Navigating BaaS Compliance Risks in 2025 and Beyond
In our latest Fireside Chat, Castellum.AI’s Peter Piatetsky spoke with Danny Schneider, Director of Financial Crimes and BSA Officer at Lead Bank, Kate Eyerman, Global Chief Compliance Officer at Blockchain.com and Joe Robinson, CEO and Co-founder of Hummingbird, a financial crime investigations platform and Castellum.AI's latest integration partner.
The discussion highlighted common compliance pain points of sponsor banks and fintechs, the importance of aligning risk appetite and data collection, and how they see the future of BaaS compliance shaping up.
Key Takeaways for Sponsor Banks and Fintechs
1. Banks and Fintechs Need to Align on Risk and Data Early
One of the biggest takeaways from the panel was how important it is for banks and fintechs to align on their risk appetite, data collection and customer onboarding strategies upfront. If these aren't aligned, it may lead to friction and make regulatory challenges even harder to manage. On the other hand, having contracts that clearly outline shared responsibilities, reporting expectations and compliance oversight would help to avoid confusion and miscommunication down the road.
"Alignment at the outset—on customer risk, data collection, and why you're comfortable with certain risks—sets you up for success. Otherwise, you’ll hit friction later."
2. The 314(b) Process: A High-Burden, Low-Value Process for Many
The 314(b) request process, while important, is seen by many, especially large banks and crypto exchanges, as a high-effort, high-risk, low-reward task. Operational inefficiencies also discourage participation. As one speaker put it:
"Crypto exchanges and payment companies are net importers of 314(b) requests. They receive far more than they send, making participation feel extraordinarily low value to them."
The panelists suggested that simplifying the process—perhaps through better technology or a centralized, shared platform, could drastically reduce the burden on compliance teams. (Which brings us to our takeaway #3)
Get your copy of the BaaS Compliance Guide for sponsor banks and fintech partners
3. Centralized Platforms Improve Compliance Collaboration
Right now, banks and fintechs lean on a web of disconnected systems to share data, which makes data-sharing highly inefficient and rife with errors.
Panelists strongly advocated for the need for a centralized compliance platform to facilitate communication and make it easier to collaborate and share information, like 314(b) requests. This also underscores why integrations like the one between Castellum.AI and Hummingbird are crucial for BaaS players.
“The use of secure, centralized, cloud-based platforms would streamline data sharing and allow teams to share data safely and securely without jumping through too many hoops.”
4. Modular Tech Solutions Are the Future of BaaS Compliance
At the same time, panelists agreed that compliance tech leaders should carefully decide what to build in-house vs. outsource to vendors. Investing engineering resources in risk rating algorithms and advanced fraud detection makes sense, but with the market of compliance vendors growing, companies are better off leveraging pre-built tools to address routine tasks like data sharing or SAR filing.
"If you’re a fintech or a bank today, the vendor market has evolved dramatically. Modularity is king—look for tools that allow seamless data exchange rather than reinventing the wheel."
The takeaway is clear: By choosing the right tech stack, organizations can reduce operational burdens, stay compliant and scale faster.
5. AI and Strong Collaboration to Cut Through the Noise
Finally, the BaaS compliance landscape is shifting fast. Banks, fintechs and regulators expect greater alignment and stronger contracts with smarter tooling. Outdated, manual processes and siloed data slow everyone down.
AI has the potential to help banks and fintechs move beyond reactive compliance by reducing false alerts and improving decision-making—but only if sponsor banks and fintechs work together.
"The real challenge isn’t just the volume of alerts—it’s that most of them are noise. Better collaboration and AI-driven insights can cut through the clutter and surface real threats faster."
When financial institutions equally share compliance responsibilities, they can leverage AI to focus on real threats instead of chasing false positives.