Industry

Sponsor banks & Banking as a Service: The importance of choosing the right tech vendors

BaaS allows fintechs to offer financial products and services without acquiring a banking license. Learn more.

Image of a persona employee
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • Banking as a Service (BaaS) is a model that allows fintechs to offer financial products and services without acquiring a banking license by partnering with a licensed bank (aka a sponsor bank).
  • Both the bank and fintech should conduct extensive due diligence on each other to properly mitigate risks and ensure compliance with federal and state regulations.
  • Partnering with RegTech vendors can help you operationalize your compliance program, build to scale, and fulfill regulatory requirements.

Once upon a time, fintech companies (especially riskier business types, such as money transmitters and crypto exchanges) encountered many difficulties offering products and services that would require interlay with traditional banking services, such as lending and deposits. Products such as these often require bank accounts, which are heavily regulated in the US. As time, technology, and innovation have evolved, the fintech ecosystem has seen an explosion of buzzwords permeate the landscape, not least of which is Banking as a Service (BaaS).

Banking as a Service is a model in which licensed banks integrate their banking services directly into the products of non-bank businesses. This way, fintechs can offer their customers digital banking services, such as mobile bank accounts, debit cards, loans, and payment services, without needing to acquire banking licenses of their own (a concept known as “embedded finance”). In return, BaaS providers get a whole new sector of customers and new revenue streams to tap into. The quid pro quo nature of this arrangement has been very attractive to both sponsor banks and fintechs needing banking services alike. 

The term BaaS is usually seen in tandem with the phrase “sponsor bank.” This term is typically used to describe a regulated financial institution with a US banking charter. These traditional financial institutions, such as Coastal Community Bank, primarily serve non-bank businesses, such as fintechs, to provide:

  • Use of a banking license
  • Banking and card-issuing technology
  • The corresponding products and services that come from having such licenses and technology
  • Regulatory and compliance expertise and oversight, program management functions, and other services

These services are often referred to colloquially as “payment rails,” and are what define the BaaS model. They allow fintechs to bypass the costly and time-consuming practice of acquiring their own banking licenses that they would ordinarily need to offer banking services. Additionally, partnering with a sponsor bank affords a fintech’s customers FDIC protection, as deposits are held by the bank, not the fintech. 

Due diligence: Too much is never enough

Sponsor banks are interesting entities as they themselves are strictly regulated, but they also have agency in how they monitor and regulate their fintech partners. The fintechs themselves, depending on their business model, may or may not be subject to the same level of federal and/or state regulation.

For example, a fintech that transmits money would likely be classified as a money services business (MSB) and would need to register as such — and be regulated at the federal and state levels. This means they’d need to follow certain regulatory regimes with regard to laws and standards such as the Bank Secrecy Act. However, the partner bank would still have its own duties to follow these same regimes as well.

Other types of fintechs aren’t subject to the same levels of regulation by federal or state agencies, so the question becomes, what is the correct governance structure in this landscape?

Before fintechs and sponsor banks can untangle those webs, they need to conduct appropriate due diligence on each other as a prerequisite to even signing their partnership agreement. This concept was fairly arbitrary until mid-2022 when the Office of the Comptroller of the Currency (OCC) declared that Blue Ridge Bank had failed to properly oversee their fintech partnerships and mandated that the bank take specific actions to remedy risks and gaps in their compliance program as it relates to their BaaS business line. Specifically, the OCC issued directives that Blue Ridge Bank must come into compliance with; including:

The implication of this for BaaS providers and their fintech partners is that both parties need to take a more prescriptive approach to due diligence to ensure both sides of the relationship are meeting these minimum requirements and complying with any other enhanced due diligence that might be required to mitigate identified risks.

For example, a sponsor bank might also want to ensure their potential fintech partner has appropriate consumer protection policies and procedures in place. Or, they might want to review the company’s financials and organizational structure.

On the other hand, a fintech might want to ask for proof of controls and mitigation efforts to close the gaps and assess their potential banking partner for:

  • Enforcement actions
  • Product fit
  • Speed to market
  • Cost and commercials
  • International coverage

In both instances, a thorough risk assessment is the best first step toward choosing the appropriate partnership.

Operationalizing your compliance program: Why your tech vendors matter

Once a partnership has been established, the sponsor bank and fintech have to formalize who is responsible for each aspect of the compliance process. This means getting down to the nuts and bolts of who’s drafting and revising the program documentation, conducting all aspects of Know Your Customer (KYC), investigating suspicious activity and conducting transaction monitoring, filing SARs, responding to law enforcement requests, and so on. In most cases, the sponsor bank has the final say on which party is responsible for performing each task.

Regardless of who is responsible for operationalizing each aspect of the compliance program, the importance of having the right fintech tools and resources in place can’t be underestimated. The core components of a fulsome, risk-based approach to a compliance program include complying with all pillars of the BSA, not least of which is ensuring appropriate KYC is being conducted.

KYC includes customer onboarding and identity verification — in other words, having a reasonable belief that you know who your customers are to prevent bad actors from transacting in your ecosystem. Having a scalable compliance program means having the right tech in place to handle operations such as identity verification.

Here at Persona, we serve some of the top fintech companies, including Square and Empower, and understand the unique challenges they face as they seek to comply with regulations while managing risk. That's why we’ve designed our unified identity platform with these challenges in mind. Interested in learning more? Start for free or get a demo today.

Free white paper
See how experts evaluate KYC solutions

Frequently asked questions

No items found.

Continue reading

Continue reading

How digital health apps can overcome four barriers to converting users
How digital health apps can overcome four barriers to converting users
Industry

How digital health apps can overcome four barriers to converting users

New patients might abandon onboarding if they’re confused, frustrated, or overwhelmed. Here are four ways digital health apps can improve conversion.

How to create scalable and compliant international KYB processes
How to create scalable and compliant international KYB processes
Industry

How to create scalable and compliant international KYB processes

Industry experts discuss international KYB and debunk common myths while sharing how to build a scalable global KYB process.

Trust and safety survey insights: Fighting identity fraud in the age of GenAI
Trust and safety survey insights: Fighting identity fraud in the age of GenAI
Industry

Trust and safety survey insights: Fighting identity fraud in the age of GenAI

Persona’s trust and safety survey reveals that although many fraud fighters feel effective, few have the tools to proactively mitigate identity fraud at the scale generative AI has introduced.

The role of AML in the financial industry
Industry

The role of AML in the financial industry

Financial institutions are required by law to prevent money launderers from using their platforms. Learn more.

Why does KYC matter for fintech companies?
Industry

Why does KYC matter for fintech companies?

Whether you offer a lending product or investing service, if you're a fintech company, you need to comply with KYC regulations.

Buyer’s guide to identity verification solutions
Industry

Buyer’s guide to identity verification solutions

Learn what to look for in identity verification solutions, how to assess effectiveness and cost, and more.

Ready to get started?

Get in touch or start exploring Persona today.