This April, The Fintech Times is focusing on all things embedded finance, the integration of financial services into non-financial products and services. First, we turn our attention to the growth of Banking-as-a-Service (BaaS). 

BaaS enables non-banking institutions to connect with banks via APIs, to offer services traditionally restricted to licensed and fully-regulated banks.

While BaaS solutions offer a lot of potential, many have concerns regarding the regulatory compliance of providers and the third parties that use them. To find out more about the regulatory hurdles the BaaS space possesses, we reached out to industry leaders and asked them which regulatory challenges fintechs should be most aware of.

Compliance issues apply to everyone

Paul Staples, group head of embedded banking at Clearbank, the UK-based clearing bank, explains that ensuring regulatory compliance remains a consideration for both BaaS providers and the companies that use them.

“There has been a lot of regulatory attention on BaaS providers, partly due to compliance concerns, but also their rapid growth. It’s important for companies to interrogate how their provider deals with regulation and compliance issues.

“Do they have a banking licence that means their customers’ money is protected up to a certain level? Or it is an e-money licence where money is safeguarded? If the latter, how does this safeguard work? How are anti-money laundering regulations adhered to?

“When relying on a BaaS provider for financial services, then any compliance issues they face also become your problem too. This works both ways, of course – any business should expect questions from their provider on their customers and business practices, so they remain compliant.”

‘Companies must stay agile and informed’

Sergiy Fitsak, managing director at software development company Softjourn, also breaks down the importance of carefully ensuring compliance: “When leveraging BaaS, companies must navigate a complex landscape of regulatory challenges that vary by jurisdiction.

“Key among these challenges is ensuring compliance with local and international banking regulations, which can include stringent requirements for anti-money laundering (AML), know your customer (KYC) processes, data protection, and privacy laws.

“Fintech companies using BaaS need to ensure that their services comply with these regulations to prevent legal and financial repercussions. Moreover, the reliance on banking partners for regulatory compliance means fintechs must meticulously select and manage these partnerships to ensure alignment with regulatory expectations and safeguard against reputational risk.

“As BaaS operates in a relatively new and rapidly evolving segment of financial services, companies must also stay agile and informed about potential changes in regulatory frameworks, which could impact their business models or the services they offer.”

BaaS faces significant regulatory scrutiny

Recently, BaaS providers have experienced significant levels of regulatory scrutiny, explains. Raman Korneu, CEO and co-founder of digital banking platform myTU.

“When utilising BaaS, companies confront significant regulatory hurdles, particularly concerning standardised offerings from third-party BaaS providers. In my opinion, this homogenised landscape stifles innovation and differentiation within the fintech sector.

“A core regulatory challenge arises from the uniform compliance settings imposed by BaaS providers, which often fail to meet the specific needs of individual fintech firms and their respective markets. Insufficient attention to AML, KYC, and CFT protocols during customer onboarding further compounds this issue, leading to regulatory non-compliance.

“Examples such as the Bank of Lithuania‘s revocation of PayrNet‘s license and interventions against BaaS providers like Solarisbank, Modulr, Blue Ridge Bank, Cross River and Choice Bank (the most recent case when a BaaS sponsor bank has gotten into regulatory trouble) demonstrate the regulatory scrutiny faced by BaaS providers and BaaS-dependent companies.

“To address these challenges, companies require differentiated compliance frameworks tailored to their unique business models and market dynamics. However, the current BaaS setup lacks the flexibility needed for such customisation, hindering companies’ ability to adapt to regulatory changes efficiently.

“In summary, regulatory challenges for companies leveraging BaaS stem from standardised offerings that do not adequately cater to individual compliance needs. Customised compliance frameworks are essential not only for ensuring regulatory compliance but also for fostering innovation in the fintech sector, yet the current BaaS model falls short in providing this flexibility.”

Making ‘financial interactions more secure’

Marc Milewski, CEO of Zum Rails, an open banking payments software provider, offers advice to firms looking to utilise BaaS: “One of the biggest challenges for organisations that want to participate in BaaS is ensuring that they’re offering it in a way that makes financial interactions more secure, rather than making it easier for those with nefarious intentions to engage in money laundering and fraud.

