How to Build a BaaS Program: A Checklist for Getting Started

How do companies without a banking charter — from tech giants like Apple to fintech startups — offer their customers financial services products?

They partner with banks that have banking-as-a-service programs, or BaaS.

It’s a strategy that more banks are looking to pursue, as they seek benefits such as new revenue streams and access to deposits and loans from outside their own geographic markets.

In its annual “What’s Going On in Banking?” study, Cornerstone Advisors asked 300 executives at banks and credit unions, mostly in the range of $250 million to $50 billion of assets, about BaaS. The results showed strong interest: 4% were developing a BaaS strategy, 13% were considering one, and 46% said they might consider it in the future. In addition, 7% of the respondents said their institution already has a BaaS program.

Apple offers its high-yield savings account and other banking services to its customers with Goldman Sachs as its BaaS partner behind the scenes. A variety of companies, including the retail giant Walmart and the fintech small business lender Bluevine, provide their banking services via the BaaS program at Coastal Community Bank.

To be successful with BaaS, banks need a framework for how they will evaluate and operate their partnerships over the long term. Here’s an overview of the steps necessary to get started.

Step 1: Create a Strategic Plan

Before getting into banking as a service, banks need a strategic plan that defines the objectives. This could include growing deposits, increasing revenue, diversifying the customer base, or any combination of these.

Whatever the objectives are, they must fit within the bank’s overall risk appetite.

Just as important is the need to socialize the objectives. Commitment from the entire organization — from the board and the chief executive through management and individual contributors — is critical to the success of the program.

Everyone also needs to understand how the BaaS program will work and what their roles will be, whether they are in risk and compliance, operations, marketing or sales.

Step 2: Assign Roles and Responsibilities

“Everyone needs to understand how the BaaS program will work and what their roles will be.”

After building the strategic plan at the leadership level, the next step is identifying key stakeholders, assessing staffing needs, and assigning roles and responsibilities.

As part of this process, banks might determine they need to upskill some current employees and bring on new hires and consultants to help.

It also makes sense to establish a plan for adding staff as the program scales.

Key stakeholders must be involved in the governance of the BaaS program, including the process to evaluate, approve and monitor nonbank partners.

REGISTER FOR THIS FREE WEBINAR

The Power of Localized Marketing in Financial Services

Enhance your brand's local visibility, generate more leads, and attract more customers, while adhering to industry & compliance regulations.

Thursday, May 16th at 2:00pm EST

Enter your corporate email address

REGISTER NOW

Step 3: Talk to Regulators About the BaaS Strategy

Banking as a service is a relatively new business for banks, so getting buy-in from regulators is necessary before launching.

Regulators will want to ensure that there are no surprises and that the bank is fully aware of the requirements associated with a BaaS program.

Keep them in the loop as the bank moves forward, especially as it develops a plan for managing third-party relationships.

Step 4: Implement a Plan for Managing Third-Party Relationships

BaaS partnerships are unlike other third parties a bank works with and require a unique risk management plan.

It should include details on how the bank conducts due diligence on new partners and their end users (who are effectively clients of the bank). It should also include specifics about the ongoing monitoring of partners and the annual audit engagement, among other things.

New federal guidance for managing third-party relationships took effect June 6. It is a joint effort by the Federal Reserve, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. and applies to all third parties, not just BaaS partners.

One advantage of the guidance is a uniform approach across agencies, but it is also widely perceived as signaling greater regulatory scrutiny of BaaS in general.

Step 5: Develop BaaS-Specific Policies

A comprehensive set of policies and procedures should detail how the banking-as-a-service program will operate. This should be created with involvement from the bank’s board and, in particular, its risk committee.

Typically, some existing policies and procedures have to be tailored to take the BaaS program into account as well.

Areas to cover include: governance, approval processes, risk appetite, Bank Secrecy Act and anti-money-laundering practices, third-party oversight and monitoring, and contingency plans.

It’s important to keep in mind when creating or modifying policies that regulators will be looking for consistency when assessing the bank’s approach to the BaaS program. The policies and procedures should not deviate wildly from how the bank normally operates. Instead, take the bank’s standard practices and add to or modify them to be applicable to the BaaS program.

Read more:

• How Embedded Finance Fuels Growth in Choppy Economy
• Banks Tap Fintech Partners to Address Embedded Banking Threat

Step 6: Onboard Only BaaS Partners That Are a Fit

The bank must focus on its strategic goals and priorities — not just for the BaaS program, but for the institution as a whole. It’s crucial to pick partners that align with the bank’s goals and share its definition of success.

