This April, The Fintech Times is focusing on all things embedded finance, the integration of financial services into non-financial products and services. First, we turn our attention to the growth of Banking-as-a-Service (BaaS).
BaaS enables non-banking institutions to connect with banks via APIs, to offer services traditionally restricted to licensed and fully-regulated banks.
While BaaS solutions offer a lot of potential, many have concerns regarding the regulatory compliance of providers and the third parties that use them. To find out more about the regulatory hurdles the BaaS space possesses, we reached out to industry leaders and asked them which regulatory challenges fintechs should be most aware of.
Compliance issues apply to everyone
Paul Staples, group head of embedded banking at Clearbank, the UK-based clearing bank, explains that ensuring regulatory compliance remains a consideration for both BaaS providers and the companies that use them.
“There has been a lot of regulatory attention on BaaS providers, partly due to compliance concerns, but also their rapid growth. It’s important for companies to interrogate how their provider deals with regulation and compliance issues.
“Do they have a banking licence that means their customers’ money is protected up to a certain level? Or it is an e-money licence where money is safeguarded? If the latter, how does this safeguard work? How are anti-money laundering regulations adhered to?
“When relying on a BaaS provider for financial services, then any compliance issues they face also become your problem too. This works both ways, of course – any business should expect questions from their provider on their customers and business practices, so they remain compliant.”
‘Companies must stay agile and informed’
Sergiy Fitsak, managing director at software development company Softjourn, also breaks down the importance of carefully ensuring compliance: “When leveraging BaaS, companies must navigate a complex landscape of regulatory challenges that vary by jurisdiction.
“Key among these challenges is ensuring compliance with local and international banking regulations, which can include stringent requirements for anti-money laundering (AML), know your customer (KYC) processes, data protection, and privacy laws.
“Fintech companies using BaaS need to ensure that their services comply with these regulations to prevent legal and financial repercussions. Moreover, the reliance on banking partners for regulatory compliance means fintechs must meticulously select and manage these partnerships to ensure alignment with regulatory expectations and safeguard against reputational risk.
“As BaaS operates in a relatively new and rapidly evolving segment of financial services, companies must also stay agile and informed about potential changes in regulatory frameworks, which could impact their business models or the services they offer.”
BaaS faces significant regulatory scrutiny
Recently, BaaS providers have experienced significant levels of regulatory scrutiny, explains. Raman Korneu, CEO and co-founder of digital banking platform myTU.
“When utilising BaaS, companies confront significant regulatory hurdles, particularly concerning standardised offerings from third-party BaaS providers. In my opinion, this homogenised landscape stifles innovation and differentiation within the fintech sector.
“A core regulatory challenge arises from the uniform compliance settings imposed by BaaS providers, which often fail to meet the specific needs of individual fintech firms and their respective markets. Insufficient attention to AML, KYC, and CFT protocols during customer onboarding further compounds this issue, leading to regulatory non-compliance.
“Examples such as the Bank of Lithuania‘s revocation of PayrNet‘s license and interventions against BaaS providers like Solarisbank, Modulr, Blue Ridge Bank, Cross River and Choice Bank (the most recent case when a BaaS sponsor bank has gotten into regulatory trouble) demonstrate the regulatory scrutiny faced by BaaS providers and BaaS-dependent companies.
“To address these challenges, companies require differentiated compliance frameworks tailored to their unique business models and market dynamics. However, the current BaaS setup lacks the flexibility needed for such customisation, hindering companies’ ability to adapt to regulatory changes efficiently.
“In summary, regulatory challenges for companies leveraging BaaS stem from standardised offerings that do not adequately cater to individual compliance needs. Customised compliance frameworks are essential not only for ensuring regulatory compliance but also for fostering innovation in the fintech sector, yet the current BaaS model falls short in providing this flexibility.”
Making ‘financial interactions more secure’
Marc Milewski, CEO of Zum Rails, an open banking payments software provider, offers advice to firms looking to utilise BaaS: “One of the biggest challenges for organisations that want to participate in BaaS is ensuring that they’re offering it in a way that makes financial interactions more secure, rather than making it easier for those with nefarious intentions to engage in money laundering and fraud.
“Local and regional regulations exist to help mitigate this, and every company leveraging BaaS needs to assess which of these laws and regulations apply to its business. Money transmitter license (MTL) requirements, for example, vary by state in the US, and there are additional requirements that need to be taken into consideration for companies that operate in multiple countries, such as registering with The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) or the Financial Crimes Enforcement Network (FinCEN) in the US.
“These types of regulations place the onus on the business to ensure they are not enabling money laundering or other criminal activities within their platform. Companies tend to think about this through the lens of their banking services only, but security and anti-fraud actually starts much earlier in the financial interaction—from the time of onboarding funds onto the platform.
“In addition to regulatory compliance, various security measures including KYC tools that enable real-time transaction monitoring, name matching and sanctions screening should be built into BaaS offerings from the start.”
Increased scrutiny in the US
Eric Bierry, CEO of Sopra Banking Software, also discusses how regulation surrounding BaaS varies from region to region: “Particularly in the US, regulators are beginning to pay closer attention to partnerships between banks and fintechs and looking into various guardrails to protect consumers from any unregulated financial offerings.
“BaaS is one of the main ways that traditional banks are partnering with fintechs to enable them to provide their own banking services. In these instances, regulatory burdens are transferred directly onto the banking provider, who is responsible for bringing things like banking licenses and FDIC-insurance to the relationship.
“Meanwhile, the fintech or end company can focus on technology and the customer experience in which they excel. While it’s a valuable model for both banks and fintechs to focus on what they’re good at and improve the lives of their customers, banks do need to be increasingly aware of, and take steps to prevent, any unregulated activities that can result from these relationships.”
BaaS requires ‘thorough oversight’ from all parties
Finally, Pam Kaur, head of bank technology at strategic investment fund BankTech Ventures, reveals how banks and fintechs should approach the space: “Both banks and fintech companies getting involved with or leveraging BaaS need to be aware of AML and BSA regulations around the services they or their partners are offering.
“All programmes should have thorough oversight from all involved parties along with a sound understanding of who is responsible for what in the lifestyle of the relationship. Banks should not rely on their fintech partners to be the only source of truth on this type of oversight and should have a dedicated BSA officer with full authority and oversight of these programs.
“On the other hand, fintechs should also not assume that the bank they have partnered with has a strong BSA program, and should continue to monitor and address issues to the best of their abilities as well.
“BaaS providers also need to be aware of the impact of and how to unravel these relationships should the need come.”