“Local and regional regulations exist to help mitigate this, and every company leveraging BaaS needs to assess which of these laws and regulations apply to its business. Money transmitter license (MTL) requirements, for example, vary by state in the US, and there are additional requirements that need to be taken into consideration for companies that operate in multiple countries, such as registering with The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) or the Financial Crimes Enforcement Network (FinCEN) in the US.

“These types of regulations place the onus on the business to ensure they are not enabling money laundering or other criminal activities within their platform. Companies tend to think about this through the lens of their banking services only, but security and anti-fraud actually starts much earlier in the financial interaction—from the time of onboarding funds onto the platform.

“In addition to regulatory compliance, various security measures including KYC tools that enable real-time transaction monitoring, name matching and sanctions screening should be built into BaaS offerings from the start.”

Increased scrutiny in the US

Eric Bierry, CEO of Sopra Banking Software, also discusses how regulation surrounding BaaS varies from region to region: “Particularly in the US, regulators are beginning to pay closer attention to partnerships between banks and fintechs and looking into various guardrails to protect consumers from any unregulated financial offerings.

“BaaS is one of the main ways that traditional banks are partnering with fintechs to enable them to provide their own banking services. In these instances, regulatory burdens are transferred directly onto the banking provider, who is responsible for bringing things like banking licenses and FDIC-insurance to the relationship.

“Meanwhile, the fintech or end company can focus on technology and the customer experience in which they excel. While it’s a valuable model for both banks and fintechs to focus on what they’re good at and improve the lives of their customers, banks do need to be increasingly aware of, and take steps to prevent, any unregulated activities that can result from these relationships.”

BaaS requires ‘thorough oversight’ from all parties

Finally, Pam Kaur, head of bank technology at strategic investment fund BankTech Ventures, reveals how banks and fintechs should approach the space: “Both banks and fintech companies getting involved with or leveraging BaaS need to be aware of AML and BSA regulations around the services they or their partners are offering.

“All programmes should have thorough oversight from all involved parties along with a sound understanding of who is responsible for what in the lifestyle of the relationship. Banks should not rely on their fintech partners to be the only source of truth on this type of oversight and should have a dedicated BSA officer with full authority and oversight of these programs.

“On the other hand, fintechs should also not assume that the bank they have partnered with has a strong BSA program, and should continue to monitor and address issues to the best of their abilities as well.

“BaaS providers also need to be aware of the impact of and how to unravel these relationships should the need come.”

This March, The Fintech Times is shifting its spotlight towards insurtech, exploring the potential impact of blockchain technology on insurance processes and its role in instilling trust in digital transactions.

Navigating the intricacies of regulatory frameworks presents a formidable challenge for insurers operating on a global scale, as regional variations significantly influence their strategies and operations worldwide.

These regulatory disparities dictate product development, distribution methods, capital requirements, risk management practices, and market entry decisions.

To delve deeper into this, we consulted industry experts for their insights on how regional regulations shape insurers’ approaches and activities across diverse markets.

Unified approach

Regional variations in regulatory frameworks have significant impacts on insurtechs and insurers’ strategies and operations worldwide, says Caroline Hanotiau, general counsel at insurtech Qover.

“The operational complexity of managing compliance efforts and monitoring updates and changes in regulations can be resource-intensive. Additionally, stringent regulatory requirements in certain regions may act as a barrier to market entry, limiting potential expansions for insurers.

“Innovation can also be constrained by regulatory requirements in certain regions, which may restrict product development and distribution rules.

“However, at Qover, we have developed a unified API that allows us to navigate these challenges and ensure compliance across all countries, while still innovating and providing consumer protection.”

Central bank regulation

Mustafa Melhem, business development manager for insurance at Eastnets, a global provider of compliance and payment solutions for the financial services sector, addresses the importance of central bank regulation in fostering stability and mitigating fraud in well-regulated insurance markets.

“In many regions, the insurance sector is regulated directly by the central banks through a dependent or independent insurance authority. We consider these regions as well-regulated insurance markets.

“They offer a strong and stable insurance market, empower the local insurance sector, foster better partnerships with the global reinsurance and financial sectors, and protect policy holders and beneficiary rights.

“These markets also offer protection of any third parties’ rights, such as healthcare providers and other insurance service provider. They also empower the insurance companies’ solvency margins and ensure strict control of fraud and money laundering.

