A Primer on Banking-as-a-Service

By JV Pineda

Over the past few years, advancements in technology and regulation such as cloud-based infrastructure, open banking regulations, and Application Programming Interface (API)-driven services have paved the way for new models of the delivery of banking services.

Banking-as-a-Service (BaaS) is one of these newly emerged models, enabling non-bank entities to offer financial services through partnerships with banking institutions and/or financial technology (FinTech) firms. The BaaS market is valued at approximately $16bn in 2023, and is expected to be valued at ~$64bn by 2032 (BNY, 2023). This evolution has the capacity to reshape the value delivery of banking services, allowing the monetization of banking infrastructure and expanding the distribution of financial services to non-bank platforms. As BaaS continues to gain traction, it presents both opportunities and regulatory challenges that stakeholders must navigate in this rapidly growing sector.

What is Banking-as-a-Service?

BaaS refers to a model in which licensed banks and Financial Technology (FinTech) firms provide services, including but not limited to: banking infrastructure, payments capabilities, lending and deposit products, and account management, to third-party businesses via APIs. This allows companies outside the traditional banking sector to offer financial services without securing a banking license themselves. In the traditional banking model, customers go to the bank (through bank branches, the bank’s mobile application and/or web portal) to access banking products and services. Under BaaS, the bank goes to the customer (through other platforms) to deliver banking products and services (BCG Report, 2023).

Benefits of Banking-as-a-Service

BaaS provides numerous benefits for financial institutions (FI). For banking FIs, BaaS is mainly an opportunity to reach a sizable number of customers at a lower cost. Traditional banks can make banking products such as deposit and loan accounts available in platforms where the FI’s target market crowds, which can result in lower customer acquisition costs. Another advantage of the BaaS model for banking FIs is that BaaS enables the monetization of existing infrastructure, regulatory licenses, and risk-management expertise by extending those services to customer-facing distribution partners in return for fees(PWC, 2023). Finally, banking FIs could also benefit from being BaaS customers themselves. Banks spend a significant portion of their revenues (around 6-12%)  on their infrastructure technology needs (McKinsey, 2024), and availing of a BaaS core banking provider will allow bank FIs to focus on their products and services, and to potentially reduce the cost of their IT spend.

For non-bank FIs, BaaS is a way to increase the product offering in their platforms to include banking services to improve the customer experience. They could add banking services that are highly complementary to their platforms, such as the availability of loans or savings and investment products via BaaS, removing the need for their customers to go out of their ecosystem. This enables non-bank FIs to further understand their customers’ financial needs for a more tailored offering in their own platform. Another benefit of BaaS for non-bank FIs is the capability of non-bank FIs, such as FinTechs, to launch products swiftly. Rather than developing the product in-house and securing the necessary licenses, they could partner with BaaS providers instead, significantly reducing the time to market of a product.

Risks of BaaS 

Despite its advantages, BaaS comes with significant risks and challenges.

For banking FIs, engaging in the business of BaaS may require a significant amount of time and investment, especially for banking FIs with legacy IT. Offering BaaS requires banks to rethink their IT infrastructure, as a cloud-based infrastructure will offer banking FIs greater flexibility, security, and cost efficiency. If the bank does not have the necessary infrastructure to offer BaaS in a scalable, efficient way, the BaaS product will fundamentally remain unprofitable.

Another disadvantage of BaaS to banks is that this increases the operational risks, and avenues of reputational risk, that it has to manage. As the distribution of its products and services increases, banks will have to be cognizant of the possible points of failure in the entire BaaS process, which include technology limitations such as API rate limits, the proper set-up of ledgering systems, Business Continuity Plans for third-party platform outages, liquidity risks that may arise depending on the arrangement with the third-party platform, and a host of other factors.

Additionally, integrating financial services across multiple platforms increases cybersecurity vulnerabilities, making robust data security measures critical for protecting sensitive customer information.

Regulatory Developments of Banking-as-a-Service

As BaaS adoption increases, U.S. regulators have intensified scrutiny over partnerships between banks and fintech firms to ensure compliance, manage risks, and protect consumers. The regulatory landscape has evolved significantly as agencies such as the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Federal Reserve Board collaborate to establish clearer guidelines.

A key regulatory challenge stems from the responsibility banks bear for their fintech partners. Banks engaging in BaaS are ultimately accountable for the actions and compliance of their third-party partners, requiring them to monitor adherence to banking laws just as rigorously as if the activities were conducted within the bank itself (Alston and Bird, 2024). This supervisory role increases complexity, particularly as banks may partner with fintechs that operate under different risk profiles and customer bases.

Regulators have also increased focus on compliance with Anti-Money Laundering (AML) laws. Banks must ensure that their fintech partners maintain stringent Know-Your-Customer (KYC) and transaction monitoring practices, even when these activities are handled by a third party. Failure to meet these standards has led to enforcement actions (PYMNTS, 2024), underscoring the heightened expectations for compliance in BaaS arrangements.

Lawmakers have also called for stricter oversight and enforcement actions. In September 2024, Senators Elizabeth Warren and Chris Van Hollen urged regulators to ban misleading claims regarding FDIC insurance by fintechs and BaaS providers (BankingDive, 2024). They highlighted that partnerships between banks, BaaS providers such as Stripe, Finastra, Synapse, and Marqeta, and fintechs like Venmo, Cash App, Yotta, and Chime could pose broader risks to the stability of the financial system and consumer safety. They noted that these partnerships hold the risk of providing misleading or insufficient information to end consumers, such as the claim of fintech firm Yotta that users’ funds are FDIC insured through pass-through deposit insurance but does not present the risk that the funds are not protected when they are in transit via a fintech intermediary like Synapse.

However, where the regulatory winds are blowing is not cut and dry. The Consumer Financial Protection Bureau (CFPB), which has historically played a key role in enforcing consumer protection laws and establishes guidelines for open banking, is currently undergoing significant changes under the new administration. The agency has faced a rapid reduction in its authority, with its director being dismissed and operations suspended (CBS News, 2024). For observers, this can be interpreted as a measure to eliminate duplicative work, with the responsibilities of the CFPB potentially reassigned to other agencies. However, it could also be seen as indicative of a broader deregulatory push for financial institutions. It’s too early to say which is which.

Ensuring that each party’s roles and responsibilities in a BaaS arrangement is clear from a regulatory and compliance perspective is crucial in protecting consumers and for the development of the industry moving forward. To prevent failures such as the Synapse collapse (Fortune, 2025), industry players would need to work with regulators in determining what arrangement works best for all parties involved to minimize implementation risks and to keep parties accountable.

Conclusion

BaaS represents a transformative shift in the financial services industry, enabling greater accessibility and efficiency in banking. By leveraging cloud infrastructure, APIs, and regulatory frameworks, BaaS allows both traditional financial institutions and non-bank entities to expand their service offerings, improve customer experiences, and unlock new revenue streams. However, alongside these opportunities come significant challenges, including heightened operational risks, regulatory scrutiny, and cybersecurity concerns.

As the regulatory environment continues to evolve, banks and fintechs must navigate increasing compliance obligations, particularly around risk management, consumer protection, and anti-money laundering practices. While regulatory uncertainty remains, one thing is clear: BaaS will continue to reshape the financial landscape, influencing how banking services are developed, distributed, and consumed in the years ahead.

JV Pineda is a Wharton Initiative on Financial Policy and Regulation student fellow. The views and ideas expressed in this post are those of the author and do not necessarily represent those of the Wharton School or the Wharton Initiative on Financial Policy and Regulation.