How Banks Can Achieve Compliance in Evolving BaaS Landscape

Banking-as-a-service (BaaS) is expected to be a $7 trillion industry by 2030, according to a report. The size of this market opportunity is based on the expanded distribution channels that are now available to financial institutions.

BaaS validated the business model that banks did not need to own the last mile of distribution to customers — meaning a bank-owned application was no longer needed to reach customers. BaaS proved banks could offer products through non-bank-owned applications, whether those were fintech apps, HR apps, practice management platforms, or ERP systems.

Although the ability to create innovative financial solutions allows banks to strengthen their positions and stay competitive in the increasingly digital age, they face a significant challenge: ensuring compliance within the dynamic BaaS ecosystem.

The problem emerges when banks approach BaaS differently than how they manage their existing digital channels. Many banks — especially neo-banks that did not have traditional banking channels in the past — started their BaaS programs by outsourcing the ecosystem of onboarding, third-party risk management, fraud, AML, and even the account ledger. Shifting those tasks from the bank to an unregulated entity ignited intense scrutiny in 2023.

As a result, financial institutions should adopt proactive measures to navigate this evolving landscape effectively. Let’s take a look at the one effective step banks can take to ensure compliance: Retaining ownership and control over change management.

In listening to conference dialogues between regulatory agencies, risk advisory firms, and banks — the controls have never changed for BaaS. What changed was who was managing those controls, and it needs to remain with banks.

Given that the regulatory scrutiny within BaaS surfaces when banks begin to outsource subsets of their operational management to third parties, the key to meeting regulatory compliance lies in reclaiming ownership and control over the aspects that have always belonged to banks.

These include the ability to select your own fintech providers that meet the bank’s third-party risk management guidelines, the ability to configure your data security policies and controls, vetting customers through Know Your Customer (KYC), Know Your Business (KYB), and Bank Secrecy Act (BSA) workflows, facilitating money movement flows while setting limits and holds, and ensuring the bank is able to define their settlement operating accounts to align with their finance teams.

When banks regain ownership and control, they can implement policies, procedures, and controls aligned with regulations and adjust to regulatory changes or evolving industry trends. One way to reach this goal is to deploy a virtual banking platform that acts as an overlay to the existing bank’s legacy core. In this model, banks can launch BaaS programs on a virtual account system and perform daily settlements to their core.

These cloud-native platforms do not require any bank IT involvement and require no core involvement. In this model, banks can compete with the BaaS providers, working directly with fintech and brands to eliminate the unregulated middle-man that was the catalyst for regulatory scrutiny.

These solutions can seamlessly integrate with the bank’s existing ecosystem and avoid complex core integration. That’s why financial institutions can retain control over data management, security protocols, and operational processes while leveraging the capabilities of third-party solutions to enhance their service offerings. This allows banks to compete with the BaaS providers and have the infrastructure to scale.

The bottom line is that the digitization of financial services is fueling the growth of BaaS. As expected, banks are riding the wave to stay relevant and competitive in the market by expanding their distribution channels to grow deposits and non-interest fee income. However, the rapid growth of the BaaS landscape has also drawn regulatory scrutiny. As financial institutions collaborate with intermediaries to develop innovative financial solutions, they expose themselves to the practices and vulnerabilities of their partners.

To address this challenge effectively, it’s crucial for banks to reclaim control over their channel management. By doing so, banks can ensure that their practices align with regulatory requirements, thus mitigating risks and maintaining compliance in an evolving financial ecosystem.

Riaz Syed, CEO and Founder of infinant, holds a master’s degree in computer science and has over three decades of experience in the fintech industry. Riaz has also held leadership roles at Broadway & Seymour, SAIC, WebTone, and FIS.