Technical Challenges to Address When Integrating Banking as a Service
Nurturing customer loyalty with banking services
As we move further in a free-market economy, brands across all industries are pressed to constantly reinvent themselves and offer products and services that distinguish them from fellow competitors. Increasing audience loyalty is an ongoing battle fought in multiple fields. There is always a step in a customer journey that can be improved and that is surely being improved by your rivals. One of these is how you as a company establish financial interaction with the customers.
This interaction encompasses a variety of things from your payment options to bonuses. For instance, a tempting offering would be a loyalty debit card, which enables your customers to pay for your products/services with the points awarded by this very card. In addition to customer satisfaction, you get an instrument to analyze your clientele spending behavior and tailor the services on your portfolio. Another example is providing an online loan or a payment by installment, so that the customer journey is never interrupted. There are a myriad of other banking services that a brand can provide to stimulate customer loyalty.
But do we have an “easier said than done” situation here? Surely, to deliver banking services out of the box as a company outside the fintech industry, one sometimes needs to build up from ground zero. While payment processing may be what you are well familiar with, what about the intricacies of lending services, identity verification, preventing financial crimes, or simply complying with the regulations set out for banking service providers?
This is where banking as a service (BaaS) comes to play.
What is banking as a service?
Banking as a service emerged at the fintech scene somewhat in 2014. Though by 2021 BaaS providers are thriving and growing in number, there is still no uniform definition of what it is, or the explanations available miss out a crucial thing to mention. Roughly saying, BaaS enables any nonbank organization to embed necessary financial services—offered by providers and license holders—into its user experience. So, who is who in this equation?
A nonbank organization is any enterprise of any size that wants to deliver certain financial services to its customers out of the box as part of a user journey. To do so, however, such a company needs a technology platform to integrate those services into its portfolio. And this is only part of the problem. The biggest challenge out there is a banking license without which no organization nowhere in the world will be allowed to provide any banking services. In fact, you have to become a bank and deal with all the licensing-related issues on your own, which is anything, but easy. On top of that, if you want to deliver banking services across the globe, you’ll have to comply with local financial regulations in each and every country you plan to operate.
At this point, collaboration with an actual bank, which already holds a valid license, sounds logical. Apart from convincing the bank this endeavor will be mutually beneficial and agreeing on the terms and conditions, there still remains a question how to integrate banking services into your workflows. This opens a pandora box with all its treats from the absence of a common technology stack to numerous standards (privacy, security, etc.) to put in place. This journey may turn into a very tiring, resource-consuming, and bumpy one.
So, what BaaS integration providers bring to the table is all the missing pieces in between a nonbank organization and a financial institution. Acting as an intermediary, BaaS providers cooperate with established banks, who have the license, and put their services onto a technology platform. This reduces the problems of an enterprise to choosing which banking services exactly to enable.
The services a nonbank institution can onboard range from card payments and lending to financial crime mitigation and risk management. The BaaS model enables a brand to pick up only those banking services that are relevant to its customers and the business itself instead of embedding the whole banking stack.
How does this work? Putting it simply, the BaaS platform connects to the API provided by the bank to access the necessary services, products, and information. In the same fashion, the platform then connects to the company’s API to deliver banking services to a marketplace, website, product, etc.
In this regard, banking as a service is often confused with open banking. The BaaS model implies an integration of the whole or partial stack of banking services into the enterprise’s product, while open banking merely allows businesses to use the bank’s data for their products. In the financial industry, these nonbank organizations utilizing the open banking model are referred to as third-party providers.
A typical scenario for such third-party providers in open banking are financial management apps that aggregate data from different bank accounts into a single system, helping end users to improve their income/spending ratio. To do so, providers of such apps connect to the banks’ systems via an API. Needless to say, this API integration layer may be enabled by a whole different middle man—an API banking platform.
BaaS providers on the global market
BaaS platform providers
At the global scene, there are quite a few BaaS providers, and the number is only growing. Below are some examples of the providers that offer their own banking as a service platforms enjoying recognition among key players across different industries.
Bankable is a London-based company, delivering digital banking, virtual account, card management/processing, and payment processing services. The organization’s business model enables enterprises from different industries to integrate the services of choice either via APIs or a white-label platform.
Bond is a USA-based provider of an embedded finance platform delivering debit/credit card, deposit account, and money movement services. The company also offers its APIs and developer SDKs to facilitate building financial products of one’s own.
