In 1886, artist Georges Seurat, a French Post-Impressionist painter, introduced the world to Pointillism, a method of painting that uses individual dots of different colored paints that, when viewed from a distance, are merged by the human eye to create a complete image. Seurat’s most famous work, A Sunday Afternoon on the Island of La Grande Jatte, measures roughly 6.5 ft. by 9.8 ft. and is estimated to contain roughly 220K individual dots of paint. But, to most people, it is merely a beautiful portrait of a day at the park in the 1880s. Just as a close-up examination of Pointillism uncovers the smaller components of a painting, regulators are stepping up their scrutiny of banking-as-a-service (BaaS) in an effort to unearth its unseen risks. BaaS in a NutshellAs the significant revenue possibilities of BaaS have become clear, many financial institutions have been quick to adopt the business model. BaaS provides financial institutions with a low-cost way to expand the offerings they are able to provide small businesses — services ranging from account creation to processing lending and payments. Through BaaS, community financial institutions (CFIs) can capitalize on their banking charters. They can leverage their banking infrastructure and licenses to provide comprehensive digital and embedded financial services beyond their core systems to organizations, like fintechs, that lack these capabilities. However, as with any third-party partnership, BaaS partnerships can introduce hidden risks. Since BaaS involves relationships with multiple outside organizations, from fintechs to individual businesses, regulators are taking a close look at the financial institutions that provide this type of service. According to S&P Global, in 2023 alone, roughly 13.5% of severe regulatory enforcement actions within the US were taken against financial institutions that provide fintechs with BaaS services. BaaS Regulation ConcernsMultiple regulators oversee BaaS partnerships, from state banking regulators in each of the 50 states to the Federal Reserve Board, the Federal Deposit Insurance Company (FDIC), and the Office of the Comptroller of the Currency (OCC), among others. Given the wide breadth of regulations that financial institutions and fintechs need to be mindful of for these services, such as Know Your Customer (KYC) rules, anti-money laundering, data privacy, cybersecurity, and more, financial institutions need to be on top of their oversight. “Too many people are focused on the ‘as a service’ part — but have ‘minored’ in the banking part, if at all,” Jim McCarthy, CEO of payments platform Thredd, recently told PYMNTS when discussing the risks of BaaS. The FDIC, recently put out a request for information centered on the potential risks created by moving deposits to a different financial institution, which has some indirect implications for BaaS providers. In early 2024, the FDIC issued consent orders to two financial institutions in relation to their BaaS offerings.
- A Wyoming-based CFI. The parent company was hit with a cease-and-desist order by the Federal Reserve Bank of Kansas City related to its BaaS activities.
- A New York-based CFI. The Federal Reserve Board issued an enforcement action and fined the bank approximately $14.5MM for violations of customer identification rules and deficient third-party risk management practices.
Following these enforcement actions, both banks have discontinued or begun to wind down their BaaS offerings. The Case for BaaSWhile there are regulatory risks, BaaS can also be very beneficial to CFIs that offer these capabilities. Here are some of the perks BaaS can offer your institution:
- Revenue diversification. By offering BaaS, banks can unlock new revenue streams from fintechs and non-bank institutions through service fees, licensing, and usage-based pricing models.
- Expanded customer base. Partnering with third-party providers allows banks to reach new customer segments and demographics that may not traditionally engage with standard banking services.
- Technological innovation. BaaS encourages banks to adopt and integrate advanced technologies, enhancing operational efficiency and enabling them to stay ahead in a rapidly evolving digital landscape.
- Enhanced competitive edge. Offering BaaS positions banks as forward-thinking providers in the financial ecosystem, helping them remain relevant and competitive in a growing field of innovative financial services.
- Strengthened partnerships. Establishing BaaS capabilities fosters stronger relationships with fintechs and other organizations, creating collaborative opportunities to drive market growth and innovation.
BaaS Adoption ChecklistGiven rising demand for BaaS offerings and the attractiveness of the additional revenue source, CFIs may not necessarily want to forego this line of business. Before taking on BaaS offerings, however, CFIs should take the time to put a comprehensive plan in place regarding oversight and compliance. The following are a few things for CFIs to consider if they want to incorporate BaaS offerings:
- Devise an oversight plan. Be aware of how your organization will approach compliance oversight and have a full understanding of what regulations apply to you.
- Tailor the compliance program. Customize your BaaS compliance program to your organization’s needs so that you can have the appropriate controls in place for key risk areas. Clearly outline the compliance expectations of both parties within contracts.
- Review partnership compliance. Perform in-depth due diligence on the compliance that fintech partners have in place, both before and after entering into partnerships.
- Set third-party limitations. Limit the number of fintechs your organization works with, as well as the speed with which you bring them on. This will make it easier for you to monitor and scrutinize these agreements for compliance and performance.
The rising number of financial institutions moving into BaaS services has caught the attention of regulators, making it more important than ever for CFIs who go down this path to do so carefully and intentionally. Before moving into BaaS, CFIs should have a thorough and detailed plan in place regarding how they will handle compliance and oversight.
