How BaaS Compliance Normalizes
By: Tyler Brown
JUNE 25, 2024
Compliance is hard, especially for Banking-as-a-Service (BaaS) sponsor banks. Risk multiplies with the number of partners, especially when those partners own the relationship with end customers — and banks aren’t always well-equipped for BaaS-driven growth. Enforcement orders made public as recently as this month highlight the challenges of running a compliant BaaS program, and increasingly, the associated third-party risks. With the Federal Reserve’s latest action , the number of sponsor banks that have run into trouble with regulators is now 12.
Despite the number of enforcement orders, the reasons for them often overlap. This month’s consent order had nothing new — it checked boxes for the most common lapses in BaaS risk management and compliance, including third-party risk management and oversight, restrictions on business, and BSA/AML. Most notably, references to third-party risk were everywhere in the consent order, and the Fed effectively froze the BaaS business by requiring written approval for “new partners, subsidiaries, lines of businesses, products, programs, services, or program managers.”
These endemic issues shouldn’t scare bankers away from BaaS. The regulatory action is uncomfortable for the BaaS industry because it calls into question the model’s viability for some participants. But for banks that commit to BaaS as a line of business, a byproduct of enforcement actions will be a roadmap that didn’t exist at the outset for BaaS-related compliance. Third-party risk, as most understood it before the fintech boom, was related to the systems banks used to serve their customers directly — the potential scale of third-party risk was small compared to today. Now, banks, vendors, and regulators are catching up.
Despite the uncertainty over BaaS risk and compliance, sponsor banks have some guidelines to go by. Recent interagency third-party risk guidance can be extrapolated to fintechs and other BaaS channel partners. According to the guidance, to quote another article of ours , sponsor banks need to:
One outcome of the turmoil in BaaS will be modern frameworks for risk management and compliance tailored to the model’s needs. The fundamentals of BaaS are sound, and with help from both official guidance and the best practices regulatory action implies, BaaS will remain an attractive growth opportunity for banks.
Today’s phase naturally makes bankers nervous. It will pass, but sponsor banks must first weather the storm.
领英推荐
The Tactical Plan for Working With Fintech
JUNE 27, 2024
By: Tyler Brown
Technology Implementation
Bankers’ commitment to working with fintechs is promising, suggests data from CCG Catalyst’s Banking Stability and Innovation Survey 2023. Working with fintechs was integral to business strategy for 58% of respondents, who are C-suite executives at US financial institutions (FIs). A challenge for bankers that have made that strategic decision is to define a tactical plan that makes sense for their organization with a focus on how innovation should work in practice.
As we wrote in our report “Successes in Transformation,” tactics that support innovation depend on both people factors and technical factors. People factors include the right hires, clear objectives defined by senior leadership, an environment of open mindedness, and an operational structure that supports continuous development. The technical factors often involve issues with legacy infrastructure, some of which the bank may need to solve for itself, and others that may require new partners. Both factors take time to address, and for some FIs, it’s an uncomfortable amount of change.
That process of planning, implementation, and normalization starts with structuring the organization to innovate. Innovative solutions may not even get on the agenda without the right mentality, sufficient expertise, and buy-in from the organization. Management’s deep understanding of its FI’s tech stack and its capacity to support fintech integrations follows. When the FI has those fundamentals in place, it can follow through with a technology strategy that novel fintech solutions may help fulfill. But not all fintechs fit into macro trends or the FI itself in the same way.
In the context of macro trends, bankers can divide today’s fintech solutions into two categories: Infrastructure fintechs (bank tech) and ecosystem fintechs (which connect to the FI’s technology to access data, products, or services). Those two categories increasingly overlap as infrastructure supports interactions with the fintech ecosystem via open banking or Banking-as-a-Service. That overlap is crucial particularly for banks that are exploring alternative distribution models and for correctly anticipating their customers’ desire for secure access to their financial data via nonbank solutions.
The ecosystem model has driven changes to a monolithic model for bank tech. First, the ecosystem itself is two-sided: There is ecosystem infrastructure, which enables interoperability with third parties, and there are ecosystem partners. Those partners may either be product or service-focused, like with BaaS users, or data-focused, like with apps that use open banking data. Second, the model for core banking is changing as next-generation infrastructure ties “traditional” core technology and ecosystem interoperability into the same system.
Amid those macro trends, and even for bankers enthusiastic about following them, there are sticking points to implementing a business strategy that includes working with fintechs. The biggest is likely the modernization budget , followed by inertia, fear of the unknown, or analysis paralysis . The last is the final roadblock: As we wrote , the freedom to choose integrations from fintechs or other providers requires a framework for decision-making and the capacity to evaluate products that meet the FI’s needs. For fintech solutions, that capability requires leadership’s deep knowledge of the fintech market, a nuanced vision for the bank’s technology stack, a detailed plan for the integrations they plan to add, and the right processes in place to evaluate options and onboard choices.
Partner, Compliance/Advisory/Core Modernization/Technology Innovation/Implementation
4 个月Good insights Tyler, thank you!