How to Effectively Build a Robust BaaS Program for Sponsor Banks

‍

The regulatory landscape for sponsor banks and third-party risk is continually changing. With the rise of the banking-as-a-service (BaaS) model, grasping the intricacies of compliance and risk management is more critical than ever.

‍

Insights from experts Keith Vander Leest, Sandra Asprelli, Sheetal Parikh, and Sarah Beth Felix highlight the regulatory environment, key risks, and strategic planning for a robust BaaS program. Read on for their valuable perspectives!

‍

The Impact of Regulatory Actions on Sponsor Banks

‍

Regulators are increasingly taking enforcement actions against banks and embedded banking services. While banks traditionally own the risk, the question arises: what if fintech companies could also be risk owners?

‍

Navigating the Regulatory Gray Area

‍

-Sandra Asprelli, Fraud Analyst, Patriot Bank

‍

Fintech companies are often caught in a regulatory gray area, needing more safety nets than traditional banks provide. Their customers may not have FDIC insurance, leaving them vulnerable. The fallout from regulatory actions highlights the need for a more secure framework for fintech customers.

‍

Closing the Loopholes

‍

-Sarah Beth Felix, CEO of Palmera Consulting

‍

Closing regulatory loopholes at the FinCEN level is crucial for fintech and payment companies. Early integration of data availability and hierarchy in the tech stack is essential for compliance with AML and sanctions. Fintechs that prioritize these aspects are better positioned to navigate the regulatory landscape and find a good bank partner.

‍

Filling the Gaps

‍

-Sheetal Parikh, General Counsel, CCO, Treasury Prime

‍

Amidst the negative press we have witnessed, it is important to remember that many fintech companies are filling gaps that traditional banking products and services have not been able to fill, often serving segments of the population that are otherwise underserved. Responsible innovation is key, and fintechs must understand the highly regulated nature of the financial industry to succeed.

‍

Expertise Matters

‍

-Keith Vander Leest, Head of Payments, Cross River

‍

Innovation is at the heart of fintech, but expertise in BSA/AML is critical. Fintechs need to hire experts and maintain bank-level compliance standards. An independent BSA/AML officer within the organization can ensure adherence to regulatory requirements.

‍

The Role of Bank Boards in Implementing BaaS Programs

‍

Bank boards are vital to implementing BaaS programs, though their involvement and awareness can vary. Understanding their challenges and responsibilities highlights the need for active engagement and strategic oversight.

‍

The Foresight Factor

‍

-Sheetal Parikh, General Council, CCO, Treasury Prime

‍

Not all bank boards are created equal. Some are thoughtful and deliberate in setting up BaaS programs, while others may lack the necessary foresight. The disparity in approach is evident in the varying outcomes of regulatory consent orders.

‍

Deep Engagement

‍

-Keith Vander Leest, Head of Payments, Cross River

‍

Banks specializing in fintech banking have deeply involved boards. These boards recognize the importance of actively engaging in the BaaS space, ensuring the bank remains compliant and innovative.

‍

Heads in the Sand

‍

-Sandra Asprelli, Fraud Analyst, Patriot Bank

‍

Some bank boards may have their heads in the sand, relying too heavily on passing exams and assuming all is well. When issues arise, they often need to prepare to address them, highlighting the need for proactive oversight.

‍

Strategic Planning for a Robust BaaS Program

‍

Building a robust BaaS program requires careful strategic planning, focusing on technology, innovation, and compliance. Below are some key strategies for sponsor banks and fintechs to ensure the success of their BaaS initiatives.

‍

Tech-Driven Efficiency

‍

-Keith Vander Leest, Head of Payments, Cross River

‍

Leveraging advanced technology, such as ledger capabilities and sub-ledgers, can significantly enhance the efficiency and security of BaaS programs. Sponsor banks must invest in cutting-edge technology to stay ahead of the curve.

‍

Responsible Innovation

‍

-Sheetal Parikh, General Counsel, CCO, Treasury Prime

‍

Responsible innovation is crucial for all participants in the BaaS ecosystem. Banks and fintechs must conduct thorough due diligence, understand who they partner with, and implement robust risk controls through technology.

‍

Proactive Threat Mitigation

‍

-Sarah Beth Felix, CEO of Palmera Consulting

‍

Understanding how criminals might exploit fintech products and services is essential for both banks and fintechs. By adopting a proactive approach to identifying threats and vulnerabilities, they can mitigate risks and avoid regulatory pitfalls.

‍

Leveling the Playing Field

‍

-Sandra Asprelli, Fraud Analyst, Patriot Bank

‍

Regulating fintechs like banks would create a level playing field and ensure they have more skin in the game. This approach could lead to more accountability and better compliance with regulatory standards.

‍

The Long-Term Investment in BaaS for Sponsor Banks

‍

BaaS is a long-term investment with significant upfront costs, making it crucial for sponsor banks to understand its fundamental aspects. Strategic planning and readiness are essential for banks to succeed in BaaS.

‍

Embracing the Red

‍

-Sandra Asprelli, Fraud Analyst, Patriot Bank

‍

Boards must be comfortable operating in the red initially. Many boards assume immediate profitability, but a long-term mindset is essential. Key questions around AML and risk tolerance need to be addressed upfront. If a board hesitates to bank for financial institutions, they may need more time to prepare for the complexities of BaaS. Comfort with initial losses is crucial for eventual success.

