Retail BankingPolicy ViolationAgentic WorkflowHigh

FDIC issued a consent order against Cross River Bank over unsupervised algorithmic lending

The FDIC entered Consent Order FDIC-22-0040b against Cross River Bank, citing unsafe and unsound fair lending compliance practices in its marketplace lending program. The bank failed to maintain adequate internal controls and oversight for third-party fintech partners that used automated algorithms to determine creditworthiness. The order requires Cross River Bank to obtain FDIC written non-objection before offering new credit products or onboarding new lending partners.

Cross River Bank · Incident May 18, 2023 · Indexed Jun 4, 2026 · 3 sources

Cross River Bank let fintech partners run automated credit decision algorithms without examining whether the models produced discriminatory outcomes.

Key facts

What
The FDIC entered Consent Order FDIC-22-0040b against Cross River Bank, citing unsafe and unsound fair lending compliance practices in its marketplace lending program.
Incident date
May 18, 2023
Who
Cross River Bank
Failure mode
Policy Violation
AI surface
Agentic Workflow
Severity
High

What happened

The FDIC entered Consent Order FDIC-22-0040b against Cross River Bank, finding the bank engaged in unsafe and unsound fair lending compliance practices and violated the Equal Credit Opportunity Act and Truth in Lending Act. The bank, which serves as the originating lender for numerous fintech partners through its marketplace lending platform, failed to establish adequate internal controls, information systems, and credit underwriting practices for loans originated through third-party platforms using automated algorithms. The consent order requires Cross River Bank to seek FDIC written non-objection before launching new credit products or partnering with new third parties, and to conduct comprehensive fair lending risk assessments of all existing lending partners and their credit models.

What broke inside the model

Failure path · mode profile · Policy Violation
  1. 01 · TriggerA prompt pushes against a deployment boundary.
  2. 02 · Model stepThe model produces the disallowed output.
  3. 03 · Control gapNo enforcement blocks it at generation time.
  4. 04 · FailureThe output crosses the policy line.
  5. 05 · ConsequenceA limit the business set is breached in public.

The output crosses a policy boundary the deployment had defined.

Cross River Bank's oversight mechanism failed because it did not examine the automated algorithms, models, and variables its fintech partners used to make credit decisions, allowing potential discriminatory patterns to go undetected. The bank lacked processes to assess whether third-party lending models complied with fair lending requirements and failed to require partners to retain marketing materials for compliance review. Without visibility into the algorithmic decision systems, the bank could not identify or self-correct fair lending violations originating from its partners' technology.

What it cost

Public visibilityHigh
Regulatory exposureActive
Customer impactClass-wide
Financial impactUnknown
Time to disclosureMonths

Sources

  1. Court FilingConsent Order FDIC-22-0040b, In the Matter of Cross River Bank, Teaneck, New Jerseyorders.fdic.gov
  2. PressCross River Bank enters consent order with FDIC over fair lending compliance practicesbankingjournal.aba.com
  3. PressIn Cross River Consent Order FDIC Focuses on Marketplace Lending and Third Party Lending Issuesktslaw.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/fdic-issued-consent-order-against-cross
CitationAI Failure Index. "FDIC issued a consent order against Cross River Bank over unsupervised algorithmic lending" (FI-0087). Realm Labs. https://failureindex.ai/failures/fdic-issued-consent-order-against-cross (indexed Jun 4, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0087. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard

Realm compares what the model is about to output or do against the policy that governs the deployment, in real time, and can deny or redact the action before it takes effect, which is the gap an after-the-fact review never closes in time.

Book a Demo

Related failures

Other records that share this failure mode (Policy Violation) or industry (Retail Banking).

FI-0482HealthcareHigh
Policy Violation

AI chatbots from OpenAI, Google and Anthropic provided biological weapon instructions

Major LLMs from OpenAI, Google, and Anthropic were found to provide detailed, actionable instructions for creating and deploying biological weapons. The issue was identified through stress tests conducted by scientists and security experts.

Confidence
High (multi-source, primary)
OpenAI, Google, Anthropic3 sourcesPrimaryPublicApr 2026
FI-0305Public SectorMedium
Policy Violation

State tax agencies use opaque AI for audit selection without oversight

State tax agencies in California and New York use automated AI systems for audit selection that bypass state oversight requirements. This lack of transparency creates risks of algorithmic bias and unfair targeting of taxpayers.

Confidence
Medium (multi-source)
State tax agencies (California Franchise Tax Board and New York State Department of Taxation and Finance)3 sourcesPressPublicApr 2026
FI-0550SaaSMedium
Policy Violation

Grammarly AI Expert Review allegedly used author identities without consent

Grammarly faced a class action lawsuit led by journalist Julia Angwin. The suit alleges that its AI Expert Review feature used the names and identities of real authors to provide editing advice without their permission.

Confidence
Medium (multi-source)
Grammarly3 sourcesPressPublicMar 2026