I think of ‘Banking-as-a-Service’ and ‘Embedded Finance’ as two sides of the same coin. Banking-as-a-Service is a capability that enables Embedded Finance. Building on the Apple example above, Goldman Sachs is offering its banking capabilities “as a service,” which enables Apple to offer a savings account embedded within its app.
To date, the most active banks in the BaaS space have been smaller, sub-USD 10 billion institutions. There are both push and pull factors driving this. On the ‘pull’ side, the most common fintech product offering has been checking accounts + debit cards, and by partnering with Durbin-exempt banks, fintechs earn higher interchange. On the ‘push’ side, smaller banks have historically been geographically constrained by their branch footprint; BaaS relationships offer enticing, nationwide distribution and growth potential without a bank having to build out its own consumer-facing product or marketing.
Ensuring alignment between fintech, BaaS platform (if applicable), and bank partner in advance is key. Defining roles and responsibilities, agreeing on economics that make sense for all stakeholders, and developing a plan to ensure compliance are key areas to consider when selecting a BaaS partner.
Regulators have been paying increasing attention to BaaS relationships, particularly when it comes to compliance. While there are existing frameworks applicable for BaaS – third-party risk management – how stakeholders and regulators interpret and apply this guidance isn’t fully consistent. To date, much of the focus has been on BSA/AML compliance, but that isn’t the only potential risk area. Depending on the products offered through BaaS relationships, consumer protection (UDAAP), fair lending, Reg E, etc. are potential risk areas.
BaaS platforms (eg, Synapse, Bond, Unit, etc.) and consumer-facing fintechs generally sit outside the banking perimeter. This means they are not subject to direct regulatory supervision (though may be subject to enforcement actions). Instead, under existing frameworks, BaaS platforms and fintechs function as third-party ‘service providers’ or ‘vendors’ to a bank. It is the bank’s responsibility to ensure platforms and fintechs are meeting its compliance obligations. Federal regulators, particularly the OCC, have shown an increasing interest in understanding and, when necessary, pursuing enforcement actions for banks operating BaaS partnerships.
There isn’t anything regulators can do to ‘guarantee’ ethical behaviour and reasonable practices. That said, there are opportunities for regulators to improve clarity around expectations and responsibilities in Embedded Finance. In the current regulatory model (in the US anyway), chartered banks hold ultimate responsibility for compliance obligations, including BSA/AML/KYC, fair lending, consumer protection, and so on. The growth of BaaS platforms as intermediaries has created additional stakeholders in this equation. While there is already guidance for banks regarding due diligence and third-party risk management, there are opportunities to provide more specific guidance about how these apply to BaaS and Embedded Finance.
This interview was first published in The Paypers' Embedded Finance and Banking-as-a-Service Report 2023, which is the latest comprehensive market overview and analysis focusing on the key products and players within the Embedded Finance and BaaS ecosystem.
Jason Mikula is the publisher of Fintech Business Weekly, a newsletter going beyond the headlines to analyze the technology, regulatory, and business model trends driving the rapidly evolving financial services ecosystem at the intersection of traditional banking, payments, fintech, and crypto.
Fintech Business Weekly is a once-a-week newsletter offering in-depth analysis of trends and stories in banking, fintech, and crypto. Common themes include Banking-as-a-Service, Embedded Finance, compliance, regulation, consumer credit, BNPL, payments, identity, and more.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now