Insert Your BaaS Pun Here

It would hardly be a surprise to anyone in fintech if they saw another article about more regulatory issues with banking as a service (“BaaS”). And it seems to be the trend to pile on everything that BaaS providers didn’t get right. But there’s also a lot of noise that could fog a more objective view of these platforms and the bank sponsorship model overall. We should evaluate this technology as a natural evolution of financial services instead.

Technology always faced scrutiny in banking

A lot to unpack, but let’s start with some history here. It might also be helpful to look at it through the lens of the Bank Service Company Act (“BSCA”), which doesn’t come up as often as some other laws but was essential in establishing a framework within which banks could share certain processing services through third-party service providers, known as bank service companies. This legislation was key in allowing banks to gain economies of scale by outsourcing non-core activities like check and deposit sorting, and bookkeeping. It acknowledged the evolving needs of the banking industry towards more efficiency and technological integration at a time when such advancements were becoming increasingly significant for operational optimization.

More importantly, it enabled smaller financial institutions to stay in business without having to build their own technology internally, which wouldn’t have been possible for them. Over time, as the banking industry's reliance on technology grew, the scope and relevance of the services covered by the BSCA expanded.

Significant amendments to the BSCA came with the increasing importance of software services. One of the critical turning points was the recognition that third-party service providers, especially those offering IT and core banking services, had become integral to the banking industry's operations. These providers handled sensitive data and systems that could pose systemic risks to the financial sector if compromised.

Recognizing the potential risks, regulators sought greater oversight. This led to amendments that expanded the regulatory authority over these service providers. A pivotal one came with Dodd-Frank, which, among other things, aimed to increase the regulation and oversight of financial institutions and their service providers to prevent a future crisis. It expanded the authority of federal banking agencies, allowing them to regulate and examine the activities of certain third-party service providers as if they were banks themselves.

This amendment was aimed at ensuring that the critical services these entities provided to banks did not become a source of systemic risk to the financial system. It allowed regulators to conduct examinations of these service providers to ensure they adhered to similar standards of safety, soundness, and consumer protection as the banks they served. It reflected a broader trend towards more comprehensive regulation of the financial system's infrastructure, acknowledging the integral role of technology providers in the banking ecosystem.

BaaS model solves existential problems for smaller institutions

How is this relevant to BaaS providers, you may ask? Through these amendments, the BSCA has evolved to address the complexities of modern banking, ensuring that as banks increasingly rely on external service providers for essential services, these relationships do not undermine the stability and integrity of the financial system. So the technology used by banks has always been under a certain level of scrutiny, which now happens to be the latest phase of what third-party providers are allowing banks to do – compete with larger institutions by enabling scale and access to more customers. This is where the sponsorship model comes in.

It all originated as a direct relationship between a fintech and a bank where both parties had to invest a significant amount of resources into diligence and integration efforts to launch a digital offering. The complexity of integrating directly with a core system shouldn’t be underestimated here; it’s not trivial. It also means building pretty much a bespoke program for each partnership. It might include some standardized policies and services but all in all it’s an individual relationship that requires individual oversight, which comes at a considerable cost.

Soon enough people realized that this process is not very scalable and it could certainly benefit from a more standardized approach and a more well-defined, simpler to integrate with set of APIs. So we started seeing solutions that sat in the middle and offered more efficient onboarding of both banks and potential fintech partners and faster time to market for more standard products (think deposit accounts, simple loans and credit cards). In some ways it worked too well and they enabled too much scale, partially driven by the fact that BaaS platforms themselves were also VC-backed and wanted to see faster revenue growth.

You have to realize that traditional banks’ operational and compliance processes scale pretty linearly, especially at smaller community and regional banks, who were the majority of banks that worked with the BaaS providers. These institutions were not used to, nor prepared for such scale from the controls perspective. At the same time, lapses in oversight further distanced the responsibility that banks felt they had over all these partners. But once the regulators caught up, we saw the confetti cannon of consent orders in action.

How do we apply the learnings?

But again looking at it from the technological perspective, it was a success. And if done right, BaaS providers allow banks to centralize management of multiple programs (making it more economical, manageable and safer even) and fintechs to scale without necessarily hitting the constraints of an individual institution. Having previously gone through a painful process of both launching and switching direct programs from one institution to another, we certainly understand the appeal of this model.

The ability to centralize functions that were once scattered across multiple platforms and institutions and allowing for unprecedented reach is certainly progress. Moreover, BaaS platforms started thinking creatively about data modeling in the relationship between banks and fintechs and through that modeling, they improved efficiency and scale. Allowing for better data sharing among multiple parties also lays the groundwork for a financial ecosystem that is more flexible and effective.

So if we’re looking at this as the next phase in financial services and we need to make sure that it has a solid footing to move forward, it needs to consist of at least the following pillars:

• Closer relationships between banks and fintechs, i.e. banks need to have their own fintech practice reporting to their board
• Modern and reliable infrastructure enabling novel partnerships; this is where BaaS platforms can thrive
• Centralized compliance system allowing for proper oversight capabilities that supports the scale enabled by the BaaS providers; it ought to demonstrate controls over each program in a much more automated way

The first two pillars are already taking shape and could be accomplished just by tweaking the existing setup. The last one still has room to grow, especially when it comes to continuous real time monitoring and visibility into all digital partners. How do you centralize all the data across multiple platforms and vendors, allowing for a deeper understanding and implementation of regulatory requirements across multiple partnerships?

This is where we see a lot of opportunity. We should learn and borrow some of what BaaS platforms have done, while introducing more structured compliance evidence gathering. The need for robust compliance frameworks that are interconnected and grounded in regulatory principles is clear. But ignoring what BaaS providers have built so far is also shortsighted as it could unlock a much more dynamic and efficient oversight system which will ultimately benefit the end user.