“In other regions, where the insurance sector is reporting to different governmental departments or ministries, the central banks are not fully involved and therefore these regions are poorly regulated. So, these markets are lacking the above benefits, which encourages increased fraud.”

Robust IT systems

“Insurers are, and have always been, under enormous pressure to make their products conform to the regulatory needs of every geography they serve,” says Sam A. Shay, creative director at Socotra, which provides a modern enterprise platform  to insurance businesses.

“Even a small insurer that sells only one basic personal auto product in the U.S. has to create a variant of that product for each state, greatly increasing the complexity of doing business across any kind of border. The resulting amount of compliance work, product definition and more that goes into growing into larger regions or offering a more expansive product portfolio can be incredibly cumbersome.

“The insurers best-poised to handle this are the ones that use IT systems with robust insurance product inheritance models that allow them to easily configure each of their products to suit every regulatory environment the product is offered in – rather than offering unique products for every geography.”

Managing compliance

“Regulatory differences significantly shape the strategies and operations of global insurers, influencing product development, distribution methods, capital requirements, risk management, compliance, and market entry, including mergers and acquisitions (M&A),” says Ryan Cox, senior director and head of AI Business at digital transformation consulting firm Synechron.

“Insurers must customise their products to comply with various regulations, align distribution strategies with legal frameworks and maintain adequate capital to meet solvency requirements. They also need region-specific risk management strategies to navigate varying compliance standards and associated costs from one region to another.

“Market entry decisions hinge largely on regulatory landscapes, with insurers preferring markets with more favourable regulations while acknowledging regulatory challenges.

“M&A activities require thorough assessment of regulatory impacts and approvals across jurisdictions. Despite regulatory complexities, insurers can find opportunities by proactively managing compliance, maintaining operational flexibility, and using technology to enhance regulatory processes’ efficiency.”

Adaptable strategies

Highlighting the dynamic impact of regional regulatory variations on insurers is Javed Akberali, co-founder and managing director of insurtech Wellx, who said:

“Regional variations in regulatory frameworks significantly impact insurers’ strategies and operations worldwide. Differences in data protection laws, licensing requirements, and compliance standards require insurers to adapt their business models and strategies to each jurisdiction.

“This variation necessitates a flexible, informed approach to global insurtech operations, underscoring the importance of understanding and navigating these disparities to succeed on the international stage.”

Sovos, a provider of tax compliance solutions, has unveiled a platform that integrates compliance, tax, and regulatory reporting software into one unified solution.

Representing over eight years of development and significant investment, the Sovos Compliance Cloud aims to transform tax compliance from a mere obligation into a catalyst for business growth.

With more than 75 embedded integrations and over 425 connectors in the Sovos App Marketplace, the platform maximises existing investments for CFOs and CIOs while offering greater visibility and scalability across the enterprise.

“It’s time to transform tax compliance from a business requirement to a force for growth,” said Sovos CEO Kevin Akeroyd. “Sovos recognised this need almost a decade ago and invested in building the industry’s only truly integrated, complete compliance solution.

“Just as enterprise resource planning (ERP), customer relationship management (CRM), and human capital management (HCM) all shifted from disparate point solutions to holistic system of record platforms that unlocked tremendous business value, the Sovos Compliance Cloud does the same for tax and compliance.”

Heightened risk

The launch of the Sovos Compliance Cloud coincides with a period of heightened risk and inefficiencies for businesses managing compliance through individual point solutions. According to a Bloomberg 2022 Corporate Tax Survey, 82 per cent of companies believe they face increased exposure to tax-related compliance risks compared to five years ago.

Additionally, a study by Accenture found that 90 per cent of companies anticipate rising compliance-related costs. Transitioning to a unified cloud platform empowers companies with enhanced visibility and economies of scale across their technology infrastructure, leading to time and cost savings while mitigating risks.

The Sovos Compliance Cloud also enables CFOs and CIOs to maximise their existing investments by seamlessly integrating with a wide range of partners and technology providers. With over 75 embedded integrations into key enterprise resource planning (ERP), accounts payable (AP), and accounts receivable (AR) systems, along with more than 425 connectors in the Sovos App Marketplace, companies can enhance tax compliance and reporting without the need for costly infrastructure replacements or modifications.

