16 February 2024 |

BaaS Follow-Up

By Alex Johnson

You’ll be shocked to hear this, but the essay that I published a few weeks ago on banking-as-a-service (BaaS) generated a lot of passionate feedback.

Some agreement. Some disagreement. All of it shared respectfully (which I deeply appreciate!)

Overall, I ended up learning a lot from the folks I spoke with, and so I figured it made sense to empty my notebook of all the interesting bits on BaaS nuance that I picked up and share them with you!

So, here they all are, organized as a set of questions and answers.

Is BaaS dying? The title of your last essay kinda made it sound like BaaS is dying.


All the consent orders and other drama were making it feel like BaaS was in a bit of an existential crisis, but no. Sorry if my last essay gave that impression. BaaS isn’t dying!

As I pointed out in that essay, the forces of supply and demand that govern the market for BaaS remain fairly strong. While there may be a bit more hesitancy on the part of community banks to dive into BaaS given the increased regulatory scrutiny (something that Cornerstone Advisors noted in its 2024 What’s Going On In Banking report), I don’t think that will lead to a long-term decrease in BaaS supply. Community banks just don’t have a lot of good alternatives for growth these days. Similarly, I predict an uptick in demand towards the end of 2024 and going into 2025, as VC investment in fintech picks up (and interest rates start to go down).

The people I spoke to, both on the bank and BaaS platform sides, shared my optimism.   

Do all the problems in BaaS boil down to program management?

Not all the problems, but a lot of them. Yeah. And it’s a nuanced topic, so let’s spend a few paragraphs unpacking it a bit more than I was able to in my last essay.

Banks are responsible for ensuring that everything facilitated through their charters is done in full compliance with all applicable laws and regulations. When BaaS is enabled through a middleware platform (such as Treasury Prime, Synctera, Solid, Synapse, Unit, Stripe, Helix, Increase, etc.) there has, historically, been a strong demand, from both the client (the fintech company) and the supplier (the bank), for the platform to help manage the day-to-day operational and compliance tasks involved in running a program.

Program management makes everyone’s lives easier … except when it leads to compliance failures and consent orders from prudential regulators.

And so BaaS Platforms have spent the last 5-7 years trying to figure out how to strike the exact right balance on program management.

Broadly speaking, they’ve condensed it down into three buckets:

  1. Technology The process of overseeing BaaS programs can be made significantly easier with technology. Integrating disparate systems and data, providing dashboards, monitoring program performance and generating alerts, automatically testing compliance controls, tracking document exchanges, and marketing reviews. All of these (and many more) are things that a well-designed BaaS platform can do.    
  2. Managed Services – Even with technology, there are certain required program management activities that have to be done by people. For example, Reg E (the implementing regulation for the Electronic Fund Transfer Act, which governs consumers’ rights when making electronic fund transfers using products like debit cards) requires financial institutions to allow their customers to dispute errors through written or oral notice. Translation – if you offer a debit card, you have to give your customers the option to dispute transactions over the phone. Not unreasonable, but it presents a big issue for BaaS. It’s a tough ask for early-stage fintech startups to provide a fully compliant call center for Reg E disputes. And it’s an equally tough ask for small community banks to staff a much bigger call center to support dozens of partner programs. A more appealing solution would be for the BaaS Platform to provide a centralized call center for handling Reg E disputes across all of its banks and programs. This is an example of a managed service.       
  3. Contracts & Communication – There are lots of different options for how banks and their fintech partners can work together when they are using a BaaS Platform. Is there a legal contract between the bank, fintech, and platform provider (tri-party) or just between the bank and the platform provider (bi-party)? Does the platform provider act as a go-between for the bank and the fintech (which can be very appealing for both sides), or are they required to communicate directly with each other on a regular basis?   

Technology is easy. That’s the primary value add of any BaaS Platform (and why BaaS banks that have built modern tech stacks … what I call BaaS Warp Cores … are especially potent competitors in this ecosystem).

Contracts & Communication has, traditionally, been an area where we’ve seen some differences of opinion. BaaS Platforms focused on providing program management have, in lots of cases, opted to make their clients’ lives easier by adopting bi-party contracts and acting as go-betweens for any communication between the banks and fintechs. Others have insisted on tri-party contracts and direct communication between the banks and fintechs. Recent regulatory scrutiny on BaaS has definitely pushed the BaaS Platforms towards the latter model and it wouldn’t surprise me if we see this become the default standard moving forward.

Managed services is the tricky one. The argument for it makes a lot of sense. Why make fintech startups each staff up their own call center in order to deal with disputes that are all governed in exactly the same way? I tend to agree, assuming that the financial products being offered by the fintech companies are fairly standard (and thus easy to compliantly manage through a centralized service). When fintech companies start coloring outside the lines with their products (which isn’t exactly uncommon), this model could have some issues.       

Which BaaS Platforms will avoid getting stuck in the Valley of Compliance Despair?

Building on the more nuanced explanation of program management that I just gave, I would predict that the BaaS Platforms that end up avoiding the Valley of Compliance Despair will be those that don’t disintermediate their banks from their fintech clients (tri-party contracts for the win!) and that walk a very careful line on the managed services.

I also think that the OCC, FDIC, and Fed will need to recognize that technology can be used to effectively manage much of the compliance, risk management, and governance tasks that community banks have traditionally handled with humans.

