Are banking-as-a-service vendors partly to blame for banks' fintech problems?

Several banks that forged banking-as-a-service partnerships with fintechs over the past few years are in talks with their regulators. The regulators say some of these partnership agreements were made with insufficient due diligence around the fintechs' business models and their ability to comply with existing rules.

But while the banks are in the hot seat, some industry participants believe banks should not shoulder all the blame for these sometimes hastily arranged partnerships. Third parties that connect banks to fintechs, providing matchmaking services and technology, are creating a systemic risk and perhaps should take some responsibility, critics say. These third parties are sometimes called banking-as-a-service vendors, sometimes BAAS platform providers, sometimes simply "connectors." Synapse and Treasury Prime fit in this category, though there are differences between them.

Detractors say these companies have pushed banks into partnerships that may not be safe or right for them, because the vendors make money off these deals but are not subject to regulatory scrutiny and punishment if things go wrong. The companies themselves say they are providing a needed service and that the banks need to do their own due diligence.

"The connectors represent themselves as, 'Hey, we've built in compliance. You don't have to worry about that,' " said Dave Mayo, CEO of the data provider FedFis and founder of the Bankers Helping Bankers BAAS Association. "Is that a true statement? We'll never know, because they're not regulated. I'm not saying all connectors are bad, and everything they do is bad, but I'm saying they reduce visibility between the chartered institution and the consumer, which is the value chain of banking." In the U.S., there are 112 BAAS banks and 483 fintechs that perform a banking function, according to Mayo. 

"There are multiple compliance layers and approval processes to launch any program," Mayo said. "Yet the only one ultimately held accountable is the BAAS sponsor bank. Their actions are saving consumers, other sponsor banks, and the fintech ecosystem from bad connectors. Most connectors are not vetting or ensuring key compliance, even though they say they are. Luckily, in many cases the banks are shutting them down rapidly."

Banking as a service providers do add another level of complexity and compliance risk to the situation, said Todd Baker, a senior fellow at the Richard Paul Richman Center for Business, Law and Public Policy at Columbia Business School and Columbia Law School and managing principal at Broadmoor Consulting. 

"They often market themselves aggressively on a promise to provide a complete compliance solution to the fintech while assuring the partner bank that their compliance infrastructure will meet bank requirements," Baker said. 

Ultimately banks are responsible for legal compliance in any fintech partnership arrangements they strike. 

"Bank regulators insist on ongoing monitoring of partner compliance effectiveness as well as due diligence on the front end," Baker said. "The added layer that BAAS provides means compliance reviews at two entities for every relationship and can be a costly operational burden for a small partner bank." 

BAAS vendors develop application programming interfaces that fintechs can use to interact with banks' core systems. Fintechs use these APIs for functions like neobank account opening, issuing a card or funding a card. Banking-as-a-service vendors often provide other services as well.

Synapse declined to comment. 

Treasury Prime provides software, but doesn't take responsibility for compliance, according to its CEO Chris Dean, a co-founder of the company and formerly chief technology officer of API banking at Silicon Valley Bank. The company has 16 bank clients and a matchmaking process for banks and fintechs. It creates diligence packets that list all of the things a bank will or won't do. 

"Some want a lot of commercial deposits," Dean noted. "Some don't want to bank cannabis businesses." A go-to-market team finds fintechs for bank clients. 

"We present each bank with the fintechs they want and we have a diligence packet that we build," Dean said. "If they want to continue, then they continue." There are always direct meetings and a contract between the bank and the fintech, he said.

Dean has seen a recent slowdown of bank-fintech partnerships. 

"Last quarter we had a significant percentage of the embedded banking folks who wanted to do business, but none of our banks would accept them, because they didn't think the fintechs were viable," he said. 

Banks cannot outsource their compliance, Dean said. "If the BAAS provider is handling compliance, I don't understand how it's going to work." 

The only public case of regulators rebuking a bank for its fintech partnerships is the Office of the Comptroller of the Currency's order against Blue Ridge Bank in September. The bank was told to correct inadequacies in its board accountability and involvement, third-party risk management, Bank Secrecy Act  and anti-money-laundering, risk management, suspicious activity reporting, and information technology control and risk governance.

Bank-fintech partnerships have brought good things for customers, Mayo noted, such as overdraft fee alternatives and earned wage access, which are becoming mainstream. 

But BAAS vendors also have carte blanche to do and say anything they want, he said.

"And they always tell you how good it is and never point out the bad," Mayo said, 

One community bank set up 40 fintech partnerships in a year, he said.

"Two in a year is reasonable; 40 is unreasonable," Mayo said. "How do you bring on 40 fintechs in a year? There's only one way to do it, and that's through a connector who bears no responsibility and makes more money the more fintech partnerships are created." 

It's still up to banks to do their due diligence, and they are being held liable. But, Mayo argues, "they are being misled by people that say this is fully compliant."

The idea that the baas providers have no culpability or that they don't care about partnership problems is incorrect, according to Dan Kimerling, founder and managing partner at Deciens Capital, which is one of the investors in Treasury Prime.

"I think it is disingenuous to suggest that baas providers have no culpability or that it's inconsequential to them," Kimerling said. "I think it's deeply consequential to them, for two reasons. One, BAAS providers need credibility with their financial institution partners. So if a baas provider brings a bank deals and those deals [fall apart], that deeply undermines their credibility with their financial institution partners. Two, BAAS providers need to have credibility with fintechs." 

But the BAAS vendors may not face consequences with regulators, he acknowledged, because they're not yet regulated. 

"What I think we need to be careful of is that we don't throw the baby out with the bath water, that we don't condemn every community bank that's trying to do something in banking as a service," Mayo said. "I think that's a great thing for community banking. It's probably the best opportunity in a generation. If we don't allow the community banks to participate at a high level on this, we're ceding it over to JPMorgan and the other largest banks. This moment in time is where I think we probably need to defend our community banks just a little bit."

For reprint and licensing requests for this article, click here.
Fintech Partnership agreement Digital banking Technology
MORE FROM AMERICAN BANKER