Banking As A Service
   HOME

TheInfoList



OR:

Banking as a service (BaaS) is the provision of banking products (such as current accounts and credit cards) to non-bank third parties through APIs.


Description

As a
value network A value network is a graphical illustration of social and technical resources within/between organizations and how they are utilized. The nodes in a value network represent people or, more abstractly, roles. The nodes are connected by interaction ...
, BaaS aims at seamlessly integrating as many service providers as needed into one comprehensive process to complete a financial service in an effective and timely manner. It is implied that a BaaS would include certain features in addition to providing a financial service. There must be means for managing, deploying and delivery of the services' environment. The services must of course be in legal compliance with the banking laws in the regions where it is made available, with (at least) one entity within the process possessing a banking license. Of utmost importance is the assurance that proper mechanisms are in place to provide security, such as strong authentication and additional measures to protect sensitive information from unauthorized access throughout the entire process. These security mechanisms must be in compliance with laws of data protection for the jurisdictions involved. With the proliferation and acceptance of BaaS, the emergence and rapid growth of
FinTech Fintech, a portmanteau of "financial technology", refers to firms using new technology to compete with traditional financial methods in the delivery of financial services. Artificial intelligence, blockchain, cloud computing, and big data are r ...
can be expected. FinTech is “a business that aims at providing financial services by making use of software and modern technology.”


API-based stack

Skinner suggested a 3-layer representation of the BaaS stack. In this stack, the underlying infrastructure-as-a-service is provided by a traditional, licensed and regulated bank. Above this bank would be the centralized
Middleware Middleware is a type of computer software that provides services to software applications beyond those available from the operating system. It can be described as "software glue". Middleware makes it easier for software developers to implement co ...
layer that Skinner refers to as "bank as a service". Added on to the bank as a service is a group of decomposed banking services consisting of an ecosystem of FinTech startups and service providers. With this technology, based on the BaaS-platform, it is possible to create FinTech banks, which could improve banking processes and provide increased convenience for banking clients. In such a constellation, FinTech banks are enabled to compete directly with banks by offering core-banking services without having to build all the products that would be needed. The API-based bank as a service platform serves as the back-end that hosts standalone independent FinTech startups and integrates seamlessly with any existing back-office of traditional banks. This allows non-banks to easily and cost-effectively launch additional financial products and expand into additional markets.


Cloud-based stack

Dynamic development and growth in the world of FinTech have made the API-based Bank-as-a-Service stack obsolete in contexts where tech-companies now own licenses to operate as regulated banks, thus eliminating the reliance on classic banks. Embracing the new developments in financial technology and services, the Banking-as-a-Service stack can be redefined in analogy to the Cloud stack.


Infrastructure as a service (IaaS)

The
infrastructure as a service The first major provider of infrastructure as a service (IaaS) was Amazon in 2008. IaaS is a cloud computing service model by means of which computing resources are supplied by a cloud services provider. The IaaS vendor provides the storage, net ...
(IaaS) layer provides basic infrastructure services through an IaaS provider. A majority of these services would be available on demand and do not necessarily need to be FinTech services (like
Amazon Web Services Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon.com, Amazon that provides Software as a service, on-demand cloud computing computing platform, platforms and Application programming interface, APIs to individuals, companies, and gover ...
or
OVH OVH, legally OVH Groupe SAS, is a French cloud computing company which offers VPS, dedicated servers and other web services. As of 2016 OVH owned the world's largest data center in surface area. As of 2019, it was the largest hosting provide ...
). This layer would include the server and communication hardware (
physical layer In the seven-layer OSI model of computer networking, the physical layer or layer 1 is the first and lowest layer; The layer most closely associated with the physical connection between devices. This layer may be implemented by a PHY chip. The ...
).


Banking as a platform (BaaP)

At the top of the IaaS model would be banking as a platform provider (BaaP). The BaaP would be a bank that is fully licensed or use an external regulated bank's licensed banking services. The decomposed banking services (FinTech SaaS) are in essence, plugged into this layer. Data-security plays a crucial role in the BaaP. There is a need for monitoring functions that will enable seamless and secure operations across applications and domains through secure authentication.


FinTech SaaS

FinTech
SaaS Software as a service (SaaS ) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as "on-demand software" and Web-based/Web-hosted software. SaaS is cons ...
(software as a service) refers to all atomic or composite software-based financial services that are available on-demand. When these services are provided through a BaaP, they will need to be compliant with the BaaP's API specifications. The services may either be physically deployed in the BaaP's domain or work externally. This gives the potential for the ability to plug financial services from other banks into the BaaP to create new
composite application In computing, a composite application is a software application built by combining multiple existing functions into a new application. The technical concept can be compared to mashups. However, composite applications use business sources (e.g., exi ...
services. The result is that traditional banking services can now be virtualized and dispatched via
composite application In computing, a composite application is a software application built by combining multiple existing functions into a new application. The technical concept can be compared to mashups. However, composite applications use business sources (e.g., exi ...
services. This does, however, present a challenge in verifying that none of the plugged-in services will violate regulations that have been imposed by banking authorities.


