Banking-as-a-Service and How Traditional Banks are Adapting
Banks have always adapted to emerging technologies and market behavior. Consider the changes to bank products, services, and pricing over just the last twenty years: borrowers can choose among a variety of competitive loan structures, and technology has shrunk the time between decision and funding to almost zero. Lenders have developed innovative, data-driven methods to evaluate credit risk. And Americans have embraced mobile banking, AI-assisted banking, and more exotic changes to the traditional banking environment.
Enter the concept of Banking-as-a-Service, or BaaS. Some see BaaS as the future of retail and commercial banking—the eventual replacement for brick-and-mortar banks. That overstates the case, but a precise definition is hard to establish. Even industry insiders disagree about how to use the term.
BaaS started with a focus on payment processing, primarily for merchants. Even now, that continues to be a focus. Customers and merchants (including online service platforms) demand nearly friction-free and immediate payment processing and product delivery. Consider nonbank services like Uber, Lyft, DoorDash, and others. The business model for those services depends on friction-free payment processing. The advantages to providers and consumers are obvious: the transaction is cash-free and the instant payment remittance and receipt gives the provider the ability to quickly deliver the purchased services/goods.
Companies have created a tremendous quantity of online architecture to allow frictionless payment processing. Once in place, that architecture opened other opportunities. BaaS began to evolve from merchant payment processing to facilitating other types of payments like rents, payroll, and person-to-person transfers. The architecture also facilitated pure online banking by institutions created for that purpose.
Banks (including neobanks) can provide other financial services through that architecture—like savings and checking accounts, debit cards, installment payment options, personal, home and home loans, online payment transfers, and even insurance products. The architecture also allows nonbank businesses to offer financial services under their own branding. Consider examples like Google Checking and Apple Card.
BaaS is sometimes explained as involving three components or “layers.” A separate business often sits at each layer:
- A consumer-facing platform that manages consumer requests and delivery of goods and services that has a banking service component like payment processing;
- An integration platform like Stripe or Flywire; and
- A bank or financial institution that complies with banking laws and regulations.
Over the past couple of decades, BaaS has opened opportunities for traditional banks. By partnering with integrating fintechs and consumer-facing businesses and platforms, banks have expanded their markets and added revenue streams. Some larger banks have tried to seize the market opportunities at the second “layer” by acquiring fintech integration services and platforms or by creating their own—this cuts out the middle layer and allows a direct relationship with the consumer-facing business. Even where BaaS has caused an erosion of traditional bank deposit models, many larger banks have adapted and moved in the direction of digital and non-geography-based banking business models. The digital move has spurred growth and allowed traditional banks to offer more services to the un-banked and under-banked. Regulators have also shifted—though more slowly—to established new rules to facilitate and accelerate this modernization process.
In many respects, BaaS continues to be an open frontier of market opportunities. But there are risks. The biggest foreseeable risks may be enhanced fraud danger and uncertain compliance with privacy regulations.
BaaS relies on secure data collection and sharing among the bank, the integration service, and the merchant. Fraud can compromise every link in that chain. With respect to data privacy, cybersecurity is always a concern, but BaaS adds some unique considerations. Consider, for example, the personal information that can be collected from a single ride-share transaction. Aside from the personal and financial information collected to process payment and delivery, the travel itinerary provides a wealth of personal information that can create legal risk if not kept secure and confidential. The information includes geo-locational mapping, travel times, and information that can be deduced from the arrival location. These risks require that all parties continue to develop practical and legal solutions.