Two banks explain why they are going the BaaS 'middleware' route

 Sean Willett, CEO of Lincoln Savings Bank, left. Jeff Sinnott, CEO of Vantage Bank Texas, right.
"When banks are saying we’ll go to a direct model, or we don’t agree with using these layers, the reality is, you’re still relying on some third-party technology," said Sean Willett, CEO of Lincoln Savings Bank, left. Jeff Sinnott, CEO of Vantage Bank Texas, is at right.

Banking-as-a-service middleware can be a touchy subject.

Some players in this space — broadly, vendors that connect banks to fintechs and provide matchmaking services and technology — balk at the term. They say they broker direct connections between banks and nonbanks or sell software that boosts BaaS capabilities. Largely, these companies, which include Unit, Treasury Prime and Synctera, are adapting to a stricter regulatory environment by enabling more "direct" connections between their bank clients and the fintechs they choose to partner with.

A number of financial institutions with BaaS programs insist on direct contracts only. But others say middleware has its merits — and helps them do their job better.

"When banks are saying we'll go to a direct model, or we don't agree with using these layers, the reality is, you're still relying on some third-party technology and you still have to reconcile the data coming through," said Sean Willett, CEO of Lincoln Savings Bank in Reinbeck, Iowa. "Whoever you plug in the middle does not change your responsibilities and the expectations a regulator has for you."

Bryan Mulcahey, a managing partner at financial services consultancy FS Vector, largely agrees with the notion that most bank and fintechs require a third party to support their partnership, such as a card issuer if the fintech wants to issue cards. Many middleware companies perform these same functions but layer on new technology, compliance services, sales support, and pre-existing bank relationships.

"These innovations were a logical next step for the industry, introducing meaningful efficiencies and scalability, particularly for banks unable to independently make the necessary investments," said Mulcahey. "At the same time, throughout the life of a partnership, the middleware generally reduces the frequency of the bank's interactions with the fintech and limits the depth of the relationship."

Financial institutions that entered the space before regulatory oversight intensified need to calculate whether the price of talent, risk planning and technology is worth the return.

July 26
Left to right: Curt Queyrouze, president of Coastal Community Bank. Jackie Reses, CEO and co-founder of Lead Bank. Teri Hodgett, chief risk officer of Sunrise Banks.

The $1.8 billion Lincoln Savings has a BaaS program that dates back 10 years and currently five fintech partners, including money management apps Qapital and Acorns. The bank prefers partnering with larger, more mature companies, including some that are regulated and publicly traded, rather than startups, because they typically have a higher bar to meet, understand what it means to be regulated and have the resources to invest in their banking services. (The bank will make exceptions; Willett says Lincoln Savings is speaking with a smaller firm now because his team is familiar with the founders and their previous successful venture.) Above all, Lincoln Savings wants "a philosophical alignment on regulatory compliance," said Willett.

To that end, Willett describes the bank as agnostic as to whether it works directly with a nonbank or uses one of its partners, Helix by Q2 or Unit, to underpin the relationship.

Lincoln Savings signed with Unit in the first quarter of 2024; it uses Unit to connect with and onboard clients and their end users through application programming interfaces, or APIs; book accounts; and facilitate transactions consistently and at scale. Lincoln Savings uses Helix for a similar purpose.

This kind of support "gives you a greater suite of capabilities and the ability to work with a larger array of companies than we could work with on a direct basis," said Willett, who previously started the Warsaw, New York-based Five Star Bank's BaaS program before moving to Lincoln Savings in December 2023. "We don't have that layer of capabilities. We haven't built out a similar API economy."

Banks that have run into trouble "have to some degree offloaded the responsibility [for regulatory compliance] to their middleware partner or assumed the fintech would be doing this and they are just the plumbing," said Willett. "It's still incumbent on me to understand the transactions and do the reconciliations."

With or without a tri-party agreement, Lincoln says it engages directly with its partners.

"I wouldn't want to have a relationship with somebody unless we first sat down, ex Unit, and ensure we have to be on same page" that misbehavior or irresponsibility on the part of the fintech will impair the bank's status to serve it and other clients," said Willett.

Financial institutions that work with Unit can recruit their own partners, but Unit will also introduce them to nonbank companies it thinks will be a good fit.

Unit has recently made changes to enable more direct communications between its bank and nonbank clients.

 "We've never tried to stand between clients and banks, but given the heavy emphasis on the importance of deep interactions between banks and third-party program managers, we are trying to encourage that to the maximum extent we can," said Alex Acree, chief legal officer of Unit. For instance, a fintech may submit a request to change ACH limits for certain customers through Unit's centralized communications platform, rather than through an ad hoc system of phone calls, emails or Slack messages. The sponsor bank can read and respond through the platform while maintaining an auditable trail.

One sticking point for regulators in the middleware debate, said Mulcahey, is whether these companies prevent a bank from adequately overseeing its fintech partners and appropriately managing risk.

"For many of the early bank-middleware arrangements, the answer was clearly yes," he said. "The outstanding question is whether the banks and middleware companies have made the necessary improvements or changes to the model to allow banks to meet regulators' expectations around the quality of the collaboration and oversight."

Unit partnered early on with banks that more recently entered into consent orders with regulators. In a March blog post, Unit announced that it was winding down those relationships.

"If you go back to the root cause it was either bad actions by the fintech partner, or it was a miss in terms of oversight by the bank," said Willett.

Vantage Bank Texas in San Antonio is a more recent Unit client. Its agreement with Unit marks the $4.2 billion-asset bank's entry into the BaaS and embedded finance space. It will use Unit's functionality to embed financial services such as deposit accounts and debit cards into software companies' products.. The bank also plans to use Unit's oversight tools.

Vantage's program has been three years in the making. In preparation, Vantage developed an enterprise risk framework, data lake and integration layers to connect future nonbank partners with Vantage and a potential middleware provider. It also hired a chief risk officer and discussed its strategy with its regulators. The conversations with Unit began about a year ago.

One concern was having direct access to its partners.

"We always felt it had to be a direct relationship to manage risk properly and position for the long game," said Jeff Sinnott, CEO of Vantage Bank. He sees Unit as a platform that can help the bank share data and heighten transparency with its partners, but Vantage will have ultimate responsibility for know-your-customer, anti-money-laundering and Bank Secrecy Act compliance.

"It gives us the tools we need to manage risk and stay in our risk appetite," said Sinnott. "It would take us longer to do otherwise in house."

At the beginning of its foray into BaaS, Sinnott found that very few fintechs were willing to complete Vantage's initial risk assessment. Three years later, that mindset has shifted.

"Those that would not have been interested in going through the effort of a longer onboarding process and completing those risk assessments now have the appetite to do that," said Sinnott.

There is no "right" or "wrong" structural model for these bank-fintech relationships, said Jonah Crane, partner at Klaros Group. The key questions are, who is doing what, and does the bank have the information necessary to oversee activity of its clients and ensure it is consistent with bank standards?

"In both cases, platforms can help the bank meet its obligations, and it's increasingly important that they prioritize doing so," he said.

This article has been updated to include comments from Bryan Mulcahey and Jonah Crane.

For reprint and licensing requests for this article, click here.
Risk management Fintech Technology Regulation and compliance
MORE FROM AMERICAN BANKER