How BaaS Works
Banking-as-a-Service has become THE dynamic solution in fintech to digitally deliver a customer-centric, bank product into the market quickly. BaaS providers have been able to provide a banking infrastructure through APIs (application programming interfaces) that can be implemented and launched in months without monetary licenses (for most use cases) or large rounds of capital.
APIs can be visualized as Lego blocks that fit together to form a banking core framework — through a series of API calls a user can be created, and transactions executed. Further customization is then layered on top to set up deposit accounts, debit cards or credit cards, and loans.
API-based Banking-as-a-Service stack is delivered in three layers:
- The bottom level represents the traditional, nationally-chartered financial institution (bank) that partners with the BaaS provider — also known as “Infrastructure-as-a-Service (IaaS) layer.”
- The middle represents the “Bank-as-a-Service layer” that maps out banking services customized as an ecosystem for FinTech startups and other companies, to deliver products to end users. This part of the stack sends data back and forth between the bank and FinTech, through the BaaS provider as an intermediary.
- The top layer is the FinTech company that interfaces with the end user — receiving data from customers on transaction requests that it sends to the BaaS layer. The BaaS provider also sends data from the bank to the FinTech as responses to transactions requests.
As the Banking-as-a-Service sector evolves to incorporate a cloud-based stack, larger tech companies with banking licenses would be able to remove the layers. A potential example would be Amazon Web Services obtaining financial licensing and becoming a premier IaaS provider that also provides server hardware.
Additionally, banks in this model can develop Banking-as-a-Platform (BaaP) and deliver “FinTech SaaS”, allowing companies to directly plug into their core infrastructure for banking products on-demand — without need of a BaaS provider to be in the middle. The result would be a virtual marketplace for purchasing and launching bank products.
Open banking is a financial services term as part of financial technology that refers to:
- The use of open APIs that enable third-party developers to build applications and services around the financial institution.
- Greater financial transparency options for account holders ranging from open data to private data.
- The use of open-source technology to achieve the above.
It is linked to shifts in attitudes towards the issue of data ownership illustrated by regulations such as GDPR and concepts such as the open data movement. The banks turn into financial service platforms, technically implemented through a Banking as a Service-concept.
Around the world, the access and benefits of Banking-as-a-Service fueled the Open Banking. Born from regulation pushing banks to open access of client data to 3rd parties, open banking has spawned the popular independent banking brands we see such as Revolut, Chime, and Monzo. Even though sharing data openly is now required, financial institutions are still cautious of risk exposure to their customers due to poor external controls and security.
Globally, open banking is in stages of development influenced by a varied regulatory landscape of data access:
- Europe: Known as a region to pioneer open-banking, Payment Services Directive (PSD) and its 2nd amendment (PSD2) were landmarks introduced in November 2015. With established standards for an ecosystem of regulation, infrastructure, and authorizations favoring 3rd-parties, there were no early barriers to open banking.
- Africa: Due to the critical need for the industry to have widespread, mobile-based reach in underserved and remote areas, national regulation must impact both telecommunications and financial markets. Nigeria (and other countries in the region) has launched an Open Technology Association to develop API standards for open banking.
- Asia: Due to similar fragmentation in jurisdictions, a unified regulatory framework has been difficult to achieve — however, positive changes are on the way. Hong Kong’s monetary authority released reporting on open APIs for the development of an open banking ecosystem. Also, Japan has made several revisions to banking laws in 2017 that will require collaboration between banks fintechs using APIs, by end of 2019.
- Mexico and Latin America: Recent positive changes are in the works, as Mexico passed FinTech laws requiring banks to create open APIs. In South America, Brazil and Chile have also developed new rules for open banking.
- United States: Having multiple agencies highly regulating banking at both state and federal levels, open innovation from non-bank financial service providers has struggled to flourish. The Securities and Exchange Commission (SEC) is the leading agency responsible for the majority of regulatory enforcement, with other responsibilities monitored by the Financial Crimes Enforcement Network (FinCen) and the Office of the Comptroller of the Currency (OCC). Banks have slowly taken the lead in forming independent groups to review revisions for open banking but have no impulse to make changes quickly.
- Canada: The Department of Finance recently launched a separate Advisory Committee on Open Banking to gather information on how to drive necessary changes for growth.
- Australia: Despite not having PSD-type regulation, the country has still made strides for banks to open access to accounts and data by February 2020, and debt-type accounts (e.g. personal loans, mortgages, other asset-based financing) by July 2021.
Overall, the United Kingdom (and greater EU), and Australia are early adopters and drivers of approved open banking environments. Due to transparent regulatory conditions allowing 3rd party access of bank data, and clear ownership of an individual’s personal information — these regions will continue to lead the pack globally. As of September 2019, there are 143 financial services providers (monitored by UK’s Financial Conduct Authority, aka FCA) registered for open banking.
Despite having an established reputation for financial services innovation, the United States and Asia are considered industry laggards in open banking due to the lack of regulatory guidance and infrastructure for banks to openly work with fintech companies. Once these regions move away from ‘reviewing’ to ‘acting’ on open banking initiatives, the global leadership will start to quickly change.
The Future of Banking-as-a-Service
The future of BaaS will be a much more mature, refined, and optimized version of what is seen today. The definition of BaaS will be split into multiple subcategories with new market entrants, especially large tech giants that have been standing on the sidelines. In the next few years, the industry will grow to become transparent as firms and regulators will work together to bring all banking services via API.
This enhanced model of banking will push out banking services to apps and other pieces of software. Consumers no longer need to go to a bank OR talk to a person (due to AI-enabled bots) to complete any banking activity. The absence of the “human touch” will dramatically change a primary banking relationship as users can quickly switch their banking to new companies that deliver on individual financial wellness goals, such as long-term wealth and debt management.
Cyber-crime will remain a constant and serious threat in banking. The introduction of added gateways through APIs has increased levels of risk, which require enhanced firewalls and other controls to prevent intrusions. How a company onboards users virtually will be critical in determining secure KYC protocols and authentication standards, while balancing a valuable user experience. Being able to create and protect digital fingerprints that validate an end user quickly without requesting re-entry of personal information and physical ID, will lead to dramatic industry growth and trust.
Overall, the Banking-as-a-Service sector will achieve mainstream adoption in the next decade as consumers demand the best from financial services providers.
Players within BaaS will start to overlap as banks become more “FinTech-like” and Fintechs build the same banking capabilities from a less regulated landscape. New competition will come from tech giants that have established customer groups who would benefit from the same brand of innovation, but in their financial lives.
Risk and controls will evolve to protect critical customer data but allow for a smoother process for identity verification across multiple companies and services.
Consumers will consolidate their deposit balances with companies that are able to deliver a full ecosystem of financial services customized and adaptable to their changes in life — regardless if banks, fintechs, tech giants, or some hybrid mix of these firms is delivering the solution. Banking-as-a-Service will continue to make banking widely available to any company capable of delivering valuable services to customer or market segments around the world.
10XTS has sought to automate Banking-as-a-Service for institutions with XDEX as the foundation for Governance, Risk, and Compliance (GRC) and Master Data Management (MDM).
The XDEX framework is a metadata layer that can be consumed by any public network smart contract and token to ensure consistency of records and data across multiple institutions, custodians, trading venues and brokers.
We provide banking institutions with the confidence of owning their own data within their own information stacks and portals as they move into the very exciting and promising future of capital.
If you’re considering taking the leap and delivering banking services as a digital solution, we’re here to help.
Contact the team to get started!