Sovos’ Compliance Cloud is projected to facilitate over six billion tax and e-invoicing transactions across 80-plus countries this year, far surpassing the capabilities of other providers. This platform represents a highly scalable and secure global compliance solution tailored for the modern enterprise.

As we approach the midpoint of February, the Abu Dhabi Global Market (ADGM) has been in the spotlight for celebrating achievements as well as penalising firms for breaching regulations. 

The Financial Services Regulatory Authority (FSRA) of ADGM has imposed penalties on six financial institutions for contraventions of the Common Reporting Standard Regulations 2017 (‘the Regulations’). These fines totalled AED 170,000.

The actions taken by the FSRA address failures (to the extent applicable in each case) to:

• follow due diligence procedures as required by the Regulations;
• keep records of the performance of due diligence;
• report required information in a complete and accurate manner; and/or
• submit the required annual information return.

The Common Reporting Standard (CRS) governs the collection of financial account and tax-related information and its global exchange between international regulatory bodies. The regulation sets out the scope of financial information that financial institutions must collect and report, as well as the due diligence procedures that those financial institutions must follow.

CRS was developed by the Organisation for Economic Co-operation and Development (OECD) and established in the United Arab Emirates in 2017.

Emmanuel Givanakis, chief executive officer of the FSRA at ADGM, said: “ADGM is committed to complying with international standards. The FSRA actively supports the UAE’s commitment to international tax information exchange as part of a broader national agenda to enhance financial transparency.

“We achieve this through maintaining a robust supervisory framework and enforcement regime. Compliance with the requirements of the CRS is a top priority of the FSRA, as it aligns with our objective to promote and enhance the integrity of the ADGM financial system. We are steadfast in our commitment to take regulatory action against practices intended to circumvent tax reporting.”

Not all bad news

Although the fines are a necessary punishment for failing to adhere to regulations, ADGM has also shed light on more positive news for its ecosystem in February. It announced a Memorandum of Understanding (MOU) with the Solana Foundation, a non-profit organisation dedicated to decentralisation, adoption, and security on Solana network. The partnership will enhance distributed ledger technology (DLT) solutions and advance blockchain innovation in the region.

Hamad Al Mazrouei, CEO of ADGM Registration Authority said: “Our strategic alliance with the Solana Foundation marks a key milestone in cementing ADGM’s leadership in the blockchain sector, and represents a direct reflection of the effectiveness of our DLT Foundations Framework and our commitment to the growth and the development of the blockchain sector.

Furthermore, in February, Deus X Capital, a $1billion family-office backed investment and operating company and Bridgetower Capital, a provider of digital asset and blockchain infrastructure with $800million AuD, partnered to create Bridgetower Middle East (ME). Based in ADGM, the platform will also offer private equity/venture building facilitation, to support and grow the blockchain digital asset ecosystem in the UAE region.

The majority of banking institutions feel they are not well enough equipped to accommodate any further regulatory change from an internal processes perspective; according to AutoRek, a fintech looking to set new standards in financial data automation.

Of 500 banks surveyed by AutoRek across the US and UK, 71 per cent agree that their financial control processes are not robust or flexible enough to accommodate more regulatory change or scrutiny.

The findings come at a challenging time for financial institutions, with several significant regulatory changes due to be implemented over the coming months, including European Market Infrastructure Regulation (EMIR) Refit and revisions to MiFID II.

Aside from the issues firms have reported around their financial control processes, institutions also revealed concerns about their data quality, particularly regarding meeting regulatory reporting requirements.

Overall, 70 per cent of respondents agree that their data lacks the transparency and flexibility required for regulatory reporting. In addition, 73 per cent of firms struggle to receive all the data they require to complete internal and external audits – a concerning finding as auditing season approaches.

Persisting with outdated manual processes

Despite the perceived lack of flexibility in both data and financial control processes, the AutoRek results revealed that the majority of firms still rely on outdated processes across their financial operations.

Murray Campbell, regulatory consultant at AutoRek, commented: “Our latest banking industry survey shows that firms are working hard to modernise and adapt to growing competition and cost pressures, but many are still beset by inefficiencies.

