Banking as a service

Last updated
"Banking as a service" stack based on the cloud stack by Scholten, derived from Lenk et al. Banking as a Service - Infographics.jpg
"Banking as a service" stack based on the cloud stack by Scholten, derived from Lenk et al.

Banking as a service (BaaS) is the provision of banking products (such as current accounts and credit cards) to non-bank third parties through APIs. [1]

Contents

Description

As a value network, BaaS aims at seamlessly integrating as many service providers as needed into one comprehensive process to complete a financial service in an effective and timely manner. It is implied that a BaaS would include certain features in addition to providing a financial service. There must be means for managing, deploying and delivery of the services' environment. The services must of course be in legal compliance with the banking laws in the regions where it is made available, with (at least) one entity within the process possessing a banking license. Of utmost importance is the assurance that proper mechanisms are in place to provide security, such as strong authentication and additional measures to protect sensitive information from unauthorized access throughout the entire process. These security mechanisms must be in compliance with laws of data protection for the jurisdictions involved. With the proliferation and acceptance of BaaS, the emergence and rapid growth of FinTech can be expected. FinTech is “a business that aims at providing financial services by making use of software and modern technology.” [2]

API-based stack

This stack can be used with a licensed bank as foundation, a BaaS as middleware, and an ecosystems of FinTechs on top. BaaS Structure (Chris Skinner).png
This stack can be used with a licensed bank as foundation, a BaaS as middleware, and an ecosystems of FinTechs on top.

Skinner suggested a 3-layer representation of the BaaS stack. [3] In this stack, the underlying infrastructure-as-a-service is provided by a traditional, licensed and regulated bank. Above this bank would be the centralized Middleware layer that Skinner refers to as "bank as a service". Added on to the bank as a service is a group of decomposed banking services consisting of an ecosystem of FinTech startups and service providers.

With this technology, based on the BaaS-platform, it is possible to create FinTech banks, which could improve banking processes and provide increased convenience for banking clients. In such a constellation, FinTech banks are enabled to compete directly with banks by offering core-banking services without having to build all the products that would be needed. The API-based bank as a service platform serves as the back-end that hosts standalone independent FinTech startups and integrates seamlessly with any existing back-office of traditional banks. This allows non-banks to easily and cost-effectively launch additional financial products and expand into additional markets. [3]

Cloud-based stack

Dynamic development and growth in the world of FinTech have made the API-based Bank-as-a-Service stack obsolete in contexts where tech-companies now own licenses to operate as regulated banks, thus eliminating the reliance on classic banks. Embracing the new developments in financial technology and services, the Banking-as-a-Service stack can be redefined in analogy to the Cloud stack. [1] [4]

Infrastructure as a service (IaaS)

The infrastructure as a service (IaaS) layer provides basic infrastructure services through an IaaS provider. A majority of these services would be available on demand and do not necessarily need to be FinTech services (like Amazon Web Services or OVH). This layer would include the server and communication hardware (physical layer).

Banking as a platform (BaaP)

At the top of the IaaS model would be banking as a platform provider (BaaP). The BaaP would be a bank that is fully licensed or use an external regulated bank's licensed banking services. The decomposed banking services (FinTech SaaS) are in essence, plugged into this layer. Data-security plays a crucial role in the BaaP. There is a need for monitoring functions that will enable seamless and secure operations across applications and domains through secure authentication.

FinTech SaaS

FinTech SaaS (software as a service) refers to all atomic or composite software-based financial services that are available on-demand. When these services are provided through a BaaP, they will need to be compliant with the BaaP's API specifications. The services may either be physically deployed in the BaaP's domain or work externally. This gives the potential for the ability to plug financial services from other banks into the BaaP to create new composite application services. The result is that traditional banking services can now be virtualized and dispatched via composite application services. This does, however, present a challenge in verifying that none of the plugged-in services will violate regulations that have been imposed by banking authorities.

HuaaS

Humans as a service [4] represents the top layer of the proposed revision of the BaaS stack. While at the onset this layer may not seem especially important, as FinTech services continue to grow as a segment in the financial service market, services performed by Cloudworkers will take on increased importance. This is a behind the scenes component that end-users will be unable to discern between a complete automated service and one that includes HuaaS.

