Pedro Silva is CEO and co-founder of Alviere
In the last few years we’ve seen a surge of new fintech companies providing banking-as-service (BaaS) products, claiming that any business can launch products that make them look and feel like a bank. The value proposition from these fintechs is clear: Offer a fast track for their clients to provide financial products to their consumers or businesses — everything from bank (prepaid) accounts, debit cards, ACH and wire transfers, mobile check deposits, and much more. It’s almost like offering and operating traditional banking products is now a plug-n-play activity.
Underneath the covers, banks are enabling the fintechs
This is made possible because there are a number of banks willing to enable these fintechs to operate under an agent type model. This essentially means that these fintechs are acting as an agent of the bank sponsoring the financial activities, and the end consumers or businesses of their clients are actually customers of the sponsor bank, whether they know it or not.
So how do the fintechs operating under this model do it? Well, they build sexy and easy to onboard systems that address compliance requirements such as KYC or identity management, they develop document templates and one-size-fits-all Terms of Service that can be easily embedded into their client’s user interfaces, and they wrap it all up in an appealing and easy to buy commercial proposal which attracts all types of companies that want to provide financial services (especially startups). Easy, right?
So what’s the problem? The problem is that these fintechs are in turn enabling their clients to build mobile or web application interfaces to serve consumers and businesses, so now the bank (who has enabled the fintech to do this) is acquiring customers through a 3rd-party channel (who the fintechs signed a contract with) and consumers think they are the customer of financial products of the latter company, although they’re really becoming customers of the sponsor bank. Confusing?... Yes.
But, as we know and rightfully so, providing financial services to consumers or businesses is a highly regulated activity. For the sponsor banks, the main issue of this model is how to ensure that the companies at the end of the line that are fronting their financial products stay in compliance with the existing regulations. The plethora of mobile and web applications, with their own marketing strategies, development platforms and addressable markets makes it virtually impossible to keep track of all these businesses and audit the daily changes in each of them.
From the contractual standpoint, the embedded finance companies protect themselves against any financial liability by passing it on to their clients and/or by requiring insurance policies. The financial risk is on the companies ultimately fronting the products. The compliance risk is entirely on the bank.
Regulatory oversight
The OCC is giving signs that they’re not asleep, and we’ve just recently had an example of how problematic these models can become (see this excellent article by Jason Mikula explaining what happened). The superficial solution to the problem seems simple: To on-board new clients of the fintechs, the banks will scrutinize those companies, and perform a more thorough Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) on these companies, plus, the bank needs to tighten up their oversight over the activities of these companies.
This change alone tells us that the plug-and-play days for banking products could be coming to an end. Embedded finance companies operating under an agent model will need to change their market approach, their software, their value propositions, and also the onboarding process for new clients - this is already happening. But although this will somewhat mitigate the problem, and maybe appease regulators for a while, it’s not addressing the main issue.
What happens if the companies fronting services directly to consumers — despite all the reasonable efforts from the fintechs and the banks to enforce compliance with regulations — are still non-compliant? What if a critical disclosure was not correctly presented? How are consumer protection laws ensured? What if the company goes bankrupt and all funds are lost? The number of things that could go wrong is endless, and there’s no smart software the fintechs can build that will completely prevent this. The solution needs to be deeper than that.
Sponsor banks will ultimately be in a position where they’ll have no choice but to start shutting down programs that fall out of compliance or otherwise be in serious trouble of their own with the regulators… but this comes at high cost. The banks now need to deal with all those consumers and businesses (that are their customers, remember?), somehow return all the funds back, take the hit on the CFPB complaints, and suffer the reputational damage that comes from bad press. And the companies that were serving these products to the market? Well… they might not be around to tell the story.
So what’s the solution? Will this be the end of embedded finance? No, it’s the beginning.
Given that banks getting into this field would have to significantly invest in auditing systems and personnel to try to oversee these programs and still can’t prevent all the possible avenues for breaking regulations, the solution has to be in the embedded finance companies, ie. they need to be regulated entities with the accountability and the regulatory responsibility to provide third-party financial products to market. Fortunately, such a regulatory framework already exists: It’s called Money Transmission.
Money Transmitters are heavily regulated, and those who wish to operate in the embedded finance space will need to apply the appropriate organizational controls, adapt their business models and obtain regulatory approval to do so, and invest in high end automation systems that guarantee compliance or fraud prevention, alongside robust compliance departments and appropriate staffing. You don’t build this in a day, and only the companies that have taken this long-term path are in a position to serve this market in the long-term.
By working with Money Transmitters, the sponsor banks will now have a single accountable entity, acting as a program manager, who owns the customer relationship but also the financial, reputational and compliance risk. As such, they’ve de-risked their business while still creating revenue streams, selling some of their banking products and holding the deposits in various settlement accounts managed by the Money Transmitters.
The regulated embedded finance companies, that will now own the compliance risk, will have the responsibility to scrutinize their prospective clients not only through Customer Due Diligence and Enhanced Due Diligence processes as required by state regulators, but also on the reputational and financial risks that are involved in allowing a business to offer their third-party financial services. The clients of these embedded finance companies will tend to be partners and not only clients, sharing the reputational risk but also sharing the benefits of the products and services that they jointly bring to market.
As a result of that, the decision making process both from these money transmitters and their clients, to partner and share the inherent reputational risks will tighten up. On the client side, no serious company wants to risk their reputation on fintechs that are not serious and regulated financial services players; and on the money transmitters side, due to their regulatory obligations and given that they take all the risk should anything go wrong, the choice of partners will also tend towards well-funded or public companies that will act responsibly in the market. Small startups will have a hard time finding fintechs that support them in the long run, and the companies fronting these services will likely be large tier-1 companies.
As the cowboy days of embedded finance are coming to an end, the responsible and regulated fintechs will prevail, ultimately serving the purpose of democratizing financial services, while providing security and reassurance to their clients that ensure consumer protection and have a vested long term interest in servicing these customers.
