Banking as a service

Banking as a service (BaaS) is the provision of banking products (such as deposit accounts, loans and credit cards) to customers through non-bank or non-financial third party partnerships. The bank provides the balance sheet management, including capital, liquidity and credit risk management, while the partner company (typically a fintech) interacts directly with the customer via their proprietary app, often accessing the bank's systems and data via APIs.

"Banking as a service" stack based on the cloud stack by Scholten, derived from Lenk et al.

UML class diagram depicting banking

API-based stack

This stack can be used with a licensed bank as foundation, a BaaS as middleware, and an ecosystems of FinTechs on top.

Skinner suggested a 3-layer representation of the BaaS stack.^[1] In this stack, the underlying infrastructure-as-a-service is provided by a traditional, licensed and regulated bank. Above this bank would be the centralized middleware layer that Skinner refers to as "bank as a service". Added on to the bank as a service is a group of decomposed banking services consisting of an ecosystem of fintech startups and service providers.

With this technology, based on the BaaS-platform, it is possible to create fintech banks, which could improve banking processes and provide increased convenience for banking clients. In such a constellation, fintech banks are enabled to compete directly with banks by offering core-banking services without having to build all the products that would be needed. The API-based bank as a service platform serves as the back-end that hosts standalone independent fintech startups and integrates seamlessly with any existing back-office of traditional banks. This allows non-banks to cost-effectively launch additional financial products and expand into additional markets.^[1]

Potential consequence

The consequence of having a decomposed stack is that there are multiple ways that the customer's front-end could be presented. One way would allow the BaaP provider to appear directly as a bank to its customers. This necessitates the provision of a front-end user interface to the end-customers including user authentication and other features. The bank would appear as any other online bank where all banking services are presented and seamlessly integrated in a single user interface. Another option is that the bank will operate as a white label bank, which will then have a software as a service provider on top of the partner operating as the front-end to the end-customer.

Integrated BaaS structure vs. single service offering

A single service provider is at a greater risk of failure than a provider that offers a larger portfolio of services. Using an integrated BaaS structure efficiently provides an end-to-end value proposition that frees the service provider from having to develop all the needed peripheral services, including authentication and other security services. Those who adopt the BaaS structure are able to provide a higher level of trust than a smaller provider might do.^[2]

Regulations

Banking is a highly regulated industry throughout the world and online banks utilizing BaaS are no exception.

Europe

In Europe, BaaS for fintechs is overseen by the Payment Services Directive (PSD, 2007/64/EC) and its 2nd amendment (PSD2) that was adopted in November 2015.^[3] Banking licenses are overseen by competent national authorities in accordance to Directive 2013/36/EU and Article 14 of Regulation (EU) No 1024/2013.^[4] The eIDAS regulation provides requirements for authentication and electronic identification and trust services for electronic transactions throughout the entire end-to-end process.^[5] Additional oversight for financial and insurance transactions are provided through Directive 2004/39/EC ^[6] and Directive 2016/97/EU.^[7]

United States

In the United States, banks are highly regulated at both the state and federal levels. Regulators have issued supervisory guidance on arrangements with third-parties. A number of enforcement actions have been issued against banks involved in BaaS.

A major failure of BaaS provider Synapse led to significant loss of customer funds.

Brazil

In Brazil, BaaS is regulated by the Brazilian Central Bank within the rules of a Payment Institution.^[8] The best known BaaS' fintechs providers in Brazil are Matera, Zoop, Dock, and S3 Bank.^[9]

India

In India, BaaS is regulated by the Reserve Bank of India (RBI). On Nov 7, 2023 RBI published Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices with an objective to tighten the governance framework for technology within banking segment. The Master Direction has been in effect since April 1, 2024.^[10]

See also

• Banking portal

• Account aggregation
• Online banking
• Open banking
• Open Finance