Potential consequence

The consequence of having a decomposed stack is that there are multiple ways that the customer's front-end could be presented. One way would allow the BaaP provider to appear directly as a bank to its customers. This necessitates the provision of a front-end user interface to the end-customers including user authentication and other features. The bank would appear as any other online bank where all banking services are presented and seamlessly integrated in a single user interface. Another option is that the bank will operate as a white label bank, which will then have a software as a service provider on top of the BaaP operating as the front-end to the end-customer.

White label banking can be an answer to the challenge platform providers face in attaining customers. It can be used to offer banking services in environments where a large group of users already exist, including chains of grocery stores, hypermarkets or existing online portals. [1]

Integrated BaaS structure vs. single service offering

A single service provider is at a greater risk of failure than a provider that offers a larger portfolio of services. Using an integrated BaaS structure efficiently provides an end-to-end value proposition that frees the service provider from having to develop all the needed peripheral services, including authentication and other security services. Those who adopt the BaaS structure are able to provide a higher level of trust than a smaller provider might do. [5]

Security

Cyber-crime remains a constant and serious threat to the banking industry. The introduction of additional entrance gateways by offering increased amounts of composite online services does increase the risk for cyber-crime. It is important that each service be properly firewalled to prevent malicious intrusions. As such, this presents a challenge to a satisfactory user experience if the user needs to constantly be authenticated while performing an online transaction across several domains or applications. Instead, the many domains and apps that are used need to be interwoven in such a way that once a user has been authenticated, this authentication will carry through as he conducts his transaction. This can be accomplished through the 3 degrees of freedom in digital banking, involving:

Regulations

Banking is a highly regulated industry throughout the world and online banks utilizing BaaS are no exception.

Europe

In Europe, BaaS for FinTechs is overseen by the Payment Services Directive (PSD, 2007/64/EC) and its 2nd amendment (PSD2) that was adopted in November 2015. [7] Banking licenses are overseen by competent national authorities in accordance to Directive 2013/36/EU and Article 14 of Regulation (EU) No 1024/2013. [8] The eIDAS Regulation provides requirements for authentication and electronic identification and trust services for electronic transactions throughout the entire end-to-end process. [9] Additional oversight for financial and insurance transactions are provided through Directive 2004/39/EC [10] and Directive 2016/97/EU. [11]

United States

In the United States, banks are highly regulated at both the state and federal levels. The Securities and Exchange Commission (SEC) is responsible for much of this regulation. [12]

Asia

Asia has a strong disadvantage because of its high fragmentation of jurisdiction areas compared to Europe. FinTechs can plug into the national Banking-as-a-Service hub to provide their specific regulated and licensed face to their customers. [3]

Africa

FinTechs in Africa have provided an original financing solution in a previously unserved and untapped banking market. Because it is primarily mobile-based, Africa FinTech is subject to national jurisdiction in regards to regulating financial markets and mobile telecommunications. [13]

Australia

Australia's government is behind in regulating FinTech in comparison to the European Payment Services Directive. [14]

Brazil

In Brazil, BaaS is regulated by the Brazilian Central Bank within the rules of a Payment Institution. [15] The best known BaaS' fintechs providers in Brazil are Matera, Zoop, Dock, and S3 Bank. [16]

Russia

Russian banks are actively introducing BaaS, for example, the largest private bank Alfa Bank.

See also

Related Research Articles

<span class="mw-page-title-main">Know your customer</span> Financial institution and company-related term

Know Your Customer (KYC) guidelines and regulations in financial services require professionals to verify the identity, suitability, and risks involved with maintaining a business relationship with a customer. The procedures fit within the broader scope of anti-money laundering (AML) and counter terrorism financing (CTF) regulations.

<span class="mw-page-title-main">Markets in Financial Instruments Directive 2014</span> European Union law

Markets in Financial Instruments Directive 2014, commonly known as MiFID 2, is a legal act of the European Union (EU). Together with Regulation No 600/2014 it provides a legal framework for securities markets, investment intermediaries, in addition to trading venues. The directive provides harmonised regulation for investment services of the member states of the European Economic Area — the EU member states plus Iceland, Norway and Liechtenstein. Its main objectives are to increase competition and investor protection, as well as level the playing field for market participants in investment services. It repeals Directive 2004/39/EC.