Cambr is yet another U.S. provider of embedded finance services. Its flagship product is a deposit platform that connects enterprises with 850+ banks in the partner network. The organization reports its platform to help manage $24+ billion.
solarisBank is a German company founded in 2016. The provider’s portfolio includes multiple services across digital banking and card operations, lending, payments, etc. The organization offers simplified integration of all its services via a RESTful API. Since its founding, the startup was able to raise €220+ million in funding.
Treezor positions itself as a French electronic money institution approved by the ACPR (a regulator). The organization focuses on managing the entire payment chain both in acquiring (cards, virtual IBAN, and checks) and issuing (a card program, X-Pay wallets, and BIN sponsorship). Founded in 2016, the provider is a Principal Member of the Mastercard network and a participant of the SEPA network.
11:FS is a developer behind an embedded finance platform. The company claims that their platform helps to launch new financial services in minutes and integrate prebuilt financial workflows into existing ecosystems. One of the provider’s products—11:FS Money—helps to create accounts, make payments, track spending, add funds, etc.
In addition to ‘pure’ BaaS platform providers, banking institutions across the globe also start to adopt the new model of service delivery.
BBVA is one of the biggest bank networks in Spain. The institutions also operates in Mexica, Peru, Turkey, Venezuela, and Colombia. Their BaaS services include identity verification, account origination, card issuance, and money transfer.
ClearBank is a UK-based institution that enables finance and fintech companies, as well as FCA-regulated businesses to establish advanced payment systems. The bank was a pioneer in processing all payment types available in the United Kingdom: Visa, MasterCard, Link, BACS, CHAPS, and Faster Payments.
Fidor Bank is a fully digital institution from Germany. The organization handles risk management, technology compliance, and customer service. The bank’s platform—fidorOS—allows for either integrating BaaS services into existing ecosystems or building new ones from scratch.
Green Dot is a USA-based bank holding company, serving 33 million customers. The organization’s BaaS platform enables enterprises to build products that deliver banking, payroll, and tax services. Green Dot serves such industry giants as Walmart, Uber, and PayPal.
Starling Bank is a fully digital institution with headquarters in London. The company’s online banking platform helps one million people to manage their finances. The organization has been a winner of Best British Bank Awards for four years in a row (2018–2021).
Things to consider before BaaS integration
By this point, everything may seem pretty easy and straightforward. However, the moment an enterprise steps onto the soil of the finance industry, a bunch of the challenges related to integrating BaaS into existing workflows kick in.
- Security at all layers—infrastructure, platform, and app—hits the list as a top priority for any service dealing with financial processes and data. A strong focus on security is key to preventing malicious attacks, data manipulations, and unauthorized access.
- Privacy of personal data shared between enterprise systems, a BaaS platform, and a bank is a must for organizations operating in the European Union and the USA. In Europe, the General Data Protection Regulation (GDPR) is in force, while different states in the USA have their own regulations, for instance, California Consumer Privacy Act. Most of the countries in the APAC region rely on a mix of federal, state, and territory laws like the Act on the Protection of Personal Information in Japan or the Personal Information Protection Act in South Korea.
- Compliance with the industry standards, which are abundant in the finance and individual to each country/region, is an absolute must to enter the market. Violation or inability to fulfill any conditions inflicts grave consequences. For companies with global presence, this becomes an even more challenging task as they have to comply with each regulation in each country of operation. Furthermore, each domain of the finance industry has its own standards, so the more banking services you want to onboard, the more regulations your systems have to comply with. Some examples of general regulations are the Dodd–Frank Wall Street Reform and Consumer Protection Act and the Durbin Amendment in the USA or the European Market Infrastructure Regulation and the Revised Payment Services Directive in the EU.
- Identity verification is another core component of the regulatory requirements in the financial industry and relies on the Know Your Customer principle (KYC). The way you gather information about your customer’s financial circumstances depends on the type of a financial service you want to provide to him/her. The complexity of identity verification only increases as you onboard banking services beyond simple payments, let’s say, direct debiting or lending. The trickiest part in the process is satisfying the regulatory requirements without interrupting or overcomplicating user experience. Once your customer faces the necessity to go to a bank branch for identification, s/he may, as well, quit the process for the service gained is not worth the trouble.
- Data integration between the BaaS platform and enterprise systems may require a holistic approach to eliminating those issues originating from different or contradicting data formats, preventing generation of data duplicates, enabling real-time data synchronization, conducting data migration without downtime, etc.
- Customization calls for flexibility and ease of maintenance across existing systems. Even if a banking-as-a-service provider has the capacity to deliver custom features or you want to customize the offering on your own, still there may arise issues related to incompatibility of technologies, an architectural model of your system, intricacies of the existing workflows, etc.
