In banking, keeping people's money safe and secure is priority number one. There is an entire ecosystem that has to work together, with everyone playing their part in ensuring this safety. Even when the ecosystem sees a shift in roles and responsibilities, such as the one we're seeing now with the rise of banking as a service, or BaaS, there must be a continued commitment to safety and effective quality management.
We've seen parallels in other industries over the past few years, including air travel.
Recently, one of the key players in the air travel industry, Boeing, has come under fire for
What led to these uncharacteristic quality control issues from Boeing? As
Over the past few years, the banking industry has seen a similar supply chain shift, repositioning the roles and responsibilities for keeping customers safe. Fueled by BaaS technology, it is now easier than ever for nonbank companies to offer banking products to their customers.
While
So, what have we learned?
The rest of the industry learned that for the health of the supply chain and the protection of end users, there needs to be an end-to-end commitment to soundness and stability from all parties. Since banks ultimately bear the regulatory responsibility, they need to deeply evaluate the infrastructure they use for their BaaS programs. Irrespective of whether a bank is using a platform built specifically for BaaS or piecing different systems together, banks must have the controls and data transparency necessary to effectively keep the ecosystem safe.
Brian Brooks, former acting Comptroller of the Currency in the first Trump administration and advisor to the President-elect's transition team, said new agency heads will open up commercial real estate lending, approach credit risk management differently and privatize Fannie Mae and Freddie Mac.
Recently, this sentiment and focus on operational resilience has been echoed by regulators. In June, the OCC
Both of these actions from regulators offer a clear model of guidance that they expect banks to treat their BaaS programs just as any other line of business within the bank. Regulators have reinforced that when it comes to offering fintech or embedded finance products, banking is still banking.
Just as banks conduct thorough due diligence for the systems they license from outside suppliers such as FIS, Fiserv and Jack Henry, the systems banks use for their BaaS programs need to be treated the same way. These systems aren't just "middleware," they are the infrastructure for banks to keep track of people's money when operating a BaaS program.
Disaster recovery plans, reconciliation processes, data access rights, InfoSec policies and many other operational resilience components need to be heavily scrutinized prior to working with any infrastructure provider. BaaS is no exception.
Get this wrong and everyday people and businesses can be harmed financially.
Just as in the case of the airline industry, regardless of how the supply chain changes, everyone involved needs to work together to provide safety for consumers. As programs grow, more and more businesses and consumers will rely on BaaS-powered banking products to manage their finances. The stakes are being raised, but the banking principles that protect consumers haven't changed. When the principles of safe banking are put at the forefront, innovation does not need to come at the cost of financial instability for consumers.
