Over the last few years, we’ve seen a surge of new fintech companies providing Banking-as-a-Service products and, more recently, “embedded finance” companies claiming that any business can launch products that make them look and feel like a bank.
The value proposition from these fintechs is clear: offer a fast track for their clients to provide financial products to their consumers or businesses. This includes everything from bank accounts, debit cards, ACH and wire transfers, mobile check deposits, and much more. It’s almost as if offering and operating traditional banking products has become a plug-and-play activity.
But it’s not really, as something crucial is missing.
Many Fintechs Are Just a New Skin for Banks
Peel back the cover on these new fintechs, and they’re a direct avenue to an existing bank. Under current regulations, this is possible because there are a number of banks willing to enable these fintechs to operate under an agency agreement. This essentially means they act as an “agent of the bank” that is sponsoring their activities, which means the end consumers (or businesses) are actually customers of the sponsor bank, whether they know it or not.
In its latest report, McKinsey calls companies using these fintechs “distributors,” underscoring their role as a conduit of financial services vs. being an actual financial institution.
How Do the Fintechs Operating Under This Model Do It?
Well, they build sexy and easy-to-onboard systems that address compliance requirements such as Know Your Customer (KYC) processes or identity management; they develop document templates and one-size-fits-all terms of service that can easily be embedded into their client’s user interfaces; and they wrap it all up in an appealing and easy-to-buy commercial proposal that attracts all types of companies that want to provide financial services, especially startups.
Easy, right? Not exactly.
All is not as it seems under the hood of these “Banking-as-a Service” enterprises. There’s a pronounced lack of clarity about who exactly a consumer actually engages with and, most importantly, who is accountable from the regulatory and consumer protection standpoint. This lack of transparency is troubling and, to my way of thinking, unethical.
So what’s the problem? The problem is that these fintechs are, in turn, enabling their clients to build mobile or web apps to serve consumers and businesses, so now the bank (which has enabled the fintech to do this) is acquiring customers through a third-party channel (who the fintechs signed a contract with) and consumers believe they are the customers of the fintech’s clients, although they’re really customers of the sponsor bank.
Confusing? Yes. When customers can’t tell who they’re doing business with, something is wrong.
But, as we know, and as it should be, providing financial services to consumers or businesses is a highly regulated activity. It’s not as simple as creating an app and some marketing materials. For the sponsor banks, the main issue with this model is how to ensure that the companies at the end of the line that are fronting their financial products stay in compliance with existing regulations. The plethora of mobile and web applications, with their own marketing strategies and development platforms, make it virtually impossible to keep track of all these businesses and audit the daily changes on each of them.
Many of these new embedded finance fintechs are actually in the business of technology development, marketing, and attracting customers rather than delivering regulated, reliable, and trustworthy financial services.
In this current landscape, the embedded finance companies protect themselves from a contractual standpoint against any financial liability by passing it on to their clients and/or by requiring insurance policies to be put in place. This places the financial risk on the companies ultimately fronting the products. Yet, the compliance risk rests entirely on the bank. There’s a fundamental flaw in the logic that the one responsible for compliance and licensing is now two steps removed from the consumer.
It takes some skill to dig far enough into the tangle of companies to actually know who is ultimately responsible and who owns the risks and liabilities. That’s not how financial services should work, and these companies shouldn’t be left to roam free, unleashed from transparency, regulation, and, most importantly: their duty to the end user.
The Office of the Comptroller of the Currency (OCC) is sending signals that they’re not asleep at the wheel of fintech’s evolution into embedded finance, and we’ve just recently had an example of how problematic these models can become. Here’s an excellent article by Jason Mikula explaining what happened.
The superficial and immediate solution to the problem seems simple: To onboard new clients of the fintechs, the banks will scrutinize those companies and perform a more thorough Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD). Additionally, the bank needs to tighten up their oversight of the activities of these companies, though this may mean that they’ll have to significantly increase their staff to monitor this activity.
This tells us that the plug-and-play days of banking products could be coming to an end because sponsor banks will at some point realize that they can’t take the liability and the risks that are involved in this model.
