Table of Contents
BaaS on a Global Scale
Banking-as-a-Service (BaaS) solutions bring exciting new revenue streams to the banking world. This partnership model enables many new digital banks to run on reduced customer acquisition costs and embed their services into non-financial platforms, effortlessly enhancing the customer’s experience at every touch point. The sector’s global market size was valued at $19.65 billion in 2021. According to McKinsey, the total addressable market for just European BaaS services is expected to reach a value between €90 billion and €105 billion by the year 2030, highlighting the growth trajectory of the industry.
As well as powering many of the world’s fastest-growing digital banks, such as N26, Revolut, and Monzo, BaaS is also bringing traditional financial products such as payments, lending, insurance, and investments into non-financial digital platforms in industries such as e-commerce, travel, retail, health, and more. Taking a loan to pay for a service or purchasing micro-insurance when buying high-value goods might be one example of how this could evolve.
Alex Johnson, fintech enthusiast and expert, states in his newsletter Fintech Takes,
“Fintech partnerships are one of the only viable, non-M&A ways for community banks to grow and thrive in today’s rapidly consolidating market.”
BaaS provides a great additional revenue source for traditional banks without the need to alter their financial product, as well as making banking services accessible for customers.
A recent piece written by Oliver Wyman dives into the rise of BaaS and the benefits these platforms offer banks. The piece states,
“For a financial institution, it is an opportunity to reach a greater number of customers at a lower cost. The cost of acquiring a customer is typically in the range of $100 to $200, according to Oliver Wyman analysis. With a new, BaaS technology stack, the cost can range between $5 and $35.”
BaaS services primarily target retail banking and B2C FinTech, with Point-of-Sale (PoS) financing also undergoing significant implementation of BaaS offerings. Finastra also recently reported that small business lending will emerge as one of the next key BaaS products. This expansion of services is only expected to continue.
Research shows that up to 82% of Europe’s FinTechs have become reliant on BaaS providers, with many leveraging Banking services infrastructure to enable their lean business models. The rapidly growing digital bank, Revolut, is just one example, being heavily reliant on BaaS provider Modulr.
However, both the digital banks leveraging BaaS services and their BaaS providers across the UK, US, and European Union have faced increased regulatory scrutiny over the last couple of years. In 2023, an estimated 13.5% of severe enforcement actions in the US targeted banks that provided BaaS services to FinTechs.
BaaS Partnerships Under Scrutiny
These regulatory enforcement actions only scratch the surface of a much larger problem, with many informal actions being kept private.
Jonah Crane, partner at advisory giant Klaros Group, stated that these enforcements are “because federal regulators have been getting their arms around the business models of BaaS through years of real learning through examinations, and they will be looking hard enough to identify practices with higher risks.”
However, part of the problem seems to be that businesses partnering with BaaS providers aren’t fully aware of what rules to play by, and there is a lack of guidance in BaaS regulation. The structure of these partnerships is nuanced, with varying degrees of regulatory oversight depending on their registration status with regulatory bodies, including whether they have an Electronic Money (EMI) Licence, a Payment Institution (PI) Licence, or a full banking license. There are also many new and evolving regulations BaaS providers, and their clients must adhere to, including consumer protection and Anti-money Laundering / Counter-Terrorism Financing laws. A mixture of sporadic of regulations and unclear definitions has led to institutions demanding clear and consistent regulation from key policymakers.
An Evolving Regulatory Landscape
Steps are now being taken to provide clarity within the industry, with the Federal Reserve Board and the Federal Deposit Insurance Corp. issuing the “Interagency Guidance on Third-Party Relationships: Risk Management” in 2023. FinTechs partnering with BaaS providers will need to adjust to remain compliant with these newly framed enforcements.
Several countries have demonstrated increased regulatory enforcement on the BaaS sector, with the BaaS provider Solaris being prevented from onboarding new clients without approval from the German regulator BaFin. Similarly, Bank of Lithuania’s revocation of PayrNet‘s license, as well as several interventions against other BaaS providers including Modulr, Blue Ridge Bank, Cross River and Choice Bank clearly underline the increased regulatory scrutiny faced by BaaS providers and BaaS-dependent organisations.
Moving forward, businesses choosing a BaaS partner can be expected to carry out increased due diligence measures on the infrastructure and services that they are using. Regulators have increased expectations of digital banks and FinTechs to identify a partner that takes accountability for achieving compliance, enabling them to avoid regulatory penalties as they scale.
Alex Johnson comments on the importance of choosing the right bank to partner with as a BaaS business within his case study on Evolve. Evolve’s recent data breach, due to a lack of a KYC process, is a clear example of the importance of adhering to high-security standards and the need for regulation. Johnson states, “If you choose to work with a bank that never tells you no and that it is cool onboarding new customers without even the most cursory KYC/KYB/AML checks, then you sure as sh*t better not be surprised when that bank’s systems get hacked, and all of your customers’ data gets stolen.”
Avoiding the Potential Pitfalls of Non-Compliance
So, why has the BaaS sector so far failed to deliver on its regulatory expectations, and how can providers re-emerge as the trusted partner in the room? One key challenge has certainly been the lack of flexible, customizable compliance solutions within the industry. Each organization faces unique risks and challenges based on its specific customer base, sector, location, products, scale of operations, and business model.
Integrating a customizable compliance module is, therefore, a critical part of regulatory adherence. By tailoring compliance programs, multinational businesses can ensure cross-border compliance, efficient allocation of resources, and have a laser focus on areas with the highest risk for that specific organization.
With the current state of the regulatory landscape, a uniquely customized compliance approach helps businesses quickly adapt to new standards. A streamlined, automation-first tailored compliance process also encourages growth as time spent on compliance is reduced, and efforts can be redirected toward innovation. It can even provide a competitive advantage, as organizations with such a robust compliance process can publicly evidence their commitment to user safety, privacy and preventing criminal activity. If done correctly, this will help build customer trust, grow their brand, and increase their user base.
Customized Compliance
ComplyCube’s comprehensive compliance solution covers a wide range of needs. By integrating a single API, businesses are protected from exposure to global sanctions, ensuring regulatory standards are met without relying on multiple vendors.
The platform’s flexibility also allows businesses to adjust their processes as they expand and scale into new markets, easily adjusting the compliance solution to meet nuanced requirements.
One common challenge with compliance solutions is dealing with false positives when running checks. These slow down the onboarding process and expose the organisation to missing real alerts. ComplyCube’s no-code automation rules allow for tailored automation standards, which can be adjusted in real-time to reduce false positives.
For more information on a customized compliance solution, contact our expert compliance team.
Joshua Vowles-Dent is the Business, Strategy and Partnerships Manager at ComplyCube, with a decade of experience across Financial Services, Consultancy and Regulatory Technology. At ComplyCube, he harnesses his diverse expertise—ranging from global Tier 1 banks to niche start-ups—to foster digital trust and collaboration across multiple industries and regions. Joshua drives strategic partnership development, building sustainable relationships and initiatives within the compliance landscape.
Joshua can be reached online at [email protected] and at our company website https://www.complycube.com
