Industry leaders often refer to the a16z prediction that every company would become a fintech company when talking about embedded finance. However, as the space has developed and that prediction comes closer to being true, deficiencies are starting to emerge.
Earlier this year, regulators issued a consent order to Cross River Bank, a banking-as-a-service provider, alleging that a partnered fintech had engaged in unsafe lending practices. Since then, other fintech partnerships with banks have been called into question.
This year, over 60% of US-based fintechs paid at least $250 thousand in compliance-related fines. As partnerships become more complex, with fintechs and their banking providers embedding into non-financial companies, risk compliance is expected to become even more complicated.
The rubber band is really springing back right now,” said David Jegen, Co-Founder of Fintech Sandbox and Partner at FPrime Capital. “Banking-as-a-Service was such an important part of giving birth to more startups and helping startups grow more quickly. And then we had the third wave of fintech, and we had all these front-door investments like Neo banks and robo advisors. And then we had some true infrastructure startups like Plaid and Quovo. But then we got to this embedded fintech with banking as a service.”
“What’s happening now is the regulators are saying to the partner banks that we don’t love this business model, and no matter what, you cannot outsource your regulatory duties as a bank.”
In June 2023, an interagency guidance document was published tackling the subject of third-party risk in banking. Jegen explained that, as a result, some banks were retreating from the banking as a service sector, and others had increased their scrutiny of their partnered fintechs.
However, rather than tolling the death knell for embedded finance, it could spark further maturation of the sector.
RELATED: Global newsletter: Regulators provide clarity on bank-fintech partnerships
An Opportunity for Innovation
“Embedded finance, banking-as-a-service, whatever you want to call it has existed for a really long time,” said Mitchell Lee, Chief Risk and Compliance Officer at Synctera. “At the time, people were trying to figure how to create a partnership in a way that companies can offer lending products without necessarily going out and doing all the sort of licensing that banks have to do.”
The partnership between banks and fintechs has had mutual benefits. For banks, it has allowed opportunities for innovation, particularly for smaller and regional banks that look to compete as financial services become more digital. For fintechs, it allowed startups fast-tracked access to the financial system and an ability to offer financial products that had typically only been offered by banks.
“We know that many companies are partnering because they don’t want to go through the trouble of actually becoming their own bank or buying a bank, and the partnership model is real. It makes sense. It allows some of these companies to be innovative, that gets products out to the market to serve, in many cases, underserved communities,” said Lee. “But it also means they’re still offering a banking product.”
However, that fast track has resulted in some confusion about the responsibility and oversight for compliance and associated risks. As embedded finance extends financial products to businesses that may be new to financial compliance, this confusion could be extended.
“Companies that want to offer banking products can’t look at these partnerships as compliance arbitrage,” he continued. “At the end of the day, you still have to abide by all the relevant consumer compliance rules. You’ve still got to do your transactions monitoring. You still have to be thinking about things like sanctions, screening, money laundering, and so forth. And I think you have to apply that same level of rigor.”
“The space has now become popular enough that regulators have been thinking about how do we make sure that embedded banking products that are being offered are undergoing the same level of rigor in terms of compliance and risk management that a bank would apply to their own banking products…there’s a little bit of maturity that still has to occur in our space.”
He said that although, in the short term, the scrutiny from regulators and banks could result in enforcement actions and a period of “derisking,” the actions will likely provide more clarity to the space. Eventually, it could help the sector shape its own model for self-regulation and standardization of compliance and risk.
He explained that companies offering a financial service or product had a responsibility to understand the relevant compliance, including in customer communication. While this could be a challenge for smaller companies with fewer resources, strong communication between them and the banking provider could result in successful monitoring of risks and compliance related to the product.
“There’s a role that the private sector has to play in bringing forth those best practices,” he said. “Any company that’s offering a banking product, whether they’re a bank or not, has to take some ownership of risk and compliance.”