Friendly fraud, also known as chargeback fraud, cyber shoplifting occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services. Once approved, the chargeback cancels the financial transaction, and the consumer receives a refund of the money they spent. Dependent on the payment method used, the merchant can be accountable when a chargeback occurs.

The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA). The PSD's purpose was to increase pan-European competition and participation in the payments industry also from non-banks, and to provide for a level playing field by harmonizing consumer protection and the rights and obligations of payment providers and users. The key objectives of the PSD2 directive are creating a more integrated European payments market, making payments more secure and protecting consumers.

An identity verification service is used by businesses to ensure that users or customers provide information that is associated with the identity of a real person. The service may verify the authenticity of physical identity documents such as a driver's license, passport, or a nationally issued identity document through documentary verification. Additionally, also involve the verification of identity information (fields) against independent and authoritative sources, such as a credit bureau or proprietary government data.

Data as a service (DaaS) is a cloud-based software tool used for working with data, such as managing data in a data warehouse or analyzing data with business intelligence. It is enabled by software as a service (SaaS). Like all "as a service" (aaS) technology, DaaS builds on the concept that its data product can be provided to the user on demand, regardless of geographic or organizational separation between provider and consumer. Service-oriented architecture (SOA) and the widespread use of APIs have rendered the platform on which the data resides as irrelevant.

Backend as a service (BaaS), sometimes also referred to as mobile backend as a service (MBaaS), is a service for providing web app and mobile app developers with a way to easily build a backend to their frontend applications. Features available include user management, push notifications, and integration with social networking services. These services are provided via the use of custom software development kits (SDKs) and application programming interfaces (APIs). BaaS is a relatively recent development in cloud computing, with most BaaS startups dating from 2011 or later. Some of the most popular service providers are AWS Amplify and Firebase.

Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments. Physical card transactions already commonly have what could be termed strong customer authentication in the EU, but this has not generally been true for Internet transactions across the EU prior to the implementation of the requirement, and many contactless card payments do not use a second authentication factor.

In financial services, open banking allows for financial data to be shared between banks and third-party service providers through the use of application programming interfaces (APIs). Traditionally, banks have kept customer financial data within their own closed systems. Open banking allows customers to share their financial information securely and electronically with other banks or other authorized financial organizations such as payment providers, lenders and insurance companies.

<span class="mw-page-title-main">Fintech</span> Subset of technologies used in finance

Fintech, a clipped compound of "financial technology", refers to firms using new technology to compete with traditional financial methods in the delivery of financial services. The use of smartphones for mobile banking, investing, borrowing services, and cryptocurrency are examples of technologies designed to make financial services more accessible to the general public. Fintech companies consist of both startups and established financial institutions and technology companies trying to replace or enhance the usage of financial services provided by existing financial companies.

Financial technology is an industry composed of companies that use technology to offer financial services. These companies operate in insurance, asset management and payment, and numerous other industries. FinTech has emerged as a relatively new industry in India in the past few years. The Indian market has witnessed massive investments in various sectors adopting FinTech, which has been driven partly by the robust and effective government reforms that are pushing the country towards a digital economy. It has also been aided by the growing internet and smartphone penetration, leading to the adoption of digital technologies and the rise of FinTech in the country

A trust service provider (TSP) is a person or legal entity providing and preserving digital certificates to create and validate electronic signatures and to authenticate their signatories as well as websites in general. Trust service providers are qualified certificate authorities required in the European Union and in Switzerland in the context of regulated electronic signing procedures.

TransferMate is an Irish business-to-business payment technology company which was founded in 2010. The company provides a service to make cross border transfers online, this allows them to receive funds locally and make payments locally with the intention to eliminate the need for intermediary banks and international transfer fees.

India Stack refers to the project of creating a unified software platform to bring India's population into the digital age. Its website describes its mission as follows: "India Stack is a set of open APIs that allows governments, businesses, startups and developers to utilize a unique digital Infrastructure to solve India’s hard problems towards presence-less, paperless, and cashless service delivery" Of the four "distinct technology layers" mentioned on the same page, the first, the "Presenceless Layer" is the most controversial as it involves storing biometric data such as fingerprints for every citizen. Since such markers are widely being adopted to enable cashless payment, the issue arises of fraudulent use of biometrics. The other layers are the Paperless Layer, which enables personal records to be associated with one's online identity; the Cashless Layer, a single interface to all national banks and online wallets; and the Consent Layer, which aims to maintain security and control of personal data.

