Regulatory Challenges in BaaS: How To Navigate The Choppy Waters

Banking as a Service (BaaS) is quickly becoming a fundamental part of the financial ecosystem. It enables fintech companies to offer banking services without the need to become banks themselves. However, as this model grows in popularity, so do the regulatory challenges that banks and fintech must navigate. In a recent episode of the Breaking Banks podcast, experts from Coastal Bank and Morgan Lewis-Bockius discuss the most pressing regulatory issues facing BaaS and how the industry can respond.

What Is Banking as a Service (BaaS)?

BaaS allows non-bank companies to offer financial services by partnering with licensed banks. These banks provide the necessary regulatory compliance and infrastructure, while fintechs manage the customer experience. For example, a fintech might offer a digital wallet, but the actual banking behind it—holding funds, processing payments—is managed by a partner bank.

While this setup is convenient for both parties, it also introduces complex regulatory responsibilities, especially when things go wrong.

A flow chart demonstrating how BaaS (banking as service) works

The Regulatory Landscape of BaaS

As the BaaS model has evolved, so have its regulatory challenges. In the podcast, Alan Denson from Morgan Lewis-Bockius points out that enforcement actions are becoming more frequent, especially as the industry grapples with new regulations and expectations from authorities like the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC).

One of the biggest challenges is ensuring that BaaS programs adhere to traditional banking regulations, even though the operations often blur the lines between what is a bank’s responsibility and what falls under the fintech’s purview.

Key Regulatory Concerns

The podcast dives deep into several specific regulatory issues facing BaaS, and the experts offer their perspectives on the best ways to address them.

FDIC Insurance and Deposit Classification

One of the major regulatory challenges in BaaS is the question of deposit classification, especially concerning FDIC insurance. The FDIC’s rules around deposit insurance are designed to protect consumers. But BaaS complicates things. When a customer deposits money through a fintech, that money is often held in a pooled, or omnibus, account at a partner bank. The fintech acts as the intermediary, but the customer still expects FDIC protection.

Denson notes that many consumers misunderstand FDIC insurance and assume that it automatically applies to any bank-related service. However, the nuances of pass-through insurance—whereby a customer’s funds in an omnibus account may be insured—can be tricky. For consumers, reading through terms and conditions isn’t enough to fully understand whether their deposits are protected. It’s largely dependent on how well the FinTech and bank manage their records.

Responsibility and Accountability

Who is responsible when things go wrong in a BaaS relationship? As the experts on the podcast explain, responsibility often falls squarely on the bank. Barb McLean from Coastal Bank emphasizes that the bank, as the regulated entity, will always bear the brunt of regulatory actions.

“If it all goes poorly, it’s not the fintech or program manager who is held accountable; it’s the bank,” she says. This underscores a fundamental problem in BaaS: while fintechs may be managing much of the customer interaction, the legal and regulatory liability rests with the banks. This creates an imbalance where banks shoulder most of the risk without necessarily having full control over the customer-facing operations.

Consumer Awareness

One of the more concerning issues discussed is consumer awareness. According to the podcast, consumers often aren’t aware of the risks involved in banking through a FinTech. They see the FDIC logo on a product and assume their money is safe, without understanding the intricacies of how their deposits are actually handled.

As Kia Haslet points out, “Fintech is a victim of its own success.” Consumers don’t distinguish between banking directly with a bank versus using a fintech that partners with a bank. The perception of safety might not always match the reality. This can lead to significant issues when something goes wrong—like a data breach or a bank failure.

Proposed Solutions to BaaS Regulatory Challenges

The podcast doesn’t just lay out the problems; it also offers several solutions to help banks and FinTechs navigate regulatory challenges in BaaS.

Clearer Lines of Accountability

One way to address the regulatory challenges is by drawing clearer lines of accountability between banks and fintechs. Haslet suggests that dividing regulatory liability from credit and fraud losses is key. For example, while the bank may be responsible for regulatory compliance, the fintech should take ownership of any credit risks associated with their product.

Stronger Partnerships and Communication

McLean advocates for better communication between banks and regulators. She notes that some banks have already begun self-policing by reducing the number of fintech partners they work with. By doing so, they can focus on maintaining compliance and ensuring that their partners meet the necessary regulatory standards.

Denson adds that banks should have formal, written plans for how they will respond to changing regulations. This includes addressing potential concentration risks. One such risk is having a large portion of deposits classified as brokered overnight. These written plans can help banks demonstrate to regulators that they are proactively managing their risks.

Enhanced Regulatory Oversight

The podcast guests agree that regulators play a critical role in ensuring the safety and soundness of BaaS programs. One suggestion is that regulators could implement a “non-objection” framework, where banks must receive approval from regulators before partnering with fintechs. This would ensure that regulators have a clear view of which fintechs are operating within the system and can step in if they see potential issues.

In recent years, regulators have become more prescriptive in their oversight of BaaS. For example, the FDIC is considering new rules around daily reconciliation of sub-accounts in omnibus accounts. This would ensure that banks have a better handle on where customer funds are and how they are being managed.

The Future of BaaS Regulation

As BaaS continues to grow, the regulatory landscape will undoubtedly evolve. The experts on the podcast emphasize that while there are challenges, there are also opportunities to create a safer, more efficient system.

The key to success will be in how well banks and fintechs can collaborate with regulators. This will ensure that they are not only compliant but also that they are offering safe, reliable services to their customers. With clearer accountability, better communication, and enhanced regulatory oversight, the industry can continue to thrive.

[shows-menu]