Trouble Keeps Coming for the BaaS Value Chain

CCG Catalyst Commentary

Trouble Keeps Coming for the BaaS Value Chain

By: Tyler Brown

April 30, 2024

With the bankruptcy of the Banking-as-a-Service (BaaS) platform Synapse, persistent problems with the BaaS value chain are back in focus. Among BaaS platforms, Synapse’s recent issues have just been particularly loud — competitors Bond and Rize sold themselves in 2023, Treasury Prime cut staff in February, and Synctera restructured in March. In the meantime, enforcement actions for sponsor banks have kept coming.

Three main issues have caused trouble for sponsor banks and their partners:

  • The collapse of fintech funding and investors souring on “growth at any cost” strategies.
  • The knock-on effect that fintech contraction had on infrastructure providers and sponsor banks’ businesses.
  • Risk and compliance issues every participant in the BaaS value chain has wrestled with.

On the business side, we’ve seen fintechs pivot to B2B2B propositions. We expect that trend will continue as fintechs increasingly offer technology solutions directly to financial institutions and sell embedded banking solutions to nonfinancial industries. Examples of this pivot are Treasury Prime, which announced that it would move to a “bank-direct” strategy, and Synctera, which now markets embedded banking solutions to the ecommerce, healthcare, logistics, and real estate industries.

On the enforcement side, regulators have cited sponsor banks for deficient board governance, third-party risk management, and BSA/AML, among other things. Many banks have in addition faced restrictions on their business. As we’ve covered, regulators have been clear that banks are responsible for their vendors’ and partners’ compliance with regulatory obligations and for monitoring the partner in a way that’s “appropriate for the risks associated with each third-party relationship.”

Risk management with vendors and partners becomes more difficult as partners multiply and when relationships or programs are managed by an intermediary, like a BaaS platform. Regulators are particularly attuned to the issue — as guidance puts it, intermediaries “reduce a banking organization’s direct control over activities and may introduce new risks or increase existing risks, such as operational, compliance, and strategic risks.”

There are two aspects to managing the compliance risks:

  • Partner due diligence: Ensure that the partner has diligently developed risk and compliance policies, that it strictly enforces those policies, and that it independently engages with regulators. Platforms’ partners may be a step or two removed from the sponsor bank, making the bank depend on assurances.
  • Oversight and control: Don’t accept a partner’s assurances or best efforts as a guarantee that they will meet risk and compliance obligations on the bank’s behalf. As we’ve written, technology can help banks enforce their own policies with partners and lower the risk of blowback from compliance lapses.

Missteps related to a fintech program may turn into a bigger headache and could be fatal to a BaaS strategy. The message to sponsor banks, current and prospective, is: Be diligent with your choice of platform partner, conscious of the risk that an intermediary adds to relationships with fintechs, and how that will affect risk management.