Are bank-as-a-service providers partly to blame for banks’ fintech woes?
Several banks that have entered into banking-as-a-service partnerships with fintechs in recent years are in talks with their regulators. Regulators say some of these partnership deals were entered into with insufficient due diligence on fintechs’ business models and their ability to comply with existing regulations.
But while the banks are in the hot seat, some industry participants believe the banks should not shoulder all the blame for these sometimes hastily arranged partnerships. Third parties that connect banks with fintechs, offer matchmaking services and technology, create a systemic risk and should perhaps take some responsibility, critics say. These third parties are sometimes called banking-as-a-service providers, sometimes baas platform providers, sometimes just “connectors”. Synapse and Treasury Prime fit into this category, although there are differences between them.
Opponents say these companies have pushed banks into partnerships that may not be safe or right for them, because the providers make money from these deals but are not subject to regulatory scrutiny and penalties if things go wrong. The companies themselves say they provide a necessary service and that the banks must do their own due diligence.
“The links represent themselves as ‘Hey, we’ve built in compliance. You don’t have to worry about that,” said Dave Mayo, CEO of data provider FedFis and founder of the Bankers Helping Bankers BAAS Association. “Is that a true statement? We will never know because they are not regulated. I’m not saying all linkages are bad, and everything they do is bad, but I’m saying they reduce the visibility between the chartered institution and the consumer, which is the value chain of banking.” In the US, there are 112 baas banks and 483 fintechs performing a banking function, according to Mayo.
“There are multiple compliance layers and approval processes to start any program,” Mayo said. “But the only one ultimately held accountable is the Baas sponsor bank. Their actions save consumers, other sponsor banks and the fintech ecosystem from bad links. Most links do not control or ensure key compliance, even if they say they are. Fortunately, in many cases the banks close them quickly.”
Banking as service providers adds another level of complexity and compliance risk to the situation, said Todd Baker, senior fellow at the Richard Paul Richman Center for Business, Law and Public Policy at Columbia Business School and Columbia Law School and managing principal at Broadmoor Consulting.
“They often aggressively market themselves on a promise to provide a complete compliance solution to fintech, while assuring the partner bank that their compliance infrastructure will meet the bank’s requirements,” Baker said.
Ultimately, banks are responsible for legal compliance in any fintech partnership arrangements they enter into.
“Bank regulators insist on continuous monitoring of partners’ compliance effectiveness as well as front-end due diligence,” Baker said. “The extra layer that baas provides means compliance assessments at two entities for each relationship and can be a costly operational burden for a small partner bank.”
Baas providers develop application programming interfaces that fintechs can use to interact with banks’ core systems. Fintechs use these APIs for functions such as opening a new bank account, issuing a card or funding a card. Baas providers often also offer other services.
Synapse declined to comment.
Treasury Prime provides software but does not take responsibility for compliance, according to Chris Dean, the company’s co-founder and CEO, who was previously chief technology officer for API banking at Silicon Valley Bank. The company has 16 bank customers and a matchmaking process for banks and fintechs. It creates due diligence packages that show all the things a bank will or won’t do.
“Some want a lot of commercial deposits,” Dean noted. “Some don’t want to knock cannabis stores.” A go-to-market team finds fintechs for banking clients.
“We present each bank with the fintechs they want and we have a due diligence package that we’re building,” Dean said. “If they want to continue, they will continue.” There are always direct meetings and a contract between the bank and the fintech, he said.
Dean has seen a recent decline in bank-fintech partnerships.
“Last quarter we had a significant percentage of the embedded bankers wanting to do business, but none of our banks would accept them because they didn’t think the fintechs were viable,” he said.
Banks cannot outsource their compliance, Dean said. “If the baas provider handles compliance, I don’t understand how it’s supposed to work.”
The only public instance of regulators reprimanding a bank for its fintech partnerships is OCC’s order against Blue Ridge Bank in September. The bank was asked to address deficiencies in board accountability and involvement, third party risk management, bank secrecy law and anti-money laundering, risk management, suspicious activity reporting and information technology controls and risk management.
Bank-fintech partnerships have brought good things for customers, Mayo noted, like overdraft fee options and earned salary access, which are becoming mainstream.
But baas suppliers also have carte blanche to do and say what they want, he said.
“And they always tell you how good it is and never point out the bad,” Mayo said.
One community bank created 40 fintech partnerships in a year, he observed.
“Two in a year is reasonable; 40 is unreasonable,” Mayo said. “How do you get 40 fintechs in a year? There’s only one way to do it, and that’s through a link that has no liability and makes more money the more fintech partnerships are created.”
It is still up to the banks to do their due diligence and they are held accountable. But, claims Mayo, “they’re being misled by people who say this is fully compatible.”
The idea that the baas providers are not to blame or that they don’t care about partnership issues is wrong, according to Dan Kimerling, founder and managing partner of Deciens Capital, which is one of the investors in Treasury Prime.
“I think it’s disingenuous to suggest that baas suppliers are not to blame or that it’s unimportant to them,” Kimerling said. “I think it’s very important for them, for two reasons. One, baas providers need credibility with their financial institution partners. So if a baas provider comes with a banking agreement and those agreements [fall apart], which deeply undermines their credibility with their financial institution partners. Two, baas providers need to have credibility with fintechs.”
But the baas providers may not face repercussions with regulators, he acknowledged, because they are not yet regulated.
“What I think we have to be careful about is that we don’t throw the baby out with the bath water, that we don’t condemn every community bank that tries to do something in banking as a service,” Mayo said. “I think it’s a great thing for community banks. It’s probably the best opportunity in a generation. If we don’t let community banks participate at a high level in this, we’re handing it over to JP Morgan and the other big banks. This moment is where I think we probably need to defend our community banks a little bit.”
