Banks believe in embedded finance’s revenue potential, but regulatory challenges persist

Engaging with technology companies to create embedded finance programs can drive significant revenue for the sponsor banks and credit unions on one side of that handshake.

Yet navigating the tricky compliance landscape remains a barrier to growth for these partnerships, the financial institutions say.

These findings emerged in a recent survey from Alloy, an identity risk management company tapped by banks, credit unions and fintech companies. Alloy’s 2024 State of Embedded Finance Report was conducted in the spring and queried over 50 decision-makers at U.S.-based sponsor banks with at least $2 billion in assets. Read the full report here.

The report found that while embedded finance programs drive significant revenue (over 50%) for sponsor banks, a majority (80%) of respondents reported that meeting embedded finance compliance requirements as a sponsor bank, which shoulder the regulatory burden unlike the technology partners, is challenging in the current environment.

Some 29% of respondents said that they were unlikely to maintain a Banking as a Service (BaaS) or embedded finance fintech partnership program going forward if the regulatory imbalance and associated costs persisted.

Embedded finance enforcement action picked up this year

Separate early 2024 data of regulatory action shows U.S. authorities are clamping down on financial organizations aligned with technology partners. Regulatory action against fintech partner banks in the first quarter made up 35% of all enforcement notices combined from the Federal Reserve, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency, according to tracking by consultants Klaros Group and shared by Klaros co-founder Konrad Alt on LinkedIn.

The result marked a steady increase from 26% of the share of enforcements a quarter earlier and 10% of the share in the same three-month period one year earlier.

The operations most under scrutiny are for BaaS. These partnerships vary but might include the banking backbone of a financial literacy app or the loan application architecture for drivers on a ride-sharing platform.

BaaS has been a potential game-changer as banks team up with fintech to compete with each other and with the broad reach of traditional tech, which can also push into payments and other financial-services offerings, again under a much lighter touch from Washington than for traditional banking. The global BaaS market is projected to reach nearly $75 billion by 2030, according to one measure.

There is significance to the timing of the early-2024 enforcement rise. The supervisory bodies have recently adopted joint guidance on evaluating third-party risks, codified last summer. Klaros did also note that the uptick in BaaS-related enforcement hit amid a doubling of total enforcement actions against banks over the same period.

And yet despite the extra resource demands for these compliance reviews and in some cases, actions, some financial institutions see only upside potential. Others believe they must adapt to how the public transacts digitally and on-the-go or increasingly lose out.

Trend points to compliance tech investing

“Running a sponsor bank program is inherently complex because you have banks who are highly regulated working with companies that are often new, fast-growing and creating entirely new ways for consumers to interact with money,” said Tommy Nicholas, CEO and co-founder of Alloy, in a statement.

“Despite the challenge, we’re already seeing sponsor banks respond to regulatory developments by investing in better controls, training and adding to their compliance tech stack,” Nicholas added.

No doubt, recent compliance violations have resulted in financial consequences for sponsor banks: Alloy’s report found that 75% of sponsor banks have lost $100,000 or more due to compliance violations, with 39% reporting losses of $250,000 or more and 6% reporting losses of $1 million or more.

However, financial losses are far from the biggest consequence of regulatory violations: decision-makers at sponsor banks ranked reputational damage as the top consequence of mishandling fintech partners’ compliance.

And respondents indicated that fintech relationships, transparency and monitoring access may have to change. Banks and credit unions often surrender oversight of the technology to the fintech partner yet are responsible for that tech when regulators come calling.

Alloy’s report found that sponsor banks say their top barriers to maintaining a compliant embedded finance program are 1.) a lack of control over their fintech partners’ policy controls and 2.) a lack of auditability of their fintech partners’ policy controls.

Teddy Gordon, director of data at Grasshopper Bank, has partnered with Alloy on technology that pushes the bank’s KYC requirements through to its fintech partner’s platform but at the same time lets that partner manage its own risk tolerance. Both parties meet independent goals and end-user customers see only seamlessness. Most importantly, the bank’s higher regulatory threshold remains within its control.

“We can easily set KYC requirements for our fintech partners and then roll those policies out to our entire program all at once. We ensure we’re compliant across the board, and our fintech partners still get to manage their own risk tolerance,” he said, in a statement.

Some 94% of survey respondents said they plan to invest in new compliance technology to help them manage their embedded finance partnerships.

Rachel Koning Beals is Senior Editor with BAI.