Castellum.AI

View Original

Managing Bank-Fintech Relationships in BaaS: Key Compliance and Risk Insights

Banking as a Service (BaaS) relationships have long faced regulatory scrutiny. But how will this shift with the incoming Trump Administration? What priorities should sponsor banks set to ensure their fintech partners have adequate compliance controls?

Our latest Fireside Chat, hosted by Castellum.AI CEO Peter Piatetsky, features compliance and banking experts Shabbir Husain from CFSB, Brandi Reynolds from Bates Group, and Kalyani Ramadurgam from Kobalt Labs. They dive into the challenges in sponsor bank-fintech relationships.

Here are the key takeaways from the discussion, offering a roadmap for effective third-party risk management (TPRM) and insights on regulatory shifts expected under the incoming Trump Administration.

1. Regulatory shifts in the Trump era

The regulatory landscape is set for significant changes under the incoming Trump Administration, which has signaled support for fintech innovation. Expected leadership shifts at the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB) will clarify evolving expectations for community banks and fintech partnerships. Compliance leaders must brace for new enforcement priorities and adopt best practices to avoid violations and regulatory scrutiny.

Key Insight: Proactively update compliance frameworks to align with announced or anticipated regulatory changes. Use change management tools to ensure adaptability.

2. BaaS to implement KYCC for fintech customers

The FDIC’s new brokered deposit rule changes highlight the need for banks to maintain a strong TPRM program that considers risks related to fintech partners' customers under a Know Your Customer’s Customers (KYCC) approach. Smaller community banks must assess their fintech partners’ AML and KYC capabilities and establish clear onboarding and monitoring protocols.

Key Insight: Adopt a risk-based approach to onboarding and monitoring, with tailored policies and resources to address the unique risks posed by each fintech partner.

3. Shared compliance duties between BaaS and Fintechs

A strong partnership demands mutual accountability for data quality, transaction monitoring and sanctions screening. Fintechs must deliver clean, actionable data to their partner banks, while banks must have robust systems in place to flag anomalies.

Key Insight: Strengthen communication and collaboration with fintech partners to ensure alignment on compliance priorities, while leveraging tools like the 314(b) information-sharing provisions.

4. Invest in advanced, scalable compliance technologies

Community banks are increasingly adopting technologies like AI and machine learning to tackle compliance challenges at scale. However, these systems require time and investment to implement effectively.

Key Insight: Invest in scalable compliance technology to balance short-term needs with long-term goals. Pair technology with skilled compliance staff to address immediate gaps.

5. Build resilient and future-ready compliance programs

Banks and fintechs must stay ahead of regulatory and industry changes by building resilient programs, including scenario testing, validating monitoring systems, and aligning with evolving requirements.

Key Insight: Regularly review and test compliance programs to ensure they’re robust, adaptable, and able to respond smoothly to new developments.


Simplified compliance for BaaS

Our easy-to-integrate KYC and AML screening enables banks and fintechs to grow their business.


Further Reading