‍

Innovation and Survival

‍

-Sheetal Parikh, General Counsel, CCO, Treasury Prime

‍

Community and regional banks must innovate and partner responsibly with tech firms to remain relevant. With innovation, many smaller banks can not only thrive but expand their product offerings and customer base. Investing in BaaS is not a binary decision but a strategic necessity for long-term viability.

‍

Controlled Growth

‍

-Keith Vander Leest, Head of Payments, Cross River

‍

Caution and controlled growth are vital. Rapid expansion can lead to compliance challenges. Banks should not expect immediate growth but should focus on scaling their bank compliance functionality alongside their BaaS initiatives. Ensuring a manageable pace of growth is key to maintaining control and compliance.

‍

Assessing AML Vulnerabilities and Third-Party Risks

‍

Assessing AML vulnerabilities is important before incorporating third-party risks. Recognizing common disconnects and focusing on proper staffing and infrastructure helps manage these risks more effectively.

‍

Staffing Ahead of Time

‍

-Sarah Beth Felix, CEO of Palmera Consulting

‍

Proper staffing is essential. Many banks need more staffing to enter the BaaS space, leading to significant risks. Understaffing can result in compliance failures, especially as the volume of transactions increases. Banks must be prepared to invest in sufficient AML resources from the outset.

‍

Data Visibility

‍

-Sandra Asprelli, Fraud Analyst, Patriot Bank

‍

Data visibility is crucial for effective oversight. Banks must ensure they have access to all necessary data, even when using third-party service providers. Losing visibility into data can lead to significant operational and compliance challenges. Contingency planning and ensuring data access are paramount.

‍

Dimensioning Risk

‍

-Sheetal Parikh, General Counsel, CCO, Treasury Prime

‍

Understanding and dimensioning risk is essential. The risks associated with electronic and digital payments differ from those associated with traditional banking products. Banks must invest in quality staffing and tools to manage these unique risks effectively. Properly dimensioning risk allows for more targeted and effective risk management strategies.

‍

The Technical Nature of BaaS and Data Management

‍

The technical requirements for BaaS are evolving, prompting sponsor banks to invest heavily in data mapping and architecture. Meeting these demands involves adhering to minimum standards and adopting best practices for data management in the BaaS space.

‍

Raising the Bar

‍

-Keith Vander Leest, Head of Payments, Cross River

‍

The minimum requirements for BaaS are continually evolving. Banks must now bring data in-house rather than relying on middleware providers. This includes having visibility via sub-ledgers to individual partners and customers within pooled accounts. Ensuring that all KYC and KYB information is managed internally is crucial for effective oversight and compliance.

‍

Comprehensive Oversight

‍

-Sandra Asprelli, Fraud Analyst, Patriot Bank

‍

Bringing data in-house allows for better oversight and monitoring. Banks need the infrastructure to track the activities of fintech customers accurately. This approach ensures all necessary data is available for compliance checks and risk management.

‍

Regulatory Implications

‍

-Sheetal Parikh, General Counsel, CCO, Treasury Prime

‍

There are many regulatory implications, and many requirements for FDIC pass-through eligibility depend on proper account titling and record-keeping. Ensuring that depository institutions have access to all necessary records is vital for the protection and safety of accounts.

‍

Enhanced Monitoring

‍

-Sarah Beth Felix, CEO of Palmera Consulting

‍

Having the proper infrastructure in place allows for more effective sanctions monitoring. Proper data tagging and sub-ledger management are essential for tracking customer activities throughout their lifecycle, impacting overall monitoring effectiveness.

‍

Profitability Through Efficiency

‍

-Keith Vander Leest, Head of Payments, Cross River

‍

Keith Vander Leest pointed out that investing in advanced technologies can enhance monitoring efficiency. Banks can leverage these tools by having comprehensive data in-house to detect suspicious activities more effectively. This not only improves compliance but also contributes to overall profitability.

‍

Business Continuity and Disaster Recovery Planning

‍

Recent events have underscored the importance of robust business continuity and disaster recovery planning. Sponsor banks must ensure they are prepared for various disruptions, including those involving third-party service providers.

‍

Ensuring Data Access

‍

-Sheetal Parikh, General Counsel, CCO, Treasury Prime

‍

Solid contingency planning should be in place for maintaining operations during disruptions. Banks must ensure they have access to all necessary data, even when using third-party service providers. Losing visibility into data can lead to significant operational challenges, making contingency planning essential.

‍

Vetting Bank Partners

‍

-Sarah Beth Felix, CEO of Palmera Consulting

‍

Fintechs should also thoroughly vet their bank partners. It is crucial to ensure that bank partners have robust AML programs and sanctions processes. Fintechs should be prepared to ask detailed questions about their partners' compliance measures to ensure a long-term partnership.

‍

Evolving Standards

‍

-Sheetal Parikh, General Counsel, CCO, Treasury Prime

‍

The standards for business continuity and disaster recovery are changing. Banks must adapt to new challenges, such as venture-backed companies losing funding. Redefining what constitutes a disaster or disruption is necessary to ensure comprehensive preparedness.

‍

Unlock the Future of BaaS: Watch the Full Workshop Now!

‍

Eager to master building a strong BaaS program for sponsor banks? Discover insights from top industry professionals and navigate the changing regulatory environment. Register now to watch the entire workshop and equip your institution to thrive in the BaaS space. Stay ahead of the curve—watch the full workshop here!