Open banking has opened up a new collaboration line for Banks to forge a partnership with Fintechs and build new business models using a set of banking APIs. Fintechs have also lapped up these opportunities to create new business models like Neo Banks, Accounting Platform Embedded with Banking, and the recent phenomenon of Embedded Finance. It remains a significant challenge for Banks to get ready with a whole suite of APIs (application programming interface) and onboard Fintechs fast to create new business opportunities, despite having alignment of relationship. The entire process to develop and onboard fintech partnership & Go-to-market may take months and maybe a year.
This challenge has created a big void in the whole scale of Fintechs, which has now been tackled by Platforms or Tech Startups positioning themselves as Banking-As-A-Service players and enabling integration with Banking APIs in a seamless manner and in a short time.
But, does this stop Banks to repositioned themselves as Banking-As-A-Service providers to Fintechs? Can the banks transform themselves so that the entire onboarding and integration of Banking APIs to build new business models can be a weekly activity? Sometimes, it is put down on the presence of a legacy system and Infrastructure at the backend at Banks being a significant hindrance to the entire process. In addition to this, whole obligations of compliance become a challenge at banks due to a regulated entity, makes the process slow. Ultimately, Banks have to be responsible for compliance related to but not limited to, KYC, AML, Cyber Security, and others.
Setup Process for Banks to be BAAS Players
Though it may not be as easy but may not be too complex to transition themselves to be BAAS players for Fintechs or Big Techs or anyone who wished to bindle banking services to their platform. It may be indeed possible though will require complete backend overhauling of structuring at Banks level at different Layers. There are three broader layers where Banks can do necessary plumbing modules to create an integrated process to setup BAAS. The below diagram demonstrates a high level of transition structure for Banks.
Develop Business and Monetization Layer:
First thing First, Banks need to develop entire business models, including products, services, revenue structure defined in such a way to initiate discussions with third parties. Product teams need to be transformed to start thinking from an Open Banking perspective with the outside-in approach and consumption-based banking and create a product stack in a modular structure to position packaged products & services to Fintechs. A large amount of time gets lost in visualizing the delivery of banking products and services from third-party platforms.
Banks shall formulate a micro product team structure with technology, compliance, and operations to visualize a new product creation and development, and delivery model. This would enable Banks to think in an integrated model rather than in an isolated structure.
Build Technology Enablement Layer:
It is said that open banking is primarily about business, while technology is much easier to tackle. Though most of the banks have evolved to have web services enables core banking systems, many of Banks may still have legacy applications, and they may struggle to make APIs available for third parties, build the right set of supporting layer could solve many of the issues. Setting up proper API management and gateway platform on top of core banking applications will help banks complete the complete integration and consumption process of APIs with third parties more manageable.
Setting up an API management platform may be the easier part. It is crucial to build bundled API integration and partner onboarding process incorporating authentication, authorization, and fundamental security components right on the front as part of the API development and release process. This needs to be supported with very well defined API documentation where most banks have struggled. The most critical component in the full delivery of BAAS is the adherence of Cyber Security controls as managing threats from third parties could be a nightmare for the CISO of the Banks. So, CISO and the team should be onboarded in the entire technology enablement project and should in involved in Fintech discussions from the beginning.
Build Operational Layer:
This is a challenging part as Bank will remain to have operational and compliance responsibility of all banking services to customers even though it is delivered through third parties. Backend Operations, Reconciliation, Governance, Compliance, and Financial aspects form the support layers for Banks in banking services delivery. So, Banks need to develop and build packaged operational & governance structures around BAAS so that the onboarding of Fintech Partners seamless and fast without any compromise to compliance.
The operations team needs to be onboarded in this entire process to identify customer requests originated from a third-party platform and manage banking services in the same fashion the way it is being managed for branches & channels. Standard Operating Procedures need to be re-written to address all operational requirements generated through the BAAS platform and partner entities. Reconciliation is a critical part of entire backend operations. The whole recon process should be realigned to address banking transactions originated from third parties platforms and address any deviations through a pre-defined settlement process.
Risk Management forms a critical part of any business initiative. Typically, risks are identified in a phased manner in the entire partnership model of Fintechs and this delayed down the whole process. It would make sense to pre-define and visualize all sorts of risks and then define mitigation measures. Pre-definition of risks and mitigation will help Banks & third parties agree at the start of the engagement and fasten the whole onboarding process. There could be still new risks, which may come up during the course of business. The same could be addressed through a well-defined risk management structure.
Compliance requirements should be pre-defined as part of the business model and operational structure. In addition, Banks should incorporate compliance requirements at the technology layer in API design and handle at its end instead of leaving things at the Fintech end. Besides, Banks should define the governance framework to review the BAAS based business model and incorporate auditing & monitoring as part of the framework.
Setting up the BAAS process may not be easy, but may not be entirely complicated. Easier said and done, it would take a well-planned approach with the right execution approach to build a packaged model to develop a BAAS platform at Bank’s end and build a business model on top of it.
Head of Consulting
The Digital Fifth