Though all this may seem sophisticated, there are a great number of technological answers to the concerns raised above.
How to mitigate?
Ensuring security and compliance
It makes sense to evaluate your infrastructure well before integrating it with a BaaS platform to identify potential points of vulnerability and work out a risk mitigation roadmap. These vulnerabilities may be hidden at the networking level, for instance. Make sure you’ve secured the networking protocols—e.g., HTTP and SSH—which API endpoints are using to connect the integrated services. For the purpose, implement mature authentication/authorization methods (two- or multi-factor authentication) and tools (OAuth2.0 and OpenID Connect). You can also employ the principle of the least privilege to enable abstraction at which a particular module cannot access data or a resource outside its scope of authority. TLS encryption will help you to secure sensitive data exchanged through APIs, and tools for credential management like CredHub will safeguard passwords, certificates, SSH keys, etc.
By setting up vulnerability scanning across your operating system, network, drivers, and API components, you will be able to timely detect weak spots and address arising issues. For instance, you can employ packet analyzers to monitor network intrusion attempts, endpoints security status, the efficiency of firewalls, etc. Next, you can place quotas on how often your API can be called, so that the violation of this limit will signal for a potential attack.
If talk about compliance, the majority of the BaaS platforms already conform with those industry standards necessary to deliver a particular banking service. You can always clarify this matter with the provider you decided to stick with.
Enabling data privacy
To let your customers know that you comply with the data privacy regulations in the region of operation (e.g., the GDPR in Europe), you need to implement privacy policies. These policies must explicitly explain the target audience how personal information is gathered, stored, and processed. Furthermore, a user must understand how to give or withdraw consent at any time for any of the actions made over his/her personal data. One of the most common ways to implement privacy policies is via cookies, which appear at the first interaction with your service and enable users to choose those data manipulation options they find suitable.
Implementing KYC identification
The way you identify your customer is integral to providing financial services. A considerable part of the institutions still rely on manual verification that presses a customer to go to a bank branch with a pile of papers to get a loan, for example. No need to say this is a stressful and time-consuming process. In this endeavor, the blockchain technology can help to automate verification and mitigate fraud. The immutable and decentralized ledger behind blockchain allows for securely sharing a verification stamp between the participants of the network. This eliminates paper-based verification workflows, as well as safeguards that only the authorized parties can overlook each step of the process. Again, the majority of BaaS platforms automate the KYC process on their side.
Facilitating data integration
To avoid any discrepancies, it is advisable to use a uniform data format between the integrated data systems. This will save a lot of efforts on trying to make it all work. The next thing to take care of is to prevent duplicates or data loss. You can consider building ETL pipelines and rely on some reputable big data solutions out there like Apache Kafka, Apache Hive, HDFS, etc. Cloud storage systems (AWS S3, Google Cloud Storage, or Microsoft Azure Storage) and/or NoSQL databases provided “as a service” will help to scale under high loads without compromising on throughput.
If you are looking for zero-downtime upgrades, consider building continuous integration/delivery (CI/CD) pipelines. By implementing tools like Jenkins or Concourse into these pipelines, it is possible to automate deployments. With containerization using Kubernetes distributions, you can further automate daily operations, enabling faster customer feature feedback and frequent deployments. The blue-green and canary deployments contribute to disaster recovery and minimize downtime for the server.
According to a recent survey by Finastra, banking as a service will transform 85% of global financial institutions—40% of the respondents expect major impact—in 2021. The predictions suggest the greatest influence on the financial industry in Hong Kong (92%), the UAE (90%), and Singapore (87%). This can be explained by many factors, but one of the most obvious ones is a favorable legislation climate.
Among those perks that BaaS brings to the table, organizations highlight:
- business growth opportunities
- faster time to market with banking services available out of the box
- streamlined operations
- accelerated compliance procedures
- reduced operational costs
- an opportunity to disrupt the market
Out of 785 companies surveyed, 35% claimed to have improved or adopted BaaS, and 32% report to have improved or embedded banking services into their business model in the past year.
The trend for innovation is stronger than ever, as 95% of the pollees intend to digitally transform. When talking about the drivers of innovation in the financial sector, mobile banking and artificial intelligence gain their momentum with cloud-native and blockchain technologies following the lead.
As we move further into the digital era, we can only expect the BaaS trend to expand to new markets, promoting an uninterrupted customer journey, as well as collaboration between enterprises, banks, and fintechs.
- Digital Transformation in Banking: New Challenges for a New Era
- Blockchain Can Help Banks to Better Manage the Identity of Customers
- Canadian Financial Institutions Are Adopting Blockchain: 6 Success Stories