Skip to main content


Managing Compliance Risk for BaaS and Bank-Fintech Partnerships

John Zanzarella
December 2, 2022

Banking-as-a-service (Baas) and bank-fintech partnerships are all the rage lately as organizations work to diversify their product offerings and make financial products more accessible to consumers.

While these partnerships offer great opportunities and benefits, they don’t come without regulatory compliance challenges and concerns. Prioritizing compliance should be top of mind for banks, fintechs, and BaaS providers alike to mitigate risk and gain a competitive advantage in the marketplace.


Growth of Banking-as-a-Service (BaaS)

What is “Banking-as-a-Service”? FinTech Business Weekly says:  

At the highest level, [BaaS] describes product structures that have long existed: non-bank companies leveraging banks’ unique capabilities – usually, their license and all that goes with it—as a key part of their business model.

Banks and fintechs are partnering more than ever to offer a wide range of consumer finance products and services, and these types of partnerships are expected to only grow from here. According to Finastra,

  • The BaaS industry is expected to reach $7 trillion in market value by 2030
  • 85% of senior executives said that they already implemented BaaS solutions or plan to within the next 12-18 months
  • 70% want to increase spending on financial partnerships (including Baas)

Regulatory Oversight of BaaS and Bank-Fintech Partnerships

Federal Deposit Insurance Corporation (FDIC)

The FDIC is the primary regulator for state-chartered banks and conducts regular examinations of these entities every 12-18 months-which include an assessment of how a bank manages the risks presented by its relationships with third parties (aka fintechs).

Office of the Comptroller of Currency (OCC)

The OCC charters, regulates, and supervises all national banks-including those that partner with fintech companies.

In August of 2021, the FDIC, OCC, and Federal Reserve released joint guidance for bank-fintech partnerships to provide insights on key due diligence topics that should be considered when choosing a partner. 

Consumer Financial Protection Bureau (CFPB)

Fintechs have just recently come under the microscope of the CFPB when they invoked a dormant authority to supervise nonbank entities-aka fintechs-that pose risks to consumers (more on this below).

State-Level Oversight

In addition to federal regulators, banks and fintechs are subject to oversight by the states in which they’re operating. 

Increased Regulatory Scrutiny of BaaS and Bank-Fintech Partnerships

CFPB Invokes Dormant Authority to Regulate FinTechs

In April of 2022, the CFPB invoked a largely unused legal provision to examine nonbank financial companies (fintechs) that pose risks to consumers in an effort to protect consumers and to “level the playing field” between banks and nonbanks.

This authority gives us critical agility to move as quickly as the market, allowing us to conduct examinations of financial companies posing risks to consumers and stop harm before it spreads.

– CFPB Director Rohit Chopra

OCC Developing a More Sophisticated Understanding of Bank-Fintech Partnerships

In his recent remarks at The Clearing House and Bank Policy Institute Annual Conference, Acting Comptroller of Currency Michael J. Hsu outlined the Office’s priorities for BaaS and bank-fintech partnerships moving forward:

The growth of the fintech industry, of banking-as-a-service (BaaS), and of big tech forays into payments and lending is changing banking, and its risk profile, in profound ways.

Banks and tech firms, in an effort to provide a “seamless” customer experience, are teaming up in ways that make it more difficult for customers, regulators, and the industry to distinguish between where the bank stops and where the tech firm starts.

The evolution of bank-fintech arrangements in the era of digitalization is giving rise to new opportunities for surprises. Fortunately, this risk can be mitigated. At the OCC, we are currently working on a process to subdivide bank-fintech arrangements into cohorts with similar safety and soundness risk profiles and attributes. This will enable a clearer focus on risks and risk management expectations.

Managing Compliance Risk for BaaS and Bank-Fintech Partnerships

Based on what we’ve been seeing, regulators are expecting both banks and their partners (fintechs and BaaS providers) to have oversight on how their products are being marketed to consumers.

To effectively manage compliance and risk in your partnerships, you need the ability to:

  • Approve content across all of your partners (and their partners) at scale 
  • Have ongoing and comprehensive monitoring of marketing communications across all channels
  • Gather proof that you can use to show regulators (and bank partners) your ability to discover, monitor, and act on any marketing materials that could potentially be harmful or deceptive to consumers

Benefits of Compliance Monitoring for Banks, Fintechs, and BaaS Providers

While regulatory responsibility traditionally falls on the bank, based on recent commentary from the CFPB and OCC as mentioned above, fintechs and BaaS providers will benefit from taking a proactive approach to compliance instead of a reactive one.

Whether you’re a bank, fintech, or BaaS provider, having a robust compliance monitoring system in place offers you a competitive advantage:

  • Banks: As you continue to partner with more fintechs, you need comprehensive compliance controls in place to mitigate risks and avoid scrutiny from the regulators
  • Fintechs: Use your compliance data to show potential partners that you’re taking a proactive approach to compliance and that you won’t pose a risk to their business
  • BaaS Providers: Use compliance as a competitive advantage. Market yourself as an ideal partner by taking some of the compliance burdens off of your partners by having your own programs in place

Compliance Monitoring with PerformLine

With PerformLine, you can gain full visibility into your partners’ marketing materials (and their partners’ marketing) across the web, social media, and emails. PerformLine’s omni-channel compliance solutions offer comprehensive coverage of your brand products everywhere they appear-even if you don’t know about them-to ensure that they’re being marketed accurately and in compliance with applicable regulations.

With PerformLine, your organization can:

  • Discover your partners’ partners who mention your brand in their marketing materials
  • Act on and remediate any potential compliance violations quickly and have a central repository of those remediations
  • Risk run your partners to identify your most (and least) compliant partners to help make strategic decisions 

We’re already helping leading banks and fintechs monitor partners for compliance. Learn what we can do for you by scheduling some time to chat with our team.

Frequently Asked Questions

Are there any real-world examples or case studies that demonstrate how banks and fintechs successfully navigated compliance challenges within their partnerships?

Real-world examples of successful compliance navigation in bank-fintech partnerships most often involve close collaboration and transparency between the parties, ensuring that both understand and adhere to regulatory requirements. These partnerships typically employ extensive compliance programs that include regular audits, risk assessments, and the use of technology to monitor compliance.

What regulatory challenges do BaaS and fintech partnerships face in different regions or countries, considering that the regulatory landscape can significantly vary?

The specific regulatory challenges faced by BaaS and fintech partnerships vary by region, but they often revolve around customer data protection, anti-money laundering (AML) standards, and payment services directives in Europe or the Office of the Comptroller of the Currency (OCC) regulations in the United States. Adapting to these diverse regulations requires a flexible and informed approach to compliance.

How do compliance requirements impact the innovation and speed of product development in bank-fintech partnerships?

Compliance requirements do have the potential to impact innovation and speed of product development within bank-fintech partnerships. However, many partnerships view compliance as an integral part of the innovation process. This ensures that new products not only meet market needs but also align with regulatory standards. This approach can lead to more sustainable and trusted financial solutions.

author avatar
John Zanzarella SVP of Sales
John Zanzarella is the SVP of Sales at PerformLine.

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.