“Optimising core back and middle-office functions must be a top priority for banks to streamline operations, get in control of their data and achieve regulatory compliance. We look forward to completing the survey in 2025 to see how respondents have progressed.”

Over three-quarters (78 per cent) of respondents believe their organisation is too reliant on manual tasks and spreadsheets to perform the reconciliation control process. The largest hurdle firms said they face when delivering on digitisation initiatives is integration challenges, which refers to the problems that arise when companies look to harmonize disparate data systems and processes.

Because of this, many firms are reportedly looking to invest in cloud infrastructure (29 per cent), process automation (30 per cent), and reporting solutions (26 per cent), to streamline their back-office operations over the next 12 to 18 months.

As innovation continues in the virtual asset space, regulatory authorities in Hong Kong have proposed new regulatory rules for stablecoin issuers. 

The Financial Services and the Treasury Bureau (FSTB) and the Hong Kong Monetary Authority (HKMA) jointly issued a public consultation paper on 27 December 2023 regarding a new legislative proposal for implementing the regulatory regime for stablecoin issuers in Hong Kong.

Under the proposed regime, issuers would require a license from the HKMA to issue stablecoins that reference the value of one or more fiat currencies in Hong Kong.

As part of these requirements, licensees would need to maintain a pool of reserve assets (such as bank deposit in matching currencies, and short-term debt securities) with proper custody arrangement, to ensure that users can redeem the stablecoins for fiat currency at par. Licensees would also need to comply with relevant governance, risk management and AML/CFT measures.

According to the Hong Kong government, bringing fiat-referenced stablecoin (FRS) issuers under its regulatory remit will support the management of potential monetary and financial stability risks, and provide transparent and suitable guardrails with the increased prevalence of virtual assets.

Eddie Yue, chief executive at HKMA, also explained: “In an ever-changing market, it would be important to keep abreast of the latest developments, as well as to put in place a regulatory regime that strikes a good balance between safeguarding financial stability and embracing innovation.

“With this in mind, the HKMA plans to roll out a ‘sandbox’ to facilitate the communication of our supervisory expectations with entities that are interested in issuing stablecoins in Hong Kong.”

‘Seizing the opportunity’

Ronald Iu, CEO of ZA Bank, the Hong Kong-based virtual bank, also revealed enthusiasm for the regulatory suggestions: “ZA Bank warmly welcomes the public consultation paper jointly issued today by the FSTB and HKMA regarding the proposed legislation for regulating stablecoin issuers. We also appreciate the HKMA’s introduction of sandbox arrangement, as we believe that industry feedback will be highly valued by the authorities.

“We anticipate that this consultation process will strengthen the future regulatory framework, providing greater security and fostering the development of the industry. This, in turn, will enhance the confidence of retail investors and contribute to establishing Hong Kong as a global hub for Web3.

“As a technology-driven bank, our ambition is to be the preferred banking partner of Hong Kong’s Web3 ecosystem, guided by our ‘Banking for Web3’ vision. We have already provided essential business banking services to over 80 Web3 companies and have served as the banking partner for licensed virtual asset trading platforms (VATPs) in Hong Kong. Leveraging our relevant experience, we are more than willing to offer support and assistance to both the authorities and the industry.

“We firmly believe that virtual assets will become a significant asset class for future investments. Within a secure regulatory environment, we eagerly anticipate seizing the opportunity to provide users with new investment possibilities brought about by Web3.”

Buy now, pay later (BNPL) companies across the globe continue to grow – particularly in the build-up to the festive period, as consumers look to offset their costs. However, despite this trend, concerns about the space remain due to a lack of regulatory oversight. In response, the Saudi Central Bank (SAMA) is now taking action.

The Saudi Central Bank has now issued new ‘Rules for Regulating Buy Now Pay Later (BNPL) Companies‘ as part of its role in supervising and controlling the BNPL companies. This decision reflects SAMA’s continuing efforts to develop the financial sector in the region and empower the fintech sector in particular.

Under the new rules, the BNPL activity is defined as any type of financing that enables a consumer to purchase goods or services without a term cost payable by the consumer.

