Banking as a Service (BaaS) is a business model that allows fintechs and other companies to partner with licensed financial institutions to provide banking services like credit cards, deposit accounts, and loans. In a BaaS arrangement, the participating company connects directly to the financial institution’s core through an application programming interface (API) integration.
BaaS is a huge opportunity for fintechs that want to offer banking services but aren’t prepared to obtain their own bank or credit union charter. There are plenty of third-party platforms that will help your company make these connections.
BaaS platforms are fintech vendors that serve as intermediaries between regulated financial institutions and fintechs like yours that want to offer banking products and services. What can BaaS platforms do to help your institution?
Related: 7 Best Practices for Aligning Fintech with Your Business Strategy
3 things BaaS platforms can’t do for your fintech
BaaS platforms can be great partners when it comes to making introductions and connecting data on the backend, but when it comes to compliance, vendor management, and risk management, proceed with caution. While some BaaS platforms say they provide end-to-end compliance, vendor, and risk management that will satisfy the strict regulatory standards of banks and credit unions, make sure you’ve done your due diligence and understand the limitations.
Financial institution compliance requires oversight of a huge range of activities. From change management and consumer protection to cybersecurity, business resiliency, and complaint management, proper compliance involves ongoing updates and reviews and the ability to track compliance among a variety of business lines and functions. It requires and an effective compliance management system (CMS).
A BaaS platform doesn’t provide that level of compliance. While BaaS platforms highlight their compliance credentials, financial institution will want to assess the effectiveness of compliance controls for all areas of compliance at your company. They will expect you to have a compliance management system and regularly report on your compliance efforts. Risk-averse by nature, financial institutions need assurance that your compliance controls are sufficient and you’re unlikely to expose their institution to too much compliance risk.
If you want to be an attractive fintech partner, take the time to review what compliance management means to your BaaS platform and if it will be enough to give financial institutions the assurance they need.
Read also: 3 Risk, Compliance & Vendor Management Mistakes that Cost a Fintech $11.5 Million in Fines
Your financial institution partners will be held legally responsible for any you take on their behalf. If you violate consumer law, experience a data breach, or go out of business and leave consumers high and dry, the regulatory agencies will hold the financial institution just as responsible as if their own employees had made the mistake.
While it’s nice to imagine that your BaaS platform provider will vet you as a vendor so financial institutions won’t have to, it’s simply too good to be true.
Decisions about vendors—and whether they align with an institution’s risk tolerance and strategic plans—aren’t made by the same criteria at every institution. Each institution is different based on its size, location, complexity, and risk tolerance. A financial institution can’t just take a BaaS platform’s word for it because the answer is different for every financial institution—and examiners will ask financial institutions to justify their decisions.
Related: Fintech Due Diligence: A Nearly Exhaustive List of Documents
Meanwhile, financial institutions will want to know that your company is on top of its own vendor management. Your third-party vendors and your financial institution’s fourth-party vendors, and they will be held accountable for their mistakes.
Don’t expect your BaaS platform to handle vendor management to the extent your financial institutions expect. If you want to be an attractive partner, you should have your own vendor management program in place.
Risk is relative. One institution’s high-risk activity is another institution’s low or moderate-risk activity. That’s why some institutions are comfortable banking marijuana businesses or sports gambling enterprises, and others aren’t.
It’s also the reason why only your financial institution partner can assess the risks of a specific activity. Third-party vendors can provide an institution with model risk assessments, advice on how to implement best practices, or software to automate and streamline risk management and reporting, but only a financial institution can make the final call. Anyone who tells your differently is wrong.
A Last Word on BaaS Platforms
Banking-as-a-service platforms have a role to play at fintechs as they seek out new partners and opportunities. They can help fintechs securely share data and even suggest new partnerships, but there are limits to the services they can provide.
When it comes to compliance, vendor management, and risk management, fintechs should take a critical eye to claims that BaaS vendors can take responsibility for these key areas. They aren’t simple or one-size-fits-all activities. If you want to be an attractive partner that shows it understands the financial services industry and its regulatory obligations, make sure you have your own compliance, vendor management, and risk management programs.
Ncontracts has the experience and expertise to help you ensure your fintech is prepared to partner with financial institutions for a safe, sound, and successful future.