Staying ahead of the regulatory evolution in BaaS

Banking as a Service (BaaS) has been a catalyst for growth in the fintech market. Sponsor banks play an integral role in this model, powering fintechs to offer cutting-edge digital banking services to consumers.

Valued at $15.9 billion by some measures, the BaaS market is on an upward trajectory, with an anticipated CAGR of 17% from 2024 to 2032. The widespread adoption of BaaS initiatives by sponsor banks can be attributed to two main factors: the proliferation of fintech companies and a period of regulatory silence to date.

However, the tides have changed, and the era of regulatory ambiguity is giving way to increased scrutiny of bank-fintech partnerships. Simultaneously, the rise in digital banking has accelerated fraud. Sponsor banks must adapt to the evolving BaaS landscape to foster successful fintech partnerships moving forward.

The shifting fintech landscape

With new regulatory pressure, sponsor banks need to prove that they have demonstrable oversight of their fintech partners’ entire operations. A core component of this is fraud and compliance with long-standing regulations like AML, KYC, and CDD. Failure to comply puts sponsor banks at risk of penalties, as demonstrated in 2023 when banks providing BaaS to fintechs accounted for 13.5% of severe enforcement actions issued by federal bank regulators—an outsized figure relative to the number of banks in such partnerships.

It’s clear that sponsor banks need to have greater oversight of their fintech partners. So what’s stopping them from taking greater control over compliance and fraud protection?

The shift from ad-hoc compliance methods to having full control has introduced significant hurdles. Sponsor banks will face a combination of—if not all—the common challenges outlined below in their efforts to align with the new regulatory landscape.

1. Fragmented data sources: Orchestrating data from diverse sources is a significant challenge for every financial institution. Within the BaaS model, it becomes even more complicated, with fintechs autonomously handling data collection and fraud management and reporting directly to the sponsor bank or through a third party. Sponsor banks are then tasked with constructing a robust infrastructure capable of real-time risk oversight. Many BaaS solutions rely on too many compliance solutions, fraud prevention tools, and data sources that can’t communicate with each other. This leads to silos and issues detecting and making fraud decisions in a timely and accurate manner. When data is analyzed separately, anomalies or suspicious patterns may not be immediately apparent. For example, when a fintech sends a fraud report to its sponsor bank and the bank lacks the resources to interpret it effectively, it creates a vulnerability that fraudsters can quickly exploit. The attack can have negative consequences for customers, tarnish the fintech and sponsor bank’s reputation, and could culminate in regulatory sanctions for the bank.
2. Challenges managing multiple fintech partnerships: Fintechs are diversifying their risk by partnering with a range of sponsor banks that specialize in specific areas like deposits, credit, lending, or international payments. At the same time, fintechs are prioritizing sponsor banks with robust risk and compliance programs, becoming more selective of who they partner with. With this shift, not only are sponsor banks likely managing more fintech partners but are responsible for safeguarding customer privacy across various platforms. That requires them to segregate sensitive information from various fintechs while ensuring data integrity remains uncompromised. Doing so effectively depends on a delicate balance of innovation with cost-effectiveness and robust data security, which can be difficult to achieve without detracting from the customer experience. And in today’s fast-paced world, a friction-filled CX can have significant implications, underscoring how important it is for sponsor banks to strike this balance.

3. Real-time fraud detection and reporting: Fraud is moving faster than ever with attacks evolving in real-time. It’s impossible to adapt to new fraud attacks with outdated, non-dynamic prevention methods. These legacy solutions have slow and manual review processes that simply can’t keep up with the nature of today’s rapidly evolving fraud. The impact is significant. In 2023, consumers reported a record $10 billion lost to scams, $1 billion more than the previous year and the highest losses ever recorded by the FTC. Both sponsor banks and fintechs must be equipped to uncover and react to fraud in real time. Sponsor banks must prioritize real-time reporting and insights at the individual fintech level and the aggregated portfolio level to produce real-time business and compliance intelligence and delivery that meets all regulatory requirements.

A future-proof solution: Centralized fraud systems

Between fragmented data and broken lines of communications, emerging fraud, and a lack of modern infrastructure, all combined with the fact that sponsor banks may be managing many fintech partners, sponsor banks are vulnerable to sophisticated fraud attacks that may carry severe regulatory penalties.

The solution to these problems lies in effective, real-time data orchestration that can weave together scattered indicators and infinite fraud signals to create a more detailed picture of potential attacks. Sponsor banks must be able to aggregate a vast array of information from multiple fintech partners effectively while upholding the highest data security standards to remain compliant and save valuable time, money, and resources in the long run. Leveraging holistic fraud technology that is adaptive, real-time, and provides centralized intelligence can provide a future-proof regulatory solution.

Collaboration between sponsor banks and fintech partners is key

Gone are the days of sponsor banks taking a hands-off approach to fintech partnerships. Looking ahead, the most successful sponsor bank and fintech partnerships will be those that collaborate with data and insights to ensure effective risk and compliance measures are in place.

Ideally, banks are working closely with their fintech partners to implement effective measures that protect customers and the financial ecosystem from evolving fraud. As a baseline, every fintech should have a holistic approach to fraud prevention and regulatory risk that breaks down silos so that all data can be analyzed effectively.

Brenda Banks is Vice President, Banking-as-a-Service (BaaS), for DataVisor.