It depends. SOX compliance, if they were, actually literally does say the CFO and other officers who signed off on their accounting are liable. That’s the point of SOX. Synapse itself likely wasn’t unless it was preparing for IPO but their banking partners might be.

Their primary partner Evolve bank is not, but it is held to legal standards by the FDIC and other banking regulators and their lack of controls is probably where you might see executive management facing criminal challenges.

However everyone involved could face civil penalties.

If history had been different it’s likely this event would have turned up regulatory scrutiny on fintech precisely for these reasons - a privately held fintech can basically just fuck around and pretend to be a bank leveraging a poorly managed licensed partner holding the risk and abscond through incompetence with everyone’s money and no one suffer a consequence other than the customers. Sadly I don’t expect this to change in the next four years and there’s every reason to believe accountability will get worse as existing regulations and enforcement are potentially gutted. So caveat emptor is likely the law of the land until something so huge happens it can’t be ignored.

Seems like a rather large moral hazard if we don't?

At some point the courts should be able to say "ok fine you were the directors responsible for the company you're going to prison n years, sorry."

Bet we'd see a lot more documentation suddenly appear.

Command responsibility applies here. CEOs get multiple times their average employee's pay because of their responsibility, which should include responsibility to know when stuff goes wrong.

You have to prove the bank robber did it too? Why is it that we wiretap phones, subpoena companies, search homes and detain people for the lowest of drug crimes but everyone throws their hands up here?

Like, how did you expect to make a case if you don't do anything?

If you're a CEO running a business that sells what they call 'savings accounts' worth hundreds of millions of dollars and even have a system in place where it's even possible to make "'very large bulk transfers' of funds without identification of who owned the money" then you should be responsible for that. There's a good reason this doesn't happen at banks-- it can't. They have redundant business processes in place that prevent it from happening in the first place, and are constantly redundantly reconciling their transactions so if it does happen, it gets caught and corrected immediately. Not only did it happen, it happened without being able to figure out where the money even went.

Let's say I ran a company that made a product that I acknowledged is extremely dangerous without this one safety mechanism. Instead of creating multiple redundant systems to ensure that safety mechanism is in place, I just trust that some guy takes care of it without being absolutely certain-- it's expensive, annoying time consuming, blah blah blah. When a bunch of people get hurt because that guy pocketed the cash that was supposed to go towards that safety feature, hell yes I should be criminally responsible. It's negligence.

>Because if you allow it, you'll have hundreds of these everyday. The law is there to "scare" others from doing it not punish the perpetrator. On the other hand, you don't have hundreds of fintech startups raising millions >every day.

Surely the scale of harm caused is the metric here, and not the frequency of potential crimes individually committed

Sentencing? Who’s been charged? The article implied that regulatory bodies haven’t even raised an eyebrow— the parties are in mediation and synapse said they don’t even have enough money to audit their books, and are just sort of shrugging their shoulders about it. And doesn’t white collar crime need to be discouraged too? Probably even more so considering the scale of the impact? Hundreds of millions of dollars, uninsured. Maybe if the cops went around major metropolitan business districts frisking every middle aged person in upscale business casual attire with an expensive haircut to search for wire transfer receipts because they ‘met the description’ then extremely consequential white collar crime would be less frequent than it is.

For $96 million, I would be a flight risk.

This is not true for fiduciary accounts, which are covered per principal. So FDIC coverage should extend to all customers if the account was properly declared.

This isn’t accurate. A fintech’s own money (as opposed to customer funds) may have low insurance. But if set up properly, those customer funds can have pass through FDIC insurance. See https://www.fdic.gov/financial-institution-employees-guide-d...

However this apparently doesn’t protect you from the failure of the third party, which is what is unexpected. If you look at this bulletin the FDIC put out after the Synapse incident, they’re basically claiming they aren’t stepping in because a bank hasn’t failed. A fintech that isn’t the bank, but has records of what’s at the bank, failed.

https://www.fdic.gov/consumer-resource-center/2024-06/bankin...

Personally, I find the explanation to be pretty weak - what does pass through insurance even mean then? Does every fintech startup need to also directly be a bank - if so that’s a huge barrier to entry and basically gifts incumbents with regulatory capture. If the money is in an FDIC protected account, it should be safe. It does not make sense to me that they would step in for Silicon Valley Bank’s failure, but not in this situation.

One weird part of the situation is that it seems the underlying bank does not have records about each customer and their numbers. To me that seems negligent on the part of the underlying bank. Surely they knew about this arrangement of pass through insurance and the need to protect funds. They should have maintained separate accounts for each client of the third party service. Regardless of negligence it seems the FDIC is trying to make this record keeping a requirement: https://www.fdic.gov/news/press-releases/2024/fdic-proposes-...

That's not true in the US generally (FDIC "pass-through insurance" is a thing).

The problem here wasn't a lack of FDIC insurance, but rather a lack of record keeping that allowed attribution of insured balances to individual beneficiary account holders.

That's batshit insane.

Large banks have gone to great lengths to teach people that banks can never be trusted

It should be a protected term in advertising. As soon as you use it, you surrender yourself to FDIC auditors.

It serves the same purpose as asking customers "are you a terrorist" -- it creates an easily prosecutable offence.

What specific regulation would have prevented this? Or is this just a knee jerk response against "deregulation"?

Sounding edgy doesn't really mask the fact you have no idea what you're talking about. See https://en.wikipedia.org/wiki/Dodd%E2%80%93Frank_Wall_Street... for example

And to add to this, I think it was JC Penny that called this "80% OFF" sale out and stopped doing that. The result, they came very close to Chapter 11. They ended up reversing that policy just to stay in business.

This is just one example of how really stupid the Average American is. The past election also just proved how dumb the average person is in the US.