In May, Tesla announced it was recalling over a million of its vehicles in China, due to safety concerns. Mass production and interchangeable parts may have enabled incredible innovation, but it does mean if there’s something awry with a part or the design, there’s going to be a problem with everything that’s been produced, sometimes resulting in the need to claw back every sold product.

We can see the same problems in software development. No one builds anything out of whole cloth, they instead build on what has gone before. Unfortunately, the risks of this are sometimes very clear. Log4j was a simple logging tool embedded in almost every online server that suddenly became a huge liability when it was found to be vulnerable to attack. It was as if every car was found to have a faulty part. There was no need for a mass recall, but every system with this piece of software needed to be patched—and plenty remain that have not received this vital attention.

A single point of failure?

The rise of fintech has meant technical enhancements such as a better user experience, better access to services, continuous development, and much more. But it has also added risk—particularly with the rise of Banking-as-a-Service (BaaS).

The terms BaaS, embedded finance and embedded banking are sometimes used interchangeably, but they are not quite the same. BaaS here refers to the provision of banking services to a third party and does not necessarily have to be provided by a licensed bank—e-money institutions can also provide services such as accounts, virtual and physical cards, access to payment rails, and more. With embedded banking and finance, services such as payments or lending are provided by a fully licensed bank and integrated into services.

BaaS is used by a massive 82% of fintechs, with BaaS-related services pulling in an average of 45% of a fintech’s overall revenue stream. But it’s also used by many non-fintech consumer-facing brands and increasingly by B2B businesses too. It being a new and growing sector, there can be confusion over what services are expected, and what is provided—while many other banking products have been around for a long time, people either know what they want or can find advice easily. BaaS customers—both the service provider and the end user—may find they are not receiving the service they expect.

But there are other, potentially bigger risks. Everyone knows the name Wirecard, which essentially provided BaaS services. Railsr, another big name, is another high-profile player that had to be rescued after going into administration. Others have faced regulatory attention and oversight, partly due to compliance concerns and partly down to caution over the rapid growth of these businesses—being new, can they be as resilient as institutions that have been around for decades?

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Are regulators right to be concerned? Perhaps. Like a machined piece of hardware fitted to every model of a particular car, or open-source software built into every server, BaaS has the potential to be a single point of failure—if something goes wrong, it could touch every business that uses these services.

Recent financial panics, such as over Silicon Valley Bank, is only heightening these fears. The market has evolved a key number of BaaS providers that now underpin hundreds of financial products and services, both for financial providers and non-financial providers. If one collapses, is found to be operating without the right safeguards, or has other underlying problems, the effects could be extended far beyond a single provider.

Creating certainty

There is no simple quick fix to solve these issues. BaaS is big, is predicted to get even bigger, and has the potential to create real change and innovation in sectors way beyond fintech. Regulators who have worked hard to support the changes wrought by fintech, for example through Open Banking, are unlikely to want to curb businesses that are safely and thoughtfully providing BaaS.

At the same time, an uncertain economic climate and market contraction has the potential to create real problems. How can it balance these demands? We believe that there are three “C”s that regulators and BaaS providers need to focus on.


BaaS is relatively new, but it has been around long enough that regulators have had time to understand this market and how it should work to the benefit of all. Regulations need to be clear on what BaaS providers need to do to be compliant and keep their customers safe. For instance, some BaaS providers have a full banking licence, while others do not. How do these more lightly regulated fintech’s ensure that their customers are fully protected?

Some BaaS providers have partnered with banks, while others have been acquired by banks, and these will enjoy the benefits of more experienced compliance departments. However, demanding that BaaS providers have access to a banking licence may be a step too far—is there a middle ground, and can it be set forth in clear regulation? The new Consumer Duty, which includes manufacturers (which includes BaaS providers) is a step in the right direction but more needs to be done.


A key consideration is how to apply regulation consistently in a market with many different players with different offerings, from card issuing to full FSCS insured bank accounts for end customers. Any regulation will need to take this into account and ensure both consistency and fairness. Smaller startups could be stifled by having to take on board the same regulatory requirements as a huge multinational bank, but at the same time they cannot shirk their responsibilities when it comes to, for example, anti-money laundering checks. An equitable rather than equal playing field where everyone can compete will be a big challenge for any regulator.


BaaS services are still evolving, with new use cases being created and providers adding new offerings as their customers demand it. It is not only a growing market, but a shifting one—especially as uncertainty demands that some providers shift their focus or even pivot completely. Proposals need to take this into account and be future-looking, covering all aspects of BaaS today and what new services may arise tomorrow.

It’s no small ask. Regulation needs to cover many different types of provider while at the same time encouraging innovation and competition. But even as we see a few high-profile failures in the market, we also see consolidation and growth as the market builds on its promise and offers the opportunity for any brand to be a financial services provider. Sensible and measured regulation can ensure that BaaS customers are protected while this sector grows—perhaps even to a point where it can be properly defined.

But the onus should not be on regulators alone. BaaS providers have a responsibility to show that they are not a single point of failure, operate to the highest standards and provide reassurances to all that this growing market is safe and resilient.

Emma Hagan is Chief Risk and Compliance Officer, ClearBank