Embedded finance companies operating under an agent model will need to change their market approach, their software, their value propositions, and their onboarding process for new clients, and this is already happening. Though this will somewhat mitigate the problem — and maybe appease regulators for a while — it’s not addressing the main issue.A few questions come to mind and need to be considered:
- What happens if the companies fronting services directly to consumers, despite reasonable efforts from the fintechs and the banks to enforce compliance with regulations, are still non-compliant?
- What if a critical disclosure was not correctly presented to a consumer so he understands his obligations and rights?
- How are consumer protection and privacy laws ensured?
- What if the company goes bankrupt and all funds are lost?
The number of things that can go wrong in the current landscape is endless, and there’s no smart software that the fintechs can create that will completely prevent these issues. The solution needs to be deeper than that. There’s a reason regulation exists, and in the race to market for fintech companies, there’s too much blowing through stop signs. The signs are there not to slow everyone down but to ensure everyone’s safety.
Sponsor banks will ultimately be in a position where they’ll have no choice but to start shutting down fintech embedded finance programs that fall out of compliance, or they will be in serious trouble of their own with regulators. But this comes at a high cost. The banks now need to deal with all those consumers and businesses, somehow return all the funds, and take the hit on the Consumer Finance Protection Board (CFPB) complaints. The damage to their reputations that come from bad press will be deafening.
And what about the companies that were serving these products to the market? Well, they might not be around to tell the story.
Is This the End of Embedded Finance? No, It's the Beginning of a Responsible Era
Given that banks getting into this space would be required to significantly invest in auditing systems and personnel to try to oversee these programs (if they want to do it right) and still can’t prevent all the possible avenues for breaking regulations, the solution has to be within the embedded finance companies themselves.
Embedded finance companies need to be fully regulated entities with the accountability and the regulatory responsibility to provide third-party financial products to market. To operate in this space, one must follow the rules and practices put in place to protect consumers, or risk losing it all.
Money Transmitters Have the Correct Regulatory Framework
Fortunately, such a regulatory framework already exists: it’s called Money Transmission.
Money Transmitters — any business that provides money transfer services or payment instruments — are heavily regulated, and those who wish to operate in the embedded finance space will need to apply the appropriate organizational controls, adapt their business models, and obtain regulatory approval to do so. Additionally, those joining the fintech ranks need to invest in high-end automation systems that guarantee compliance or fraud prevention, alongside robust compliance departments and appropriate staffing, to ensure this crucial function works optimally.
No one builds this in a day, and getting this right requires rigor, attention to detail, and patience. Only the companies that have taken this long-term path and see past the horizon are in a position to serve this market in a truly future-proof manner.
A Single, Accountable Entity
By working with Money Transmitters, the sponsor banks will now have a single accountable entity, acting as a program manager who truly owns the customer relationship, but they will also own the financial, reputational, and compliance risk. As such, banks have significantly reduced risk to their business while still creating revenue streams, selling some of their banking products, and holding the deposits in various settlement accounts managed by the Money Transmitters.
By owning the compliance risk, regulated embedded finance companies will be responsible for scrutinizing their prospective clients through Customer Due Diligence and Enhanced Due Diligence processes as required by state regulators, and assessing the reputational and financial risks involved in allowing a business to offer third-party financial services.
Building a Long-Term, Trusted Partnership
The clients of these embedded finance companies will be partners rather than simply clients, sharing the reputational risk and sharing the benefits of the products and services they jointly bring to market. This is an important distinction. Clients come and go, but all partners have some skin in the game. Partnerships are long-term relationships, as they should be.
As a result of a true partnership, the decision-making process from these new embedded finance companies and their partners will have to take into consideration the sharing of the inherent reputational risks. On the client side, no serious company wants to risk their reputation on fintechs that are not regulated financial services players. On the money transmitters side, due to their regulatory obligations and given that they take all the risk should anything go wrong, the choice of partners will also lead to well-funded or public companies which will act responsibly in the market.
The cowboy days of embedded finance with little to no regulatory scrutiny are coming to an end. Responsible and regulated fintechs that prove the enduring value of embedded finance will prevail. This will ultimately serve the purpose of democratizing access to financial services while providing security and reassurance to their clients and end-user consumers that their money is safe and their rights are protected.