When an industry becomes redefined, reshaped and cut into different pieces then crafted back together to create something new, it always begs the question - what is this new reality and how should we think about it?

It’s exactly what we’re seeing with Banking as a Service (BaaS) as of late. The co-mingling of traditional financial services organizations and fintechs has attracted increased scrutiny from regulatory bodies like the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB) – reflecting broader concerns over compliance, fraud prevention, and the stability of the financial services ecosystem.

We’ve seen what can happen without proper regulatory oversight – the damage it can do and the horrifying rippling effects it can have on the economy. That’s why robust compliance measures, if thoughtfully enacted and enforced, can act as a cornerstone for a thriving BaaS ecosystem.

But how should players in this space think about the increasing regulatory scrutiny that’s impacting anyone involved in BaaS?




BaaS empowers non-bank companies to leverage the infrastructure of chartered  banks, offering financial services like payments, loans, and account management. In a nutshell, this model enables these non-bank companies to offer financial products without having to become banks themselves. While this symbiotic relationship lays the foundation for innovation and ideally - more convenience for consumers, it also introduces new risk and regulatory considerations.

At its core, BaaS relies on robust technological platforms that integrate seamlessly with banking systems to deliver services such as payments, lending, and deposits. These platforms are designed with scalability and security in mind, equipped to handle the complexities of financial transactions and sensitive data management.



The rise of regulatory oversight

This symbiotic merger of two worlds has necessitated a rigorous compliance framework overseen by regulatory bodies such as the OCC and the CFPB, representing an intensified scrutiny of the model to prevent systemic risks such as financial fraud, money laundering, and cybersecurity threats. 

For the protection of us as consumers, the regulatory spotlight is focused on ensuring that all financial transactions are secure, transparent, and compliant with existing financial laws.


Key regulatory bodies and their roles


Office of the Comptroller of the Currency (OCC): Oversees national banks and ensures that they comply with federal banking laws. The OCC's involvement in BaaS focuses on the operational risks and compliance standards of banks engaging in BaaS partnerships.


Consumer Financial Protection Bureau (CFPB): Protects consumers from unfair, deceptive, or abusive practices in financial services. The CFPB pays close attention to how BaaS platforms handle consumer data and privacy.


Federal Deposit Insurance Corporation (FDIC): Insures deposits and monitors the safety and soundness of financial institutions. The FDIC's role extends to evaluating the risk management frameworks of banks involved in BaaS activities.


The Federal Reserve (Fed): Regulates financial institutions and activities to ensure they operate safely and soundly, and provide fair services to consumers. The Fed maintains a stable, efficient, and competitive banking system.


Regulatory Crackdown: Protecting Consumers and the System


Are these regulatory concerns warranted?


Perhaps. In fact, several recent high-profile cases involving sponsor banks have highlighted potential weaknesses in existing BaaS partnerships. 


These examples illustrate the heightened focus regulators have on BaaS. Sponsor banks have crossed paths with regulators around concerns including the sufficiency of user identity verification methods, alleged deficiencies in existing BaaS operations and fintech partnerships and potential unsafe practices and a lack of adequate internal controls and information systems relative to its size and the scope and risks of its third-party relationships.


Regulators’ primary objective is to safeguard the stability and security of the financial system, protecting both consumers and financial institutions. While navigating a more stringent compliance landscape might seem like an obstacle, these requirements are ultimately a necessary step towards building a more secure and sustainable future for BaaS.




The intensified regulatory scrutiny is not arbitrary but a critical aspect of maintaining the integrity and trustworthiness of the financial services sector. As explained by Alex Johnson from Fintech Takes, when a bank engages with third-party partners, such as fintech companies or non-bank financial service  providers, it extends its risk, governance, and compliance frameworks to cover these entities. This expansion is akin to a bank opening a new branch in terms of the regulatory oversight and compliance requirements involved.


Getting ahead: implementing robust compliance frameworks to future proof partnerships

The examples of regulatory interventions underline the necessity for BaaS providers to establish comprehensive compliance guardrails that extend across all operations and partnerships. These frameworks should not only address the immediate regulatory requirements but also anticipate potential future challenges as BaaS continues to evolve.


What does being proactively compliant mean?

Risk mitigation: Effective compliance helps in identifying and mitigating potential risks before they become significant issues.

Trust building: By adhering to regulatory standards, BaaS providers can build and maintain trust among consumers and partners, which is crucial for long-term relationships.

