Compliance will be make or break for bank-fintech partnerships
Regulators need to be mindful of not blocking collaboration, writes Harsh Sinha, chief technology officer at Wise.
Bank-fintech partnerships have exploded in recent years. Rather than viewing each other solely as competitors, banks and fintechs are choosing to collaborate instead, working together to build and bring more innovative products to customers.
The benefits of partnership are clear: for banks, partnering with a fintech means being able to adopt new technologies faster and cheaper than building them in-house. For fintechs, banks offer greater resources and the opportunity to reach thousands - perhaps millions - more customers around the world. And for those customers, bank-fintech partnerships unlock more innovative ways for them to send, spend, and manage their money.
Many of these partnerships are facilitated by Banking-as-a-Service (BaaS) providers, which serve as the intermediary between banks and fintechs. These providers are particularly useful in countries where fintechs are unable to hold a banking licence or link up to payment systems themselves.
But partnerships supported by BaaS could be under threat, as examples of companies falling down on compliance have inspired fresh regulatory scrutiny across the US, UK and Europe. Consider some recent examples.
In September 2022, US-based Blue Ridge Bank filed a public agreement with the Office of the Comptroller (OCC), after the regulator raised concerns about their BaaS model and whether their compliance infrastructure could keep pace with their growth. Concerns revolved specifically around the bank’s third-party risk management, suspicious activity monitoring, and IT controls.
To meet the OCC’s new demands, Blue Ridge had to write and implement new guidelines to assess risk, appoint a compliance committee and obtain approval from the regulator before onboarding new partners.
Not long after, Solaris, a BaaS provider based in Germany, faced scrutiny from their regulator BaFin when they reported high business volumes but were found to be falling short on compliance. This resulted in a similar restriction to Blue Ridge, and Solaris must now seek approval from the regulator before onboarding new customers (customers being institutions or organisations not end customers).
Most recently in the UK, BaaS provider Railsr is being monitored by the Financial Conduct Authority (FCA) following concerns about the business’ health. Following emergency M&A talks, Railsr now looks like it will be sold through pre-pack administration. This follows an investigation by Lithuania’s central bank over Railsr’s AML failures.
With multiple incidents taking place in a matter of months, it’s understandable that regulators will increase oversight of partnerships facilitated by BaaS providers. But there is a risk that what are in reality isolated incidents could lead to a backlash that makes bank-fintech partnerships appear far riskier than they are, and put banks and fintechs off of them for good.
There may now be an impulse to introduce broad, sweeping regulation that clamps down on partnerships and BaaS. This impulse should be resisted, not because banks, fintechs and BaaS don’t want more guidelines, but because in the majority of cases, existing regulation is already working.
Most fintechs and BaaS providers already take compliance very seriously and have expert teams dedicated to keeping in line with relevant regulation. These teams will be even more vigilant given the current climate - something which is, of course, welcome. But initiating a crack down on the industry as a whole is like punishing the whole class because one student didn’t turn in their homework.
Let’s also not forget that BaaS providers and early-stage fintechs in particular already have limited and often stretched resources. Even for big banks with strong compliance arms, partnerships may start to look like regulatory quagmires that suck up resources and nullify the biggest benefit of working with a fintech, which is making innovation faster and cheaper. Ultimately, more - and more stringent - regulation will make partnerships the domain of large well-resourced companies and eliminate fresh competition, which does a disservice to the industry and consumers alike.
The truth is that regulation in its current form should be sufficient to prevent compliance failures and keep customers safe. The problem isn’t that this regulation doesn’t exist, but that some providers either aren’t taking it seriously enough, or are struggling to understand its demands.
Regulators can help. A set of specific learnings to be taken from these incidents will allow all banks, fintechs and BaaS providers to revisit their compliance procedures with fresh eyes and make sure that they have the tools in place to meet demands. This will give banks and fintechs the confidence to move forward with partnerships, and ensure that the industry and customers around the world continue to benefit from the products and services made possible by cross-industry collaboration in the years to come.