The past five years have seen the Banking-as-a-Service (BaaS) space explode. At their core, BaaS providers allow companies - namely fintech and tech companies - to piggyback on their banking or e-money licence to easily offer financial products to their own customers through application programming interfaces.
These products include everything from physical and virtual bank accounts, access to key payment schemes, compliance checks and direct debit to trading platforms and cryptocurrency services. Research suggests that up to 82% of Europe’s fintechs rely on these BaaS providers and many, including the likes of neobank Revolut, have built their business models on them.
Despite recent economic headwinds, significant deals have continued to be made in this area and, according to McKinsey, TAM for the European BaaS market is expected to reach a value between €90 billion and €105 billion by the year 2030.
But this golden age of BaaS is not as shiny as it seems. Lightening the regulatory load for these companies - some regulated, most unregulated - leaves room for increased financial crime, such as money laundering.
What’s more, when one considers that each BaaS provider is lending its licence to hundreds of fintechs, each of which has thousands of users of its own, it becomes a systemic issue that leaves hundreds of thousands of end users at risk. On top of that, some of these providers have shown little governance over the platforms to which they lend their licence, thus increasing the probability of further criminal activity.
It is for these reasons that regulators have become increasingly interested in the most prominent BaaS players and have started taking severe action against them. The FCA, for example, has enforced customer onboarding restrictions on embedded payment platform Modulr until it can adhere to the new and revised regulations being implemented in the UK.
Similarly, German regulator BaFin has forbidden Solaris from onboarding new clients without its permission. The regulator has also ordered them to make AML-related upgrades and start imposing transfer and cash payment limits for certain accounts. In some cases, regulators have gone as far as to revoke licences altogether. The Bank of Lithuania, for instance, has stripped two of its top electronic money institutions of theirs, citing reasons such as infringements of AML laws and lack of control and governance.
Increased regulatory scrutiny will kibosh the majority of players, with only the most reputable surviving.
This regulatory crackdown is going to have a huge impact on the fintech ecosystem. Whether it is positive or negative, however, depends on a company’s stage of scale. For later-stage, established fintechs, it is prompting a flight to safety. They are utilising capital to move away from the BaaS service model and take proprietary control of their own stack, building everything they had previously outsourced themselves, from direct scheme connectivity to partnerships with Tier 1 banks. Although an initial expense and effort, having autonomy over their own financial infrastructure and technology will be more convenient, economical and safer in the long run.
Smaller start-ups that do not have the funds to build their own banking technology will have no alternative but to continue to rely on BaaS providers. Unfortunately, accessing their services will be more difficult and expensive than ever before. Increased regulatory scrutiny will kibosh the majority of players, with only the most reputable surviving.
We will also see consolidation with those BaaS providers that have their own banking licences, such as Griffin, as the onus on compliance and governance becomes much higher. The result? Fewer BaaS providers to choose from, higher fees and more restrictions (only working with regulated firms, for example), all of which will hinder and potentially wipe out the business models of these early-stage companies.
Ultimately, the demise of BaaS as we know it will have the knock-on, positive effect of cleaning up the market. Larger companies building their stack will now have to obtain a licence and be regulated in their own right, while dedicated BaaS platforms looking to succeed in this new era will have to ensure compliance and risk management are their core principles.
Pedro Batista is VP Payments & Operations at Payhawk