Banking as a Service and BaaP — Banking as a Platform, their benefits, and challenges. 

By Arturo Alejandro Canseco Alvarez , Legal & Fintech associate at Ramos, Ripoll & Schuster firm Mexican community partner at Fintech Connector


Currently banks are running on monolithic traditional banking systems i.e Monolith architectures encompass all core banking services in a single, fully integrated piece of software. A successful strategy for overcoming this situation is to break the monolithic services into distributed and decentralized microservices, where Banking is provided as a service in the cloud.

Through this  model licensed banks integrate their digital banking services directly into the products of other non-bank businesses. This way, a non-bank business, such as your airline, can offer its customers digital banking services such as mobile bank accounts, debit cards, loans and payment services, without needing to acquire a banking licence of their own.

The concepts BaaS — Banking as a Service and BaaP — Banking as a Platform emerge as a way to formalize this strategy and consolidate the related efforts of FinTechs, Software Factories, and Stakeholders.


BaaS is the end-to-end process, ensuring the comprehensive completion of a financial service, provided via the Internet on-demand and managed within a specified timeframe”

Banking-as-a-Platform layer as follows: “The services are like Lego bricks: the partners can pick the bricks they require and assemble custom solutions to fit their business needs. Partners can access services via easy-to-implement APIs.”

The most innovative banks understand this perfectly, which is why they take full advantage of artificial intelligence to provide a more humanized digital experience. In other words, taking traditional customers by the hand into a safe and friendly digital environment, that’s BaaS, the new era of financial services.


The main points of BaaS

I think we are living a digital transformation and the banking is not the exception. We are replacing the legacy model of banking, where everything is packaged in a monolithic system, by a modern and dynamic end-to-end process, which ensures the overall execution of financial services through a value chain based on microservices and APIs — application programming interface, exposed over the web.


BaaS and BaaP aim to provide services offered by the next components using the platforms available in the cloud.

BaaS is a necessary shift in the bank/customer relationship. Driven by decreased branch reliance and the adoption of digital and mobile capabilities, we’re focused on building solutions that provide our customers with valuable, effortless, trusted, and personalized experiences. images may subject to copyright


New challenges for BaaS 2020


Legacy Core Banking systems that don’t support new business models and products

Internal champions to advocate and evangelize open APIs to prospective partners with a keen understanding of platform business models

Adapting a culture to move away from traditional banking to “ Facebook for banking” mindset with the organization and product vision


What regulations are important in BaaS?


Core to the Banking as a Service activity of Fintechs in Europe is the Payment Services Directive (PSD, 2007/64/EC), and in particular, its 2nd amendment, known as PSD2, adopted in November 2015. PSD2 provides enhanced consumer protection in the context of online payment processes. The directive has been defined to ensure the coordination of national prudential regulation and supervision, the access of new payment service providers to the market, information requirements, and the respective rights and obligations of payment services users and providers.

The granting of banking license itself falls under the responsibility of the competent national authorities in the corresponding countries where a financial institution is registered (regulated in Directive 2013/36/EU in connection with Article 14 of Regulation (EU) No 1024/2013 of 15 October 2013). Following the principle of a single authorization, a financial institution that has been granted a license can provide services throughout the whole European Single Market. Looking at requirements of authentication and potentially signed transactions, the eIDAS Regulation on electronic identification and trust services for electronic transactions in the internal market plays a vital role throughout the whole end-to-end process.

Looking at the role of online banks in the context of investment activities, the Markets in Financial Instruments Directive (Directive 2004/39/EC). may play a role. It is in force since November 2007 and governs the provision of investment services in financial instruments by online banks and the operation of traditional stock exchanges and alternative trading venues.

Assuming, that Banking-as-a-Service will not be limited to pure financial transactions, another directive potentially involved is the Insurance Distribution Directive or IDD (Directive 2016/97/EU) regulating the activities and online distribution of insurance products: intermediaries, insurance companies, their employees, bank-assurance, etc.

As the safe harbor agreement with the US is still under revision there is a constraint on data storage: To be compliant with European data protection laws, customer data of financial institutions must not leave the area of jurisdiction. In specific, a European bank would not be able to use an Infrastructure-as-a-Service (IaaS) provider from the USA like AWS.



In the USA, banking regulation is highly decentralized, regulated at both the federal and state level.

The U.S. Securities and Exchange Commission (SEC) has its hand in a lot of this, especially in investment/banking platforms such as Robinhood, Wealthfront, Acorns, etc. These platforms can’t be backed by the Federal Deposit Insurance Corporation FDIC (which insures deposits, protects investments, etc.) if the platform is not in compliance with SEC requirements for security.

It’s still a topic that is controversially debated, as the bigger banks (e.g. Bank of America, Wells Fargo, HSBC, etc.) are highly regulated, while FinTechs have much more freedom to blaze ahead into cloud services, IoT, etc.

Haskell Garfinkel of PWC says that the regulation of the financial service in the U.S. builds on safety, soundness, and consumer protection. In his view, regulators aim at balancing this with the plethora of innovation flooding in with the Fintech industry.


In comparison with Europe, Asia has a big disadvantage of the high fragmentation of areas of jurisdiction. As a workaround, Skinner suggests that FinTechs plug into national Banking-as-a-Service hub, using their nationally regulated and licensed face to the customers





Having been largely unserved, by traditional banking, FinTechs in Africa is not disrupt anything but rather providing an original financing solution in a largely untapped market of highest demand. As an example, MFS Africa provides a cross-border mobile money gateway, reaching 120 million wallets. Africa’s FinTech market is highly based on the mobile connection which puts the market under a dual challenge, with highly fragmented markets of national jurisdiction, regulating the mobile telecommunication and the financial market.



As criticized in a recent article by The Australian, government regulation in Australia is lacking behind global developments, missing to push data sharing and interwoven supply chains via open APIs to the FinTech community, as provided e.g., in the European Payment Services Directive.

Arturo Alejandro Canseco
Latest posts by Arturo Alejandro Canseco (see all)