I should note that this is not the way that examiners from these regulatory agencies have been seeing it so far. From the conversations I’ve had with BaaS banks that have been going through their exams, it sounds like the default answer from regulators for how to deal with BaaS risk is to just throw more bodies at it.

Regulators – that’s a bad answer! The whole point of BaaS is that it’s a scalable way for banks to grow. If you care about creating a future where community banks thrive (and I know that you do), you have to give BaaS banks a scalable way to run compliant BaaS businesses!   

How will the market for BaaS evolve?

I think a good way to answer this question is to look at the market in terms of the client’s size and the client’s level of product differentiation.

When it comes to size, bigger is better. 

(Editor’s Note – just in BaaS, not in life! Calm down, Napoleons!)

Many BaaS banks and platforms that I have spoken with have told me that they have, recently, significantly raised the floor – in terms of annual recurring revenue or equity investment raised – for which fintech programs they will work with. The reason for this is simple – increased scrutiny from regulators has translated into higher compliance costs, which means that it is simply no longer worth it for BaaS banks to partner with companies below a specific size (unless there is overwhelming reason to suspect that the company in question will be a rocketship).

When it comes to product differentiation, the more unusual the product, the more challenging it is to support, in a cost-effective manner, through BaaS. Remember those managed services I mentioned earlier? They only work if they are being used to support standard product types and well-understood use cases.

So, how will these two factors – size and product differentiation – drive the evolution of the BaaS market?

My best guess is that the market will break into four quadrants:

Let’s start in the top right quadrant and go counterclockwise.

The fintech unicorns – your Ramps and Affirms – will have highly differentiated products, designed and built by annoyingly precise and uncompromising product managers and engineers. They will be a huge pain in the ass to work with. They will expect custom implementations and dedicated support. However, their size will make it worthwhile for BaaS providers to sell to them.

As I covered in my previous BaaS essay, this quadrant is where the BaaS Warp Cores tend to do really well.

The mainstream embedded finance quadrant is where most of the large non-finance brands that are interested in embedded finance sit. These companies see BaaS as an opportunity to leverage their massive distribution advantage to cross-sell financial products to their customers and employees in order to increase retention and/or generate a little incremental revenue. The financial products themselves aren’t particularly innovative. The differentiation is in the distribution, not the manufacturing. A good example is Lyft offering a debit card and bank account for its drivers.

This quadrant, with its vanilla products and significant scale, is highly attractive to BaaS Platforms, especially those that provide managed services that depend on standardization.

The third quadrant – small size and undifferentiated product – was chock full of generic neobanks and me-too BNPL providers during the ZIRP years. Since rates have gone up and some measure of sanity has returned to the fintech ecosystem, this quadrant has been mostly deserted, and BaaS providers have wisely decamped from it as well.

The fourth and final quadrant – niche fintech and embedded finance – is the really interesting one. This is where a lot of fintech innovation is nurtured. Some of that innovation establishes deep roots and grows up into unicorn-scale companies, but some of it just quietly chugs along, solving important problems for small (but grateful!) segments of the market (which is still a very good outcome for the overall ecosystem … unicorns are boring!)

This is the quadrant I worry about. With increasing compliance burdens driving BaaS providers to raise their floor on which programs they will even consider working with, where do these less-heralded fintech startups and niche embedded finance players turn?        

Seriously … where do they turn?

I don’t know!

But it’s a really important question and one that I hope prudential regulators are thinking deeply about.

Fintech, for all its drama, is an essential mechanism for forcing the financial services industry to build more rational products that better serve customers. We’ve seen this play out in the impact that neobanks have had on overdraft policies and fees, the impact that BNPL has had on credit card usage and product design, and the impact that fee-free stock trading has had on traditional brokerages, among many other examples.

By raising the cost of compliance in BaaS, prudential regulators (who, let’s acknowledge, have plenty of legitimate grievances with BaaS) are making it much less accessible to early-stage fintech startups and small-scale, vertical-specific embedded finance players (especially those founded by people from diverse or non-traditional backgrounds), which are critical sources of competition and innovation in financial services.

The OCC, FDIC, and Fed need to take some ownership of this problem. BaaS is a problem that they created by refusing to create accessible alternatives (special-purpose charters, an easier path for de novo charters, etc.), and now they are making the problem significantly worse without, from what I can tell, a solution (or even an acknowledgment that a solution is needed).

Where is the CFPB (the only federal financial services regulator focused on competition and customer-focused innovation) when you need it?!?     

Let’s end this essay on an optimistic note, shall we?

Sure! Here it goes …

Maybe everything we’ve been talking about is just BaaS’s awkward teenage years. Maybe the future of BaaS is going to look significantly healthier than it looks right now for the simple reason that everyone in BaaS is (slowly) becoming more serious.

Hear me out!

Regulators, as we’ve discussed, are finally paying attention to BaaS. Because of that, most banks diving into BaaS today know exactly what they are signing up for, which means the overall quality and seriousness of BaaS banks is increasing. The fintech companies looking for bank partners are, similarly, more serious today because rising interest rates and decreased VC funding have scared off most of the tourists and knuckleheads. And BaaS platforms are finally starting to align themselves around the idea that their core customers – the ones whom they must design their products around – are the banks, not the fintech companies.

How was that? Too optimistic?