The rules aim to regulate the licensing of BNPL companies operating in Saudi Arabia and set minimum standards and procedures required to offer BNPL services. Additionally, the development of these rules will contribute to the growth and sustainability of the sector while safeguarding consumers’ rights.

SAMA’s new BNPL rules include various provisions related to licensing requirements, internal regulatory measures such as internal policies and procedures, information security standards and measures to combating financial crimes.

Additionally, regulatory obligations designed to safeguard consumers, and establish boundaries for activities and credit, as well as provisions pertaining to supervision and compliance are included in the new rules.

BNPL’s success in Saudi Arabia and beyond

The increased regulatory rules come following significant success in the space for firms in the region. Riyadh-based BNPL platform, Tabby, announced it had raised $200million in its Series D funding round in November, achieving a valuation of $1.5billion.

Its success is reflected in the UAE, where over 4,000 stores accept Tabby Cards for in-store purchases.

This growth highlights the need for enhanced BNPL regulations – not just in Saudi Arabia or the MENA region, but across the world. By introducing a new regulatory framework for firms working in the space, the Saudi Central Bank is hoping to ensure that it can BNPL services are offered responsibly and sustainably – keeping consumers safe and ensuring the sector can continue its growth and support the economy in Saudi Arabia.

By introducing the new regulatory framework, SAMA will also hope that the BNPL space can help to modernise and diversify the Saudi Arabian economy, in line with the Saudi Vision 2030.

Binance and other cryptocurrency firms based in the United Arab Emirates are optimistic that the country will remain a hotspot for virtual assets despite a potential shift to the United States should the Western superpower become a more crypto-friendly jurisdiction.

The “regulation by enforcement” regime in the U.S. has pushed global crypto firms to move to locations such as the UAE, the United Kingdom, Switzerland, and Singapore. However, the idea that companies could potentially return to the U.S. should there be a change in direction was floated during a panel discussion on Dec. 11 at the Global Blockchain Congress event in Dubai .

Highlighting the UAE’s approach toward technology and innovation, Alex Chehade, Binance’s general manager for the Middle East and North Africa, said the local government has built infrastructures around numerous initiatives that encompass not just AI but also Web3, sustainability and other verticals:

“[People exiting] wouldn’t be the worry. We’d probably be worried [about], ‘do we have enough infrastructure for people coming in?’”

“The track record is there… We’ve got the education system, healthcare system, the roads, the trains. Where else would you relocate? To the other jurisdictions? They’re not issuing Visas. They don’t have the infrastructure,” he added.

Chehade said Binance, which recently withdrew its fund manager license in Abu Dhabi and saw its former CEO Changpeng Zhao plead guilty as part of a $4.3 billion settlement with U.S. agencies, will stay in the region, with its custody license in the UAE capital, and operational minimum viable product permit for exchange and brokerage services in Dubai.

Meanwhile, Feras Al Sadek, managing partner at blockchain private investment firm Ghaf Capital Partners, argued that the UAE leads through its “regulation by education,” highlighting local regulators’ approach of actively supporting projects through various engagements, including conferences and meetups. He said:

“It’s very hard to find regulators… fighting, educating and supporting these companies. So that I think is a key differentiator between us and the rest of the world.”

Al Sadek also pointed out the UAE’s goal of becoming a tech industry leader by employing thousands of personnel in emerging technologies, including 30,000 in artificial intelligence by 2030.

Related: Dubai regulator grants crypto license to Bahrain’s CoinMENA

Crypto Oasis Ventures co-founder Faisal Zaidi said that the UAE’s lifestyle and business community have made it appealing for nonresidents to stay, adding, “You come in with a plan [to live here short-term], but because of how your life is here… the communities and the ecosystem, people end up staying. He added:

“Maybe there [will be] a slowdown in newer organizations coming, but the ones that are here are going to stay.”

The wave of government enforcement against crypto companies in the U.S. has pushed away crypto firms, with industry leaders suggesting crypto startups should avoid the jurisdictions for the time being and the U.S. Securities and Exchange Commission (SEC), headed by chair Gary Gensler, earning the ire of the crypto community.

However, the landscape may be shifting toward a more favorable direction for the crypto community, with U.S. Senators Cynthia Lummis and Kirsten Gillibrand reintroducing a bill to create a crypto regulatory framework in July.