Before agreeing to work with a new partner, conduct thorough due diligence. Understand who they are, what their business model is, who their customers are, and what their vision for the future is.

Here are a few questions to ask:

Does this partner meet the bank’s risk appetite?
Some companies are willing to take more risk than others — in fact, that might be their raison d’etre. They may work in industries or with products that have been underserved in the past due to high risk, for example, cannabis or international customers. While these partners can provide access to new markets and growth opportunities, the bank must ensure the risk is within its comfort zone and that the staffing and controls it has in place are adequate to manage those risks.

Do they offer products the bank is familiar with?
Is the bank ready to accommodate the potential partner’s plans? If traditionally the bank has never offered such products, is it prepared for the learning curve and inevitable adjustments that come from offering a new product?

Does the size of the partner company fit with the bank’s goals and capabilities?
As part of the due diligence, get a firm understanding of the financial condition and projections of any potential partner. Does the anticipated deposit and transaction volume line up with the goals of the bank’s BaaS program? Is it enough volume to make the partnership worth it? Or, vice versa, is the bank prepared for the potential influx of volume in terms of customers and deposits? While growth is appealing, the bank must demonstrate an understanding of the potential impact to its capital and liquidity levels as well as concentration risks.

REGISTER FOR THIS FREE WEBINAR

Navigating Credit Card Issuing in an Uncertain Economic Environment

Learn how to build a modern credit card strategy that balances profitability and risk, adopts the latest technology and delivers the customization that cardholders demand.

Wednesday, May 8 at 2pm EST

Enter your corporate email address

REGISTER NOW

Step 7: Maintain Ongoing Risk and Compliance Oversight

Before, during, and after launching a banking-as-a-service platform, the bank will continually need to monitor all of its partners to ensure they are properly managing risk and adhering to all compliance regulations.

The due diligence conducted before establishing partnerships should continue, with routine analysis of the partners’ data to understand their financial condition (cash position, profitability, funding status); their growth (number of customers, transactions, deposits); and their risk and compliance posture (fraud losses, Automated Clearing House returns, know-your-customer pass rates, etc).

Have a remediation plan to address compliance shortcomings at a partner company if issues arise.

Oversight of partners is key to building a sustainable BaaS program. It’s important to understand their daily operations, not only to protect the bank and make corrections as needed, but also to ensure their actions align with the bank’s strategic goals.

Read more about banks with BaaS strategies:

• Cross River Bank’s Strategic Plan: BaaS, Crypto and Fintech Investments
• All-Digital Grasshopper Bank Pushes into BaaS and SBA Lending

Step 8: Don’t Forget About Change Management

Having an effective change management program for the BaaS operation is also important. Not only will the bank’s workforce need to adapt to a BaaS model, but it’s inevitable that partners will want to make changes to their programs. Many of these may be welcome, such as adding new products or capabilities, launching marketing campaigns, or entering new markets, but they will all require the bank’s attention and approval.

“Not only will the bank’s workforce need to adapt to a BaaS model, but it’s inevitable that partners will want to make changes to their programs.”

It’s crucial to have change management processes in place to handle these requests before they start coming in at lightning speed (and they will). Tech companies, especially fintechs, move faster than traditional financial service businesses, and having the right people in place to swiftly review, revise, and approve their changes will avoid headaches later on.

While “move fast, break things” is a common saying within the tech industry, those relying on BaaS and the banks providing those services must take a different approach, factoring in the downstream impact on the safety and soundness of the bank and the customers it serves.

See all of our latest coverage of banking as a service.

No One Size Fits All with BaaS

Banking as a service isn’t formulaic. Banks have different approaches, based on all of the considerations that go into tackling any new business line, including growth capacity, risk tolerance and strategic philosophy. Piermont Bank is a BaaS provider that favors business-focused fintechs, for example, and Coastal Community, the one working with Walmart, is partial to partners that target underserved consumers.

But regardless of how a bank chooses to pursue BaaS opportunities, following these steps will help lay the groundwork for a resilient program.

Eyal Shavitzky is the Director of BaaS for Midland States Bank and served as the Director of Bank Partnerships at Synctera at the time of publish. Shavitzky has close to 15 years of banking, technology, and leadership. His previous experiences with two publicly traded financial institutions included leadership roles in a myriad of areas ranging from Operational Risk, Chief of Staff to the President and CEO, Vice President – Corporate Strategy, to Senior Vice President – Institutional Services. Shavitzky earned his Master’s degree from Columbia University and his Bachelor of Laws from Bar-Ilan University.