Auka is a Norwegian, VC-backed financial technology company. Its PSD2 compliant technology platform enables banks to issue white label mobile payments products to their private and merchant customers.

<span class="mw-page-title-main">Solaris (credit institution)</span> German banking-as-a-service credit institution

Solaris SE is a credit institution licensed in Germany, with headquarters in Berlin and branches in London, Paris, Milan, Madrid and Vilnius.

<span class="mw-page-title-main">Neobank</span> Online-only direct bank

A neobank is a type of direct bank that operates exclusively using online banking without traditional physical branch networks that challenge traditional banks.

bunq International fintech company

bunq B.V. is a Dutch fintech and neobank licensed in the Netherlands within the European Union and operating in 30 European countries. It was founded in Amsterdam where its headquarters are currently located.

The development of neobanks in Europe is a trend in the European financial landscape beginning in the 2010s. Neobanks are a type of digital-only bank that offer financial services primarily through mobile and web applications, with little or no reliance on physical branches. The trend was driven by advancements in technology, changing consumer preferences, and supportive regulatory frameworks. Neobanks provide a range of services, including personal accounts, loans, and payment services, with a focus on user-friendly interfaces, low fees, and innovative features. In 2022, European neobank market have generated over 570B transactions.

Open Finance refers to the concept and practice of sharing financial data securely with third-party service providers through Application Programming Interfaces (APIs). It builds upon open banking principles, aiming to broaden access to financial data beyond traditional banking products and services. This initiative emphasises consumer control over financial data, allowing secure sharing to obtain personalized services, better deals, and innovative financial solutions.

References

  1. 1 2 3 Scholten, Ulrich. "Banking-as-a-Service - what you need to know". VentureSkies. Retrieved 25 December 2016.
  2. "FinTech Definition". FinTech Weekly. Retrieved 16 January 2017.
  3. 1 2 3 Skinner, Chris. "Overview of APIs and Bank-as-a-Service in FinTech" (PDF). ASAP Agency Moscow. Retrieved 16 January 2017.
  4. 1 2 Lenk, Alexander; Klems, Markus; Nimis, Jens; Tai, Stefan; Sandholm, Thomas (May 23, 2009). "What's inside the Cloud? An architectural map of the Cloud landscape". 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing. pp. 23–31. doi:10.1109/CLOUD.2009.5071529. ISBN   978-1-4244-3713-9. S2CID   14619005.{{cite book}}: |journal= ignored (help)
  5. Skinner, Chris (September 7, 2014). Digital Bank: Strategies to Launch or Become a Digital Bank. Singapore: Marshall Cavendish International (Asia) Pte Ltd. ISBN   978-9814516464.
  6. Balbas, Luis. "Digital Authentication: Factors, Mechanisms and Schemes". Cryptomathic. Retrieved 17 January 2017.
  7. The European Parliament and the Council. "Directive (EU) 2015/2366 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC". Official Journal of the European Union. Retrieved 17 January 2017.
  8. The European Parliament and the Council. "Directive 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC". Official Journal of the European Union. Retrieved 17 January 2017.
  9. Turner, Dawn M. "Understanding eIDAS". Cryptomathic. Retrieved 17 January 2017.
  10. Commission of the European Communities. "Commission Directive implementing Directive 2004/39/EC of the European Parliament and of the Council as regards organisational requirements and operating conditions for investment firms, and defined terms for the purposes of that Directive" (PDF). European Commission. Retrieved 17 January 2017.
  11. The European Parliament and the Council. "Directive (EU) 2016/97 on insurance distribution (recast)". EUR-Lex. Retrieved 17 January 2017.
  12. Marino, Jon (6 May 2016). "A wave of regulation is coming for fintech". CNBC. Retrieved 17 January 2017.
  13. van der Beek, Wim. "Five factors that differentiate Africa's fintech". CNBCAFRICA. Archived from the original on 18 January 2017. Retrieved 17 January 2017.
  14. Lucas, George. "Australia needs to foster FinTech with level playing field". The Australian Business Review. Retrieved 17 January 2017.
  15. bcb.gov.br/ O que é instituição de pagamento?
  16. globallegalchronicle.com/ Banco BV’s Investment in S3 Bank
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.