The Green Sheet Online Edition
September 8, 2025 • 25:09:01
Banking-as-a-Service
Banking-as-a-Service (BaaS) is white-label banking. It describes a business model wherein a financial institution provisions its banking infrastructure (payment system access, licensing, compliance) to third-parties who in turn seek to provide digital banking, payment services and/or other bank-type products. I define BaaS to include both banks that have integrated a solution providers’ digital offering and fintechs that have integrated into a bank.
BaaS refers to a financial infrastructure platform. It is distinct from open banking, which focuses on data access, and embedded banking, which delivers banking services within non-bank apps. Think of BaaS as the plumbing and embedded banking as the faucet, while open banking is the meter.
Bond, for example, is a platform that integrates with partner banks and provides a compliance layer for fintechs to provide their end customers a UI/UX framework. Fintechs that partner with Bond have a readily scalable and compliant BaaS platform to launch debit and credit products.
BaaS differs from (but also benefits from) open banking or fintechs that aggregate and provide banking data. Open banking allows an app to read your bank data to assist clients with making optimal financial decisions.
Plaid, for example, acts as a bridge between a user’s bank account and a third-party app that might monitor spending at discretionary businesses. Data aggregators are similar to open banking providers, but the open-banking term implies both banking and compliance. Not all data aggregators are compliant.
A complete 360
Section 1033 of the 2010 Dodd-Frank Act introduced provisions to give consumers a right to data held on their behalf by financial providers. Section 1033 remains Federal Law and states, in part, "A covered person shall make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person."
Consumers remain legally entitled to access to their financial data. The CFBP is obligated to create rules governing how that access should work. In October 2024, the CFBP published its Final Rule, titled Personal Financial Data Rights Rule. It required financial institutions and other covered entities to provide consumers’ financial data to qualified third parties (including data aggregators) upon request, for free, via secure, standardized APIs.
The Trump Administration proposed reducing CFPB staff by 90 percent from its recent level of nearly 1,800 people. Current CFPB leadership filed a motion to vacate its own Personal Financial Data Rule. The upshot is the CFBP’s Final Rule is the opposite of final and is no longer a rule.
BaaS is coming
We are left with an uncertain fate. The CFPB is still legally bound to enforce Section 1033, and the right of consumers to access their financial data remains (presumably) protected. The framework and enforcement mechanisms are in limbo until the embattled CFPB puts forth a definitively final and enforced regulation.
During this uncertainty period, new partnerships may be forged. JPMorgan’s recent and new fee structure for data aggregators is one example. My view is JPMorgan is attempting to set the rate at which data aggregators may access such data.
A fair fee will encourage all financial institutions to participate and will still realize the intent of the Dodd-Frank Act.
These fees will provide a sustainable funding model for a secure API infrastructure. After all, the banks work hard to build their customer base; there needs to be recognition for that marketing effort and the securing of the data. While this will increase the costs to fintechs, it will not slow the adoption of BaaS.
Banks will need the support of their core platforms to initiate this fee, but they should demand this ability from their vendors. BaaS is evolutionary. Fintechs will seek creative ways to subsidize data-aggregator fees provided they are reasonable. Perhaps the data itself will be valuable enough, or the interchange on debit transactions.
Whatever the mechanism, BaaS will persist and flourish. Today, I use one app for my business and personal needs. I easily transfer funds to members of my family, between my own accounts, pay vendors via ACH and accept payments.
We still have plenty to solve such as third-party oversight and dispute rules for RTP and FedNow. I’ll reserve those for another article and declare, with the confidence of Arya Stark, BaaS is coming. 
As founder of Humboldt Merchant Services, co-founder of Eureka Payments, and a former executive for such payments innovators as WePay, a division of JPMorgan Chase, Ken Musante has experience in all aspects of successful ISO building. He currently provides consulting services and expert witness testimony as founder of Napa Payments and Consulting, www.napapaymentsandconsulting.com. Contact him at kenm@napapaymentsandconsulting.com, 707-601-7656 or www.linkedin.com/in/ken-musante-us.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
