Banking-as-a-Service: risk management and regulatory models
Banking-as-a-Service (BaaS) has become a pivotal driver for embedding financial services into diverse ecosystems. Beyond its technological and commercial promise, it raises critical questions around compliance and risk management. This article delves into the nuances of the two primary regulatory models available to businesses adopting BaaS: the Payment Service Provider Agent (PSP Agent) and the Banking and Payment Services Intermediary (IOBSP). We’ll also explore their implications for user experience and security.
BaaS: a comprehensive and accelerating solution
BaaS is built on two essential pillars: a modular technological infrastructure (API-based platforms) and a robust regulatory foundation. These strengths enable non-financial players to seamlessly integrate banking and payment services into their offerings.
According to a recent BCG* study, business leaders increasingly seek an integrated suite of financial services—from instant payments to tailored financing tools. However, delivering on this promise requires meeting stringent demands in three critical areas:
▪ Compliance: Essential to secure operations and meet regulatory requirements.
▪ Security: A dual technical and relational challenge that fosters end-user trust.
▪ Global scalability and modularity: Key to addressing diverse needs and supporting business growth.
Two models, two approaches to risk management
The PSP Agent and IOBSP models, the most common in BaaS, offer distinct approaches to managing risk.
PSP Agent Model
This model operates on a delegation framework. The BaaS partner, typically a fintech or e-commerce company, retains responsibility for managing customer relationships. Meanwhile, the BaaS provider ensures compliance with regulatory standards, including anti-money laundering (AML), anti-corruption, counter-terrorism financing, and fraud prevention.
Advantages
▪ Flexibility for partners.
▪ A seamless, tailored user experience.
▪ Shared responsibility enables a focused approach to AML and fraud prevention. Partners, as agents, directly oversee the quality of onboarded customers, enhancing control efficiency.
Disadvantages
▪ Requires stringent audits to mitigate risks.
IOBSP Model
In contrast, the IOBSP model places critical process control—such as customer identification and payment management—in the hands of the BaaS provider. While the partner registers with Orias, they bear no direct obligations to the ACPR.
Advantages
▪ Full control of risks by the BaaS provider, leveraging deep expertise.
Disadvantages
▪ Reduced flexibility for partners.
▪ Potentially impacts user experience, as the BaaS provider may interact directly with end users.
An evolving market
While BaaS providers have developed significant regulatory expertise in recent years, they must remain vigilant. Over-simplifying onboarding processes to enhance user experience can introduce risks, including compliance gaps or vulnerabilities to fraud.
The future of BaaS hinges on achieving a delicate balance between strengthened security and optimized user experience, supported by regulatory models tailored to specific market needs.
Compliance by design: the cornerstone of trust
At Xpollens, we adhere to a “compliance by design” philosophy, embedding security and regulatory adherence into the very fabric of our services. Key elements of this approach include:
▪ A tripartite relationship among the BaaS provider, partners, and regulators (ACPR).
▪ Shared responsibility with partners, emphasizing from the outset that high-risk clients may be declined to ensure ecosystem security.
This philosophy is reinforced by our affiliation with the BPCE Group, which upholds the highest market standards in compliance through best practices, regular audits, and advanced regulatory expertise. This robust framework enables our partners to quickly and securely enhance their capabilities while safeguarding customer protection.
The choice of BaaS model and risk management strategy goes beyond technical considerations. It defines how businesses build trust with their customers while meeting the growing demands of regulators. At Xpollens, we believe success lies in a collaborative, rigorous approach that transforms compliance into a long-term competitive advantage.
*How platforms are revolutionizing SMB banking, BCG, October 2024