Embedded banking has moved well beyond a niche trend. It’s now a primary revenue driver and a powerful way to deepen customer relationships. It has become a central focus for financial institutions because it represents the future of how banking products and services are delivered. But the opportunity doesn’t come without significant risk, and a shifting regulatory environment demands that banks be more vigilant, not less.
By 2029, the embedded banking sector is expected to generate upwards of $90bn in revenue — and the market’s overall value could even exceed $7.2tn by 2030. These numbers aren’t surprising. Rather than making “banking all about the bank” — which has been the prevailing paradigm — embedding banking takes the bank to where the customer already is: managing their financial lives, running their businesses, engaging with the brands they trust. The more intuitive and seamless that experience is, the deeper the relationship becomes. That’s the real value: not just another channel, but a fundamentally better way to serve consumers and small businesses.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
But convenience can’t outpace risk, and growth cannot come at the expense of safety and soundness. Banks must balance rapid expansion with robust governance and compliance controls — particularly as federal and state standards change and evolve. Embedded banking isn’t a shortcut to growth, and it is certainly not getting “easier.” Banks that enter this space simply because it appears more permissive are making a dangerous miscalculation. A less prescriptive regulatory posture doesn’t reduce the obligation to deliver a safeguarded experience. If anything, it raises the bar for demonstrating sound judgment and self-governance.
Embedded banking significantly expands the risk surface — not just cyber threats and bad actors, but across the full spectrum of operational, compliance and consumer protection risk. With confidential data and regulated transactions flowing across financial institutions, technology platforms and partner enterprises, banks must think about risk holistically and ensure “Defense in Depth” through layered structures that protect consumers, capital and the integrity of the banking system.
Embedded banking can no longer be an add-on capability; it must be woven into the bank’s core infrastructure. The underlying technology must handle real-time data exchange, identity verification, transaction monitoring and authentication across every interaction. Large banks are spending billions to build or acquire these capabilities in-house. But this isn’t just a large bank game. Community banks that take a strategic, partnership-driven approach — leveraging the right platforms while maintaining centralised control of risk management and compliance — can compete effectively and, in many ways, more nimbly.
Not every bank can or should try to build everything from scratch. The key is owning the relationship with customers, data and risk. In well-structured embedded banking models, partner “branches” operate as extensions of the bank, under an umbrella of operations, compliance and risk management. That means the bank contracts directly with the customer, maintains full visibility and control of funds, ensuring end-to-end oversight. When structured this way, embedded banking becomes a durable, scalable model rather than a shortcut.
The regulatory false signal – and what it really means
What we’re witnessing right now is not deregulation, but a recalibration towards true financial risk: the material risks to consumers, to the banking system and to the broader economy. Those without deep regulatory experience are misinterpreting this shift as “laxness” or an easing of standards. It’s a false signal, and acting on it is dangerous. The oversight isn’t disappearing — it’s evolving. And the banks that mistake this evolution for permission to cut corners are the ones most likely to find themselves in serious trouble.
In embedded banking, this means the regulatory focus is less about technical checklists and more about whether banks can demonstrate real command over the risks they face. Can bank partners show their third-party risk management framework has depth and breadth? Do these institutions have full visibility of customer data and funds? Are their BSA/AML, along with consumer compliance programs, scaled to the necessary complexity of partner ecosystems? The institutions that can answer “yes” — with evidence, not assertions — are the ones that will thrive. Those who confuse less prescriptive regulation with less regulation will not.
As regulations evolve, banks must still demonstrate strong judgment and prove they can be trusted to handle the full scope of their compliance and oversight responsibilities. This isn’t just about passing exams — it’s about building a culture of risk management that permeates every level of the organization, from the boardroom to the front line.
The challenge — and the opportunity — is delivering this at scale, across billions of dollars in deposits and payments. We’ve already seen what happens when the structures aren’t right: consumers lose access to their funds, regulatory actions follow and entire business models unravel. The cost of getting this wrong goes well beyond fines – it undermines the system itself. That’s why embedded banking must be treated as core banking infrastructure, not a bolt-on product.
Building for durability, not just growth
Embedded banking is no longer a “feature” — it’s a full-fledged banking platform that must be built on the same foundation as any sound bank: deposits, loans, capital, liquidity and payments. And perhaps most importantly, it requires unwavering strategic commitment from the board and the C-suite. This is not a side project.
The effort required should not be underestimated. Banks have to navigate layered federal and state regulatory requirements — licensing, data privacy, consumer protection, BSA/AML — while ensuring that their technology stack can handle real-time demands. The principle banks follow is “leveraging the similarities and risk managing the differences,” which means build as much standardisation and homogeneity into your data, technology and compliance infrastructure as possible, so that you can clearly identify and manage the heterogeneity that inevitably comes with multiple partnerships. That’s how you scale without losing control.
A call for intentionality
The momentum behind embedded banking is real and durable. But lasting success isn’t built on momentum alone; it’s built on experience, disciplined risk management and an infrastructure designed to scale. This is a long-term strategic commitment, not a quarter-by-quarter play. It requires sustained investment in people, technology, controls and culture.
Financial institutions that embrace the essential nature of bank regulation tend to perform better over time. While innovation may challenge antiquated paradigms that create unnecessary burden and inefficiency, safety and soundness remain non-negotiable. The banks that will win in embedded banking are those with the experience, judgment and integrity to do this right — not the ones chasing a false signal. Regulatory cycles will always change. The principles of sound banking never do.
Chris Black is CEO and President of Thread Bank
