury and Stripe. The Federal Reserve Board cited deficiencies in the bank's anti-money laundering, risk management, and consumer compliance programs. The bank has been affected by a ransomware attack from LockBit, refusing to pay the demanded ransom, which resulted in leaked data.

The financial landscape of Evolve Bank & Trust has experienced significant turbulence in recent months, leading to the departure of three of its top executives. The West Memphis, Arkansas-based bank, which has been providing banking services to crypto-friendly fintechs like Mercury and Stripe, has faced regulatory challenges, a cybersecurity breach, and an enforcement action from the Federal Reserve Board (FRB) [1].

According to the FRB, Evolve had been engaging in unsafe and unsound banking practices by failing to establish an effective risk management framework for its partnerships with fintech companies. The bank also lacked the necessary risk management program and controls to comply with anti-money laundering (AML) laws and consumer protection regulations. In response, the FRB has ordered Evolve to improve its policies and programs in these areas, as well as other remedial improvements [1].

The departure of the three executives is not the only setback the bank has faced recently. In late May 2024, Evolve discovered unauthorized activity on its systems, which initially appeared to be a hardware failure [2]. Upon further investigation, the bank engaged cybersecurity specialists to address the issue, which was ultimately identified as a ransomware attack from the LockBit group. Despite the attack, Evolve refused to pay the demanded ransom, resulting in leaked data [2].

It is essential to note that the FRB's enforcement action against Evolve is independent of the bankruptcy proceedings regarding Synapse Financial Technologies, Inc. [1]. As the situation unfolds, it will be crucial to monitor the bank's progress in addressing these challenges and implementing the necessary improvements to ensure the safety and soundness of its operations.

References:

[1] Federal Reserve Board. (2024, June 14). Evolve Bancorp, Inc. and Evolve Bank & Trust. https://www.federalreserve.gov/newsevents/pressreleases/enforcement20240614a.htm

[2] Evolve Bank & Trust. (n.d.). Cybersecurity Incident. https://www.getevolved.com/about/news/cybersecurity-incident/substitute-notice-of-data-breach/