BaaS is Not in Crisis: Key Insights on Compliance and Risk Management
The Banking as a Service (BaaS) industry is experiencing rapid growth, with increasing collaboration between banks and FinTechs. However, as this innovative model expands, it faces mounting regulatory scrutiny. In the latest “BaaS is Not in Crisis” webinar, hosted by Castellum.AI, compliance experts Sarah Beth Felix from Palmera Consulting and Sean Mayo from FedFis shared their views on the evolving landscape of BaaS, recent regulatory developments, and the importance of proactive compliance management.
Here are the key takeaways from the discussion, providing a roadmap for how BaaS players can navigate these challenges while capitalizing on the opportunities of this exciting sector.
1. BaaS Isn't in Crisis – It's Under the Microscope
Contrary to popular belief, BaaS is not teetering on the edge of collapse. However, it is subject to intense regulatory scrutiny, which means banks and FinTechs must stay ahead of the compliance curve. The conversation highlighted that while the BaaS model continues to thrive, industry players are operating in an environment where regulators are demanding higher levels of transparency and accountability.
Sarah Beth emphasized that BaaS programs must prepare for more robust regulatory enforcement, especially around compliance ownership. Banks are ultimately responsible for ensuring that their FinTech partners meet the necessary Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) standards, and this accountability can't be delegated.
2. Regulatory Spotlight: FDIC NPR on Custodial Accounts and FBO Accounts
One of the most significant regulatory shifts discussed was the FDIC's Notice of Proposed Rulemaking (NPR) on custodial accounts. Sean explained that this proposed rule could drastically impact how For Benefit Of (FBO) accounts at insured depository institutions (IDIs) are managed. The new guidelines would require daily reconciliations and impose tighter controls on broker deposit rules.
For banks and FinTechs operating in the BaaS space, financial transparency and end-user protection will take center stage. Ensuring compliance with these rules will not only minimize the risk of penalties but also enhance the security of customer funds. Adopting these practices before the rules take effect could be a significant competitive advantage.
3. Middleware Providers Under Scrutiny
The increasing reliance on middleware providers to facilitate the connection between banks and FinTechs was another major webinar focus. Felix and Mayo stressed that while these providers are critical in enabling BaaS, they also introduce unique compliance challenges.
The regulatory environment is shifting to ensure banks cannot outsource their compliance responsibilities to third-party providers. In other words, banks must fully own compliance, even if they leverage middleware solutions. This shift underscores the need for stronger oversight and tighter controls over third-party providers to ensure they meet regulatory standards.
For BaaS players, this means establishing clear governance frameworks that define roles and responsibilities for both banks and their FinTech partners. By doing so, banks can reduce their risk exposure and ensure compliance across the board.
4. Upcoming Joint Agency Guidance on Bank-FinTech Partnerships
The panel also touched on the upcoming joint agency guidance that is expected to provide more detailed rules around bank-FinTech partnerships. This guidance addresses key areas like middleware aggregators, third-party leveraging, and comprehensive risk management for BaaS programs.
This is a pivotal moment for the industry as the regulatory framework catches up with the rapid innovation in BaaS. The forthcoming guidance will likely emphasize the need for increased transparency and risk management accountability for all parties involved in a BaaS ecosystem. By staying ahead of these regulatory changes, banks can ensure smoother operations and avoid regulatory roadblocks.
5. Recent Consent Orders: A Warning for BaaS Players
A standout topic in the discussion was the recent consent orders issued against banks like Blue Ridge Bank and Piermont Bank. These orders serve as a clear indication that regulators are focusing on BaaS programs, particularly when it comes to compliance deficiencies in areas such as AML/CFT and third-party risk management.
For banks engaged in BaaS, these orders are a stark reminder of the consequences of inadequate risk controls. Establishing robust compliance frameworks is not just a best practice – it’s necessary to avoid hefty fines and operational disruptions. By implementing stronger risk management practices, BaaS programs can mitigate their exposure to these regulatory pitfalls.
6. The Importance of Automation in Compliance
The panelists agreed that automation is crucial to maintaining compliance within the increasingly complex BaaS model. Manual oversight of third-party risk management and AML processes is not only time-consuming but also leaves room for human error. With automation, banks can maintain real-time compliance and address risks proactively rather than reactively.
By leveraging customizable compliance tools and real-time monitoring, banks and FinTechs can streamline their workflows, reduce the burden on compliance teams, and ensure greater accuracy in identifying and managing risks.
7. Audience Insights: Aligning BaaS Programs with Long-Term Compliance
The audience raised several insightful questions, particularly about how BaaS programs can align with long-term regulatory trends. One key question asked how banks could future-proof their BaaS models against regulatory shifts that may not be fully defined yet. In response, the panelists emphasized the importance of building scalable compliance frameworks that can adapt to new regulations as they emerge.
The conversation highlighted that long-term success in BaaS depends on banks' ability to stay agile and responsive to the evolving regulatory landscape. By investing in technology that enables continuous monitoring and adapting to new regulatory requirements, BaaS players can ensure they remain compliant and competitive in the coming years.
Conclusion: BaaS – Evolving, Not in Crisis
BaaS is far from being in crisis, but it is entering a period of intense regulatory focus. Banks and FinTechs that proactively adopt robust compliance frameworks, leverage automation, and stay ahead of regulatory changes will be well-positioned to succeed in this evolving market. By taking ownership of their compliance responsibilities rather than outsourcing them, BaaS players can navigate regulatory challenges and continue to innovate in the financial services space.
As Sean aptly summarized, “The key is not to view regulation as a hurdle but as an opportunity to build stronger, more resilient systems.” By embracing this mindset, BaaS players can survive and thrive in this rapidly changing environment.
Compliance built for BaaS
Easy to integrate global KYC and AML screening. Enabling banks and fintechs to mitigate risk and grow their business.
Trusted By