top of page

Does BaaS have a future?

The Synapse/Evolve situation has sparked a lot of questions and speculation about the future of BaaS. There’s no question that what happened here is tragic. People got hurt. They can’t pay their mortgages or their kids’ tuition bills.They don’t know when they might see resolution. That should never have happened. 


But I do think that the Synapse matter is an aberration and should not result in a rush to judgment about banking-as-a-service generally.


What is Banking as a Service?


  • BaaS is a partnership between a bank and a non-bank partner to provide financial products and services to customers.

  • In this model, the bank takes regulatory responsibility for the relationship but gives the partner responsibility for managing a lot of the business and operations.

  • The bank oversees how the partner does this and conducts monitoring to make sure it is consistent with law, regulation, and the bank’s policies. The bank also provides banking technology and connectivity to payment systems like ACH and the card networks.


What are the different BaaS models? 


There are many different descriptions of BaaS, and the terminology to describe them varies. In the wake of Synapse’s troubles, many commenters are focused on the distinction between direct and indirect BaaS models.


  • In the most basic version of the direct model, a bank develops its own technology to connect with partners and handles all aspects of the partnership, including sourcing customers and overseeing compliance.

  • A variation of the direct model involves a vendor that provides the technology and connects banks to partners. This is still considered a direct model because the bank contracts directly with the partner and performs all oversight. 

  • The indirect model involves a vendor that provides the technology and contracts with the bank to provide services.  The vendor then contracts with each party and in some cases conducts the day-to-day oversight of the fintechs - albeit subject to ultimate bank approval. That was the Synapse model.


But as my partner, Jonah Crane likes to say, “Direct versus indirect is not the question. The real question is who is doing what?” In other words, have clear roles and responsibilities been established for handling onboarding customers, conducting know-your-customer and anti-money laundering checks, and maintaining a ledger of customer accounts? And has the bank got the data and oversight routines necessary to know everything is working OK?


In the case of Synapse, the who is doing what question was complicated by many of the funds being held through Synapse Brokerage - a regulated broker-dealer owned by Synapse - that then swept funds into bank accounts.  Broker-dealer sweeps are well-established products and have been safely used for many years by companies like Charles Schwab and Fidelity to earn interest on cash held by customers.  


But these sweeps weren’t designed for BaaS.  And importantly, unlike the BaaS models I just described, the end customer doesn’t have a direct customer relationship with a bank in relation to the deposits.  This is a key difference between Synapse and other BaaS providers and that difference has caused many of the most difficult issues here.  It’s a good reason not to panic about the rest of the BaaS sector. 


Why can’t customers access their funds at the banks that relied on Synapse? Aren’t those funds FDIC-insured?


  • The FDIC insures $250,000 per depositor, per insured bank. But that insurance is only available when a bank fails. Here, Synapse has failed. The partner banks have not.

  • The problem is that Synapse spread partner funds across multiple banks, but its ledger apparently didn’t account for which bank held which customers’ funds. 

  • The partner banks are saying they require substantial additional information to determine the amount owed to each end user.

  • In the meantime, many customers are unable to access their funds. However, according to former FDIC Chair Jelena McWilliams who is serving as the Synapse bankruptcy trustee, some customers at least are now being given access to their funds.


According to the Bankruptcy filings, these reconciliation disputes date back at least to 2022. Shouldn’t the partner banks’ regulators have stepped in to resolve the disputes before the consumers got hurt?


  • The banking regulators do not regulate fintechs. But they do regulate the banks and have the authority to examine banks’ third party service providers. 

  • But the Fed and the Arkansas banking regulator today announced a consent order with Evolve bank - one of Synapse’s partners. That consent order references examinations dating back to 2023, which certainly indicates that the regulators have been on the job here.

  • Also, according to the status report Chair McWilliams filed today in the bankruptcy case, Evolve has already distributed approximately $4 million to impacted customers — “on instructions from its regulator.” So, its quite clear the regulators are very involved here.


What does that consent order say?


  • The consent order says that Evolve engaged in unsafe and unsound banking practices by failing to have in place an effective risk management framework for those partnerships. In addition, Evolve did not maintain an effective risk management program or controls sufficient to comply with anti-money laundering laws and laws protecting consumers.

  • The order requires Evolve to get the regulators’ prior approval before establishing any new fintech partners or offering new products or programs to existing partners. So the regulators will be watching Evolve’s BaaS programs very carefully and limiting the program's growth.


Will the consent order have big consequences for Evolve’s financial performance?


  • Not clear. The order recites that Evolve has already taken substantial steps to comply, and its financial performance could already reflect the impact of those steps.


What does the consent order mean for other banks in the BaaS space?


  • The restrictions on new BaaS activities are in line with but somewhat more severe than we’ve seen in other orders related to BaaS. On the whole, I don’t think those restrictions will surprise the industry.

  • I think the most interesting part of the order - and the one of most interest to other BaaS banks - is the requirement that Evolve adjust its capital risk management framework to take account of risks presented by its fintech partnerships.  This is a move we’ve been expecting from the regulators for some time.  And it makes sense: these banks take heightened operational risk but their capital requirements have been based on asset size.  Because banks with under $10 billion in assets are exempt from the Durbin Amendment’s caps on interchange fees, many BaaS banks are small.


Is there any way the consumers will get their money back? If so, when will they get it back? 


  • Chair McWilliams has proposed several possible solutions in the bankruptcy case, including making partial payments to the consumers. Hopefully, the judge will sort that out soon. 

  • Consumers may also find relief if the CFPB find violations of financial protection laws The CFPB - which regulates nonbank providers of financial services - could provide relief from its victims relief fund, called the Civil Penalty Fund. That fund provides money to people who have been harmed by companies that break federal consumer financial protection laws. 

  • It’s also possible at some point that the banking agencies could order the banks involved to pay restitution to their customers. 

  • Either of these remedies would take some time to come to fruition, however.


What does this all mean for BaaS, fintech, and the regulators?


  • Fintech is not going away. Tens of millions of Americans get their financial services through fintechs, and the Synapse mess won’t change that.

  • Also, aspects of the Synapse situation - in particular the inability for partner banks to reconcile the ledger and the role of Synapse brokerage - are not typical of how most of the BaaS world works.

  • But this mess does pose significant communication/messaging challenges for fintechs, partner banks, BaaS technology providers, and the regulators.

    • Fintechs need to show consumers that their money is safe

    • Partner banks need to show their regulators that they maintain vigorous oversight of their fintech partners

    • BaaS technology providers need to show the fintechs and banks they interact with that they are not Synapse

    • Regulators need to continue to demonstrate to the public and Congress that they indeed monitor the third-party risks at their banks.


Cover photo by Paul Fiedler

Comments


bottom of page