If you’re tracking year-to-date news stories, Banking-as-a-Service (BaaS) has been in the hot seat.
The situation surrounding the Synapse bankruptcy and the limited ripple effect it had on some of its partner banks and sponsor banks put the entire business model under a harsh light. At this point in the year, it’s safe to say that what could have been a major crisis has been contained.
The focus is now back on BaaS as an asset for banks and FinTechs, offering technological infrastructure that fuels growth in an increasingly digital economy.
However, it’s crucial to recognize the risks involved in these partnerships.
“Bank-FinTech arrangements can provide benefits; however, supervisory experience has highlighted a range of potential risks with these bank-FinTech arrangements,” per a request for information from the Office of the Comptroller of the Currency (OCC), the Federal Reserve and the Federal Deposit Insurance Corp. (FDIC).
The document requests information about “effective risk management practices regarding bank-FinTech arrangements, and the implications of such arrangements, including whether enhancements to existing supervisory guidance may be helpful in addressing risks associated with these arrangements.”
But what are those risks? What are their potential implications? How can all stakeholders in the banking and BaaS partnership manage financial crime risks?
The topic was the most important theme sounded in a panel discussion hosted by PYMNTS with two experts: Alena Robertson, BaaS manager at New York City’s Grasshopper Bank, which is a client-first digital bank serving small businesses, startups and investors; and Chris Caruana, vice president of strategy at Hawk, a provider of artificial intelligence-supported anti-money laundering (AML) and fraud detection technology.
Both experts discussed how banks can couple appropriate third-party lifecycle management practices with effective, advanced anti-financial crime technology.
The allure of BaaS partnerships is clear. They offer banks a fast track to technological innovation and market expansion. However, as Caruana pointed out, these relationships aren’t without their pitfalls.
“There’s always been this regulatory structure and obligation on regulated entities to ensure that they have proper third-party risk management processes,” he said.
However, the waters get murky when dealing with BaaS providers, especially those that may not be regulated institutions themselves.
Robertson echoed this sentiment, emphasizing that “there are different aspects of risk all throughout the partnership.”
These risks can range from inadequate know your customer (KYC) procedures to potential gaps in AML protocols, she said. The challenge lies in maintaining regulatory compliance while using the innovative capabilities that BaaS providers bring to the table.
The stakes are high for banks entering into BaaS relationships. Consent orders from regulatory bodies like the OCC, Federal Reserve and FDIC have highlighted the potential consequences of mismanaged partnerships.
“There’s no sort of mystical ruling that’s coming from regulatory bodies around what work needs to be done,” Caruana said. “We tend to see the same themes over and over again.”
These themes often revolve around a lack of oversight and unclear delineation of responsibilities. Banks that fail to properly manage their BaaS relationships could face regulatory actions, fines and reputational damage. The message from regulators is clear: Innovation is welcome, but not at the expense of robust risk management.
While the risks are significant, they’re not insurmountable. Robertson and Caruana highlighted the role that technology, particularly AI, can play in managing financial crime risk in BaaS partnerships.
“Technology is as good of a tool as you will make out of it,” Robertson said.
She suggested using technology as a “junior analyst” to do the groundwork, whether it’s for quality control or automating regulatory obligations.
Caruana added that AI can “amplify your ability to go ahead and manage some of these risks and keep an eye on it.”
Hawk’s AI-powered solutions, for instance, can help banks monitor transactions in real time, flagging potential issues before they escalate.
As the BaaS landscape evolves, so too do the strategies for managing associated risks. One emerging trend is the standardization of risk assessment processes for these partnerships, Caruana said.
“We are now joining forces,” he said. “We’re getting closer to our InfoSec teams.”
This collaborative approach brings together traditionally siloed departments — compliance, IT and risk management — to create a more holistic view of potential threats.
Robertson added that there’s a growing recognition of the need to support the “innovation economy” while doing it right. This involves using new technologies like AI, but also ensuring that all stakeholders — banks, BaaS providers and regulators — are aligned in their approach to risk management.
When it comes to choosing financial crime risk management technology, both experts stressed the importance of alignment with a bank’s specific needs and risk appetite.
“I would suggest for each bank to look at these different providers and see what works best for you,” Robertson said.
She cautioned against a one-size-fits-all approach, noting that what works for one institution may not be suitable for another.
According to Robertson and Caruana, key factors to consider when evaluating technology include:
“Think about your risk appetite, think about what you’re taking on,” Robertson said.
The technology should adapt to the bank’s specific risk tolerance and the unique risks associated with its BaaS partnerships.
The chosen technology should integrate seamlessly with existing systems and scale to accommodate growth in digital banking and BaaS partnerships.
Robertson said considering the ability to customize rules and monitor transactions in real time is crucial for addressing the specific risks associated with each bank’s unique BaaS relationships.
As banking continues its digital transformation, partnerships between traditional banks and BaaS providers will likely become even more prevalent. The key to success in this new landscape lies in striking the right balance between innovation and risk management.
“People want to support the innovation economy, so let’s do it, but let’s do it right,” Robertson said.
This means using cutting-edge technology like AI, but also maintaining a strong foundation of risk management principles.
Caruana added a final note of caution: “The technology is sort of the front of the house, the sexy piece of the equation, right? But the good, old-fashioned, roll up your sleeves, just have some sort of support in the back of the house is also critical.”
The future of banking may be digital, but the fundamentals of sound risk management remain as important as ever. By embracing innovation and vigilance, banks can unlock the full potential of BaaS partnerships while keeping financial crime at bay.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More