In-Depth: 10 Legal Considerations When Offering Banking-as-a-Service

Supplement to Offering Banking-as-a Service? (Barack Ferrazzano Client Alert, January 2020).

Before considering providing BaaS, we strongly recommend that banks evaluate the following business and legal considerations, which we developed from working with numerous BaaS relationships and our experience assisting with our clients’ FinTech-related regulatory examinations and audits:

  1. Board & Senior Management Education/Involvement
    1. Is your bank’s Board and senior management educated about BaaS?
    2. Do they know what risks it entails, and whether the bank is ready to offer BaaS from a risk and operational perspective?
    3. Board and senior management education and involvement is the first step in offering a successful BaaS program.
  2. Bank Infrastructure
    1. Does your bank have the information technology and human resources to support BaaS?
    2. If your FinTech relationships ramp up, can your bank handle the volume?
    3. It is critical that your bank has the infrastructure to service BaaS, and that it is prepared to handle a spike in transactional and customer volume if your FinTech relationships are successful.
  3. Policies & Procedures
    1. Does your bank have the proper policies and procedures in place to service BaaS?
    2. Does your current CMS contemplate BaaS?
    3. It is essential that your bank not only have BaaS-ready policies and procedures, but that they are followed and tested.
  4. Third-Party Relationships
    1. How will offering BaaS affect your bank’s other third-party contractual relationships, such as your core processor and excess deposit networks?
    2. How will all these relationships work together?
    3. Your bank should review these agreements to help ensure that offering BaaS will work contractually and operationally. 
  5. Fintech Due Diligence
    1. How well do you know your FinTech client?
    2. Has your bank conducted due diligence on the FinTech?
    3. Banking regulators have made it clear that banks are expected to perform comprehensive due diligence on their FinTech clients, especially if offering BaaS.
  6. The Program Management Agreement
    1. Do you have a strong program management agreement that will govern the BaaS relationship?
    2. Has your internal or external legal counsel properly vetted the agreement?
    3. Does the program management agreement reflect the latest legal developments, regulatory expectations, and best practices?
    4. The program management agreement will govern your relationship and will be scrutinized by your regulators, so it is essential that it is comprehensive and that it captures the relationship in a regulatory-compliant manner.
  7. BSA/AML Expectations
    1. Is your bank prepared for increased BSA/AML activity involving BaaS?
    2. Does your FinTech client have adequate BSA/AML controls?
    3. Is your FinTech appropriately licensed under applicable state and federal laws as a money service business (“MSB”) or otherwise?
    4. In recent FinTech-related examinations, regulators have focused on BSA/AML issues given that a FinTech client may generate thousands of customers across the country.
  8. Operational
    1. Is your bank able to sustain operational demands required by BaaS?
    2. Will the FinTech’s application programming interface (“API”) work with your existing systems?
    3. Is your bank effectively communicating with the FinTech client to ensure smooth operations?
    4. Even if your bank is prepared for BaaS, it needs to execute operationally to avoid adverse reputational and regulatory consequences.
  9. FinTech Examinations
    1. Is your bank and FinTech client prepared for regulatory examinations on a regular basis?
    2. Is your bank up to speed on the latest regulatory developments and expectations?
    3. Are you communicating with your FinTech client about them?
    4. Because this is a new area for the regulators, examinations can vary. Nevertheless, preparing for and addressing issues before the examination will help your bank pass successfully.
  10. Exit Strategy
    1. If a particular FinTech client is not working out, or has not successfully scaled-up, does your bank have an exit strategy?
    2. Does your bank have a plan for deconversion, transition, and assessment of costs?
    3. Addressing these issues in advance will make for a much smoother transition.
Jump to Page

We use cookies on our website to improve functionality and performance, analyze website traffic, and enable social media features. By continuing to use our website, you agree to our use of cookies.