Market stability: Compliance contributes to the overall stability and reliability of the financial market, protecting it from shocks and crises.




Despite the regulatory challenges, partnering with a competent BaaS provider can offer significant advantages. For instance, private labeling a credit builder product through a strategic partnership can be far more efficient and cost-effective than building one from scratch. Such partnerships can leverage existing expertise and frameworks to deliver compliant, innovative financial products faster and at a lower cost.


Building Trust Through Compliance: A Partner You Can Rely On

But to ingest all the benefits of a BaaS partnership, the partnership itself has to be thoughtfully set up against rigorous regulatory and compliance standards to prevent any potential wrongdoing in the future. 


Figuring out the complexities of compliance can be daunting – which is why a BaaS partnership can be ideal. A strong BaaS partner should already be well versed in these complexities and ideally has a long standing compliance program. These programs and the teams that support them should be robust enough to know how to guide you, the fintech, through the rigors of setting up - to protect you, your business and your consumers.




Firstly, a robust compliance program proactively mitigates potential risks. Extending your risk management practices to encompass your BaaS partner is essential. Partnering with a BaaS provider that prioritizes compliance could help you circumvent the significant costs and challenges associated with building your own systems and processes from scratch.


Imagine the immense burden of developing and maintaining a comprehensive knowledge management system that encompasses all compliance, legal, and regulatory requirements. By leveraging an existing, robust compliance program, you can free yourself from these complexities and dedicate your resources to core business functions.




For an organization to go about developing their own credit builder loan product, it would take at least 18 months. And those 18 months could be comprised of processes like:

  • Bank selection —6-9 months

  • Bureau credentialing — 6-12 months

  • Licensing for all states —12+ months

  • Product development — 6-18+ months

…to name a few.


That’s why we partnered with Cross River Bank to enable our embeddable credit builder loan product– to make it seamless for fintechs and other organizations to offer their customers a simple way to establish and build their credit history.


And a crucial part of the onboarding process is ensuring that all the Ts are crossed and Is are dotted through proactive compliance to mitigate these risks in the future, thereby protecting the trust your customers have with you and safeguarding your brand equity.


Yes, the evolution of the BaaS sector has invited the brightest of spotlights on existing regulatory and compliance frameworks. Yet the role of compliance cannot be understated because the ongoing regulatory scrutiny isn’t just a hurdle. It’s a necessary framework to ensure that the growth of BaaS is aligned with the broader objectives of consumer protection, market integrity, and financial stability. 


Regulatory bodies will likely continue to enforce strict standards to protect consumers and maintain the stability of the financial system. For banks and fintech companies, understanding these regulatory landscapes will be crucial to achieving sustainable growth and innovation in the increasingly competitive world of financial services. 


So, is it a bit of work in the beginning to be proactively compliant? Yes. But it is absolutely worth it to maintain the integrity and stability of our financial system amidst the tech advancements that we’ve hurtled through.




Disclaimer: Array takes pride in ensuring the information we share is accurate and up-to-date; however, we understand that the information you read may differ from the product(s) and/or service(s) mentioned. We present the product(s) and/or service(s) you read about without warranty. We recommend you review the product and/or services’ terms and conditions before you make a decision. If you encounter inaccurate or outdated information, let us know by writing to: info@array.com.

Editorial Note: This content is the author’s opinion, expression, and/or recommendation(s)


Greg Johnson
Post by Greg Johnson
May 21, 2024
Greg Johnson serves as the Chief Sales Officer of Array, steering its expanding sales team forward as the company seeks to maintain and build upon its current momentum.

Prior to joining Array, Johnson was an Industry Practice lead at Moody’s Analytics after leading the integration of go-to market functions following Moody’s acquisition of Cortera, a leading provider of North American business risk data and analytics, where he served as Chief Operating Officer. He also was the Chief Revenue Officer of IDI, a consumer and business data and analytics solution provider, and has more than 25 years of combined customer facing experience from roles at LexisNexis Risk Solutions and EMC (now Dell/EMC).

Greg stands out as a Chief Sales Officer with a remarkable knack for not only achieving outstanding results but also for empowering his team. He excels at identifying and nurturing talent throughout the organization, leveraging these skills for significant accomplishments. His leadership is characterized by a unique blend of strategic vision and a hands-on, data-driven approach to driving sales excellence and organizational growth.