Knowledge and Insights

Banking on Fintech: Key Considerations for Banking as a Service (BaaS)

Over the last several years, technological advancements have transformed our lives, revolutionizing the way we connect, work and live. We leverage many applications on our phones and other devices to perform everyday tasks, including financial transactions. These apps may be utilized to send money quickly to others, purchase and sell products/services through electronic marketplaces, load a digital wallet to pay for a cup of coffee, or even secure a loan through a marketplace lender. The consumers and businesses who take advantage of these types of applications rarely stop to think about how they work. The user sets up an account, then funds are typically transferred into and out of the application and some sort of balance is carried. The money that resides in these applications are referred to as digital wallets.


Many of these applications are created and developed by fintech companies, which are not U.S. chartered banks. In order for fintech companies to provide these types of services, they must partner with a U.S. chartered bank. This partnership allows their applications to access the payment rails needed to move money, as well as securely hold the consumer’s U.S. dollars in their digital wallets. From a bank’s perspective, these partnerships are typically referred to as Banking as a Service (BaaS), as they are essentially providing the fintech access to their bank charter to facilitate their business.

BaaS can be a significant revenue source for a bank, depending on the number of fintechs they have onboarded and the maturity of the platforms and customer bases. But, like all business ventures, it comes with risks that must be properly mitigated and managed.  In order to do so, there must be open communication between the fintech and the bank. The bank needs to be vested in understanding every aspect of the fintech’s business and operations to ensure risk is properly controlled.


Consumers of these applications want payments and transactions to be processed instantly. A bank can facilitate this if they participate in real-time payment platforms. Real-time payment platforms are financial technologies that facilitate the immediate transfer of funds between accounts, typically within seconds. Unlike traditional payment methods, which can involve delays due to processing times or banking hours, real-time payment systems offer instantaneous money transfers 24/7. These platforms often operate through a centralized network that connects various financial institutions, allowing for quick and secure exchanges of funds. But with real-time payments, there is an increased risk of fraud that must be monitored in real-time by the bank and fintech partners to ensure their consumers are protected.

Other risk factors to consider are the verification of consumer identities, data protection measures, early detection of fraudulent users, and ongoing monitoring to address consumer complaints, among others. The bank needs to take the approach that the fintech is an extension of their institution, as they are leveraging their charter to conduct the fintech’s business activities. Viewing the fintech through this lens is required to mitigate risk and will reassure the bank’s primary federal and/or state regulators that operations are conducted in a safe, sound and regulatory compliant manner.


A notable recent development is that the Consumer Financial Protection Bureau (CFPB) is in the process of writing regulations to implement Section 1033 of the Consumer Financial Protection Act of 2010, Required Rulemaking on Personal Financial Data Rights. On October 19, 2023, they released the notice of proposed rulemaking. The proposed rule would require depository and non-depository entities to make available to consumers, and authorized third parties, certain data relating to consumers’ transactions and accounts; establish obligations for third parties accessing a consumer’s data, including important privacy protections for that data; provide basic standards for data access; and promote fair, open, and inclusive industry standards. This proposed rule will have a significant impact on how fintechs companies conduct their compliance activities and should be watched very closely by all banks that offer BaaS.


No matter where your bank is on this journey, whether you are looking to start offering BaaS or if you already have a well-established program, our team at Mercadien is here for you. Our Financial Institutions Services Group is comprised of industry experts that have extensive experience in the areas of BSA/AML and consumer compliance. We can partner with you by helping to set up or benchmark your program, assist in carrying out the second line of defense activities by performing compliance reviews and tasks, or by conducting third line of defense audits of your program. Contact us today to learn more about how we help financial institutions like yours across the nation effectively manage risk and maintain compliance.


DISCLAIMER: This advisory resource is for general information purposes only. It does not constitute business or tax advice and may not be used and relied upon as a substitute for business or tax advice regarding a specific issue or problem. Advice should be obtained from a qualified accountant, tax practitioner or attorney licensed to practice in the jurisdiction where that advice is sought.