How One CEO Built a Team to Fix His Bank

Blue Ridge Bankshares in Richmond, Virginia, had good news for investors in July: The company was profitable for the first time since the first quarter 2023. 

The $2.6 billion bank has been under a consent order with its regulator, the Office of the Comptroller of the Currency, since January 2024. The OCC identified several key deficiencies, including insufficient Bank Secrecy Act staffing and weak internal controls. 

CEO G. William Beale joined the bank in May 2023 to clean up the mess. Blue Ridge was under a written agreement at the time to resolve the BSA/AML deficiencies and was particularly exposed to scrutiny of its compliance programs due to its banking as a service business line, which the bank started in 2019 and exited in 2024. “We had close to a million customers on a little old $3 billion bank,” he says. “We had to get out of the fintech business.”

Today, Beale believes it’s just a matter of time before the bank is free and clear of the enforcement action. “It’s absolutely amazing the amount of work that the financial crimes and BSA group had done,” Beale says. Regulatory remediation cost the bank $4.6 million in 2024, down from $10.5 million in 2023 and $7.4 million in 2022, according to Securities and Exchange Commission filings. Much of that was spent on external consultants that could supplement BSA/AML staff and help improve the bank’s third-party risk management program and internal audits, he says. 

BaaS is more prone to scrutiny because so much has been outsourced to a third party, says James Stevens, a partner at Troutman Pepper Locke. “If they’re not applying that same discipline that they’re doing inside their bank to the oversight and monitoring of the [partner], then they’ve now taken what was a strength and made it a weakness.”

Klaros Group has been tracking enforcement actions for banks in the BaaS space since 2022; those actions have started to trend down after peaking last year. “Most of the banks that are in that space to any significant extent have been operating under either formal or informal enforcement actions,” says Konrad Alt, partner and cofounder at Klaros. “They still have compliance issues to deal with; they’re working their way through.” The advisory and investment firm tracked just three enforcement actions among this group of banks in the first half of 2025, compared to 13 last year and seven in 2023. The majority of the orders cited board governance, BSA/AML gaps and third-party risk management deficiencies.

The decline in enforcement actions doesn’t reflect a lighter regulatory landscape, but rather a better understanding by regulators of BaaS relationships, says Stevens. That means examiners can more readily identify problems and communicate their expectations. “I don’t think there’s any less scrutiny of Bank Secrecy Act [violations] going on generally under this current Trump administration,” he says. 

Strengthening BSA/AML Compliance
After joining Blue Ridge, Beale quickly focused his attention on hiring key personnel in compliance, risk, operations, technology, information security and human resources. “I had, when I arrived, a good CFO, and that was about it,” says Beale. 

Those hires included Rebecca Schauer Robertson, the bank’s executive vice president, BSA officer and director of financial crimes compliance. She had a background working at much larger banks and had just left the financial investigations unit at Atlantic Union Bank, the subsidiary of $37 billion Atlantic Union Bankshares Corp. in Glen Allen, Virginia. A big priority for Robertson was making changes to the BSA team. “She made very quick decisions about moving people out,” says Beale, and “hiring some to replace that had more capacity to do things.”

What makes for a strong BSA/AML employee? Robertson looks for collaborators with good communication skills who can take initiative and work independently; the type of employee who’s willing to identify issues and bring them to the bank’s attention. “Someone who’s not afraid to effectively challenge things but someone who also has an open mind and can work collaboratively,” she says. 

Effective BSA/AML compliance requires a strong tone at the top from the board and management, says Ashley Farrell, a director in the risk advisory practice at Baker Tilly. That means allocating sufficient resources to the BSA/AML function, including a qualified and seasoned AML officer. That person should be included in discussions about bank strategy. “Any area that the bank wants to get into, there’s going to be AML implications,” Farrell says. “They need to be thought of from the start so that mitigating plans and ways to enhance the control environment can be established from the very beginning.”

Community banks also tend to run into BSA/AML problems when policies and procedures aren’t followed,, says Stevens. If a new business line is added — like BaaS — then policies should reflect that change.

Investing in BSA/AML can be money well spent, says Robertson, and correcting compliance gaps costs a lot more. “I like to remind our board and our C-suite that we’re not a cost center. We’re a cost-save center,” she says. “If you do invest in the right people and the right technology, you’re going to benefit from that.”

Exiting BaaS
In addition to rebuilding the bank’s leadership team, Beale quickly decided to exit the banking as a service business line. “The easiest and cheapest way for us to get out of this consent order was to get out of the fintech business,” he says. In early 2024, the bank started to unwind its relationships with around 40 fintechs, primarily neobanks that accounted for $466 million in deposits — 18% of total deposits — as of December 31, 2023. A year later, Blue Ridge had just $21 million in deposits tied to those relationships, primarily corporate deposits, per its 10-K. The bank is still working to offboard some lending relationships. 

BaaS isn’t a business line that banks can tiptoe into, says Alt. It requires significant investment. For boards thinking about entering the space, he suggests they take a hard look at their bank’s capabilities. What are the costs and benefits? Can the bank make the investment required to make the program a success? And does the board have the skills it needs to oversee the risks? “Asking hard questions when you’re making a big strategic change, that is part of the board’s responsibility,” says Alt.