HuaaS

Humans as a service represents the top layer of the proposed revision of the BaaS stack. While at the onset this layer may not seem especially important, as FinTech services continue to grow as a segment in the financial service market, services performed by Cloudworkers will take on increased importance. This is a behind the scenes component that end-users will be unable to discern between a complete automated service and one that includes HuaaS.


Potential consequence

The consequence of having a decomposed stack is that there are multiple ways that the customer's front-end could be presented. One way would allow the BaaP provider to appear directly as a bank to its customers. This necessitates the provision of a front-end user interface to the end-customers including user authentication and other features. The bank would appear as any other online bank where all banking services are presented and seamlessly integrated in a single user interface. Another option is that the bank will operate as a white label bank, which will then have a software as a service provider on top of the BaaP operating as the front-end to the end-customer. White label banking can be an answer to the challenge platform providers face in attaining customers. It can be used to offer banking services in environments where a large group of users already exist, including chains of grocery stores, hypermarkets or existing online portals.


Integrated BaaS structure vs. single service offering

A single service provider is at a greater risk of failure than a provider that offers a larger portfolio of services. Using an integrated BaaS structure efficiently provides an end-to-end value proposition that frees the service provider from having to develop all the needed peripheral services, including authentication and other security services. Those who adopt the BaaS structure are able to provide a higher level of trust than a smaller provider might do.


Security

Cyber-crime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing the ...
remains a constant and serious threat to the banking industry. The introduction of additional entrance gateways by offering increased amounts of composite online services does increase the risk for cyber-crime. It is important that each service be properly firewalled to prevent malicious intrusions. As such, this presents a challenge to a satisfactory user experience if the user needs to constantly be authenticated while performing an online transaction across several domains or applications. Instead, the many domains and apps that are used need to be interwoven in such a way that once a user has been authenticated, this authentication will carry through as he conducts his transaction. This can be accomplished through the 3 degrees of freedom in
digital banking Digital banking is part of the broader context for the move to online banking, where banking services are delivered over the internet. The shift from traditional to digital banking has been gradual and remains ongoing, and is constituted by diffe ...
, involving: * Identity federation across domains * Identity propagation across apps * Level of authentication


Regulations

Banking is a closely regulated industry throughout the world and online banks utilizing BaaS are no exception.


Europe

In Europe, BaaS for FinTechs is overseen by the
Payment Services Directive The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive, administered by the European Commission (Directorate General Internal Market) t ...
(PSD, 2007/64/EC) and its 2nd amendment (
PSD2 The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive, administered by the European Commission (Directorate General Internal Market) to ...
) that was adopted in November 2015. Banking licenses are overseen by competent national authorities in accordance to Directive 2013/36/EU and Article 14 of Regulation (EU) No 1024/2013. The
eIDAS eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. It was established in EU Regulation 910/2014 ...
Regulation provides requirements for
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
and
electronic identification An electronic identification ("eID") is a digital solution for proof of identity of citizens or organizations. They can be used to view to access benefits or services provided by government authorities, banks or other companies, for mobile payment ...
and trust services for electronic transactions throughout the entire end-to-end process. Additional oversight for financial and insurance transactions are provided through Directive 2004/39/EC and Directive 2016/97/EU.


United States

In the United States, banks are highly regulated at both the state and federal levels. The
Securities and Exchange Commission The U.S. Securities and Exchange Commission (SEC) is an independent agency of the United States federal government, created in the aftermath of the Wall Street Crash of 1929. The primary purpose of the SEC is to enforce the law against market ...
(SEC) is responsible for much of this regulation.


Asia

Asia has a strong disadvantage because of its high fragmentation of jurisdiction areas compared to Europe. FinTechs can plug into the national Banking-as-a-Service hub to provide their specific regulated and licensed face to their customers.


Africa

FinTechs in Africa have provided an original financing solution in a previously unserved and untapped banking market. Because it is primarily mobile-based, Africa FinTech is subject to national jurisdiction in regards to regulating financial markets and mobile telecommunications.


Australia

Australia's government is behind in regulating FinTech in comparison to the European Payment Services Directive.


Brazil

In Brazil, BaaS is regulated by the Brazilian Central Bank within the rules of a Payment Institution. The best known BaaS' fintechs providers in Brazil are Matera, Zoop, Dock, and S3 Bank.


Russia

Russian banks are actively introducing BaaS, for example, the largest private bank Alfa Bank.


See also

*
Account aggregation Account aggregation sometimes also known as financial data aggregation is a method that involves compiling information from different accounts, which may include bank accounts, credit card accounts, investment accounts, and other consumer or busin ...
*
Online banking Online banking, also known as internet banking, web banking or home banking, is an electronic payment system that enables customers of a bank or other financial institution to conduct a range of financial transactions through the financial inst ...
*
Open banking Open banking is a financial services term within financial technology. It refers to: #The use of open APIs that enable third-party developers to build applications and services around the financial institution. #Greater financial transparency ...


References

{{Privacy Financial markets Banking technology As a service