Banking as a Service

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
"Banking as a Service" Stack based on the Cloud stack by Scholten, derived from Lenk et al.

Banking as a Service (BaaS) (also: Banking-as-a-Service) is an end-to-end process ensuring the overall execution of a financial service provided over the Web. Such a digital banking service is available on demand and is carried out within a set time-frame.[1]

Description[edit]

As a value network, BaaS aims at seamlessly integrating as many service providers as needed into one comprehensive process to complete a financial service in an effective and timely manner. It is implied that a BaaS would include certain features in addition to providing a financial service. There must be means for managing, deploying and delivery of the services' environment. The services must of course be in legal compliance with the banking laws in the regions where it is made available, with (at least) one entity within the process possessing a banking license. Of utmost importance is the assurance that proper mechanisms are in place to provide security, such as strong authentication and additional measures to protect sensitive information from unauthorized access throughout the entire process. These security mechanisms must be in compliance with laws of data protection for the jurisdictions involved. With the proliferation and acceptance of BaaS, the emergence and rapid growth of FinTech can be expected. FinTech is “a business that aims at providing financial services by making use of software and modern technology.” [2]

API-Based Bank as a Service Stack[edit]

Chris Skinner suggested this Banking as a Service stack with a licensed bank as foundation, a BaaS as middleware and an ecosystems of FinTechs on top.

Chris Skinner suggested a 3-layer representation of the BaaS stack. In this stack, the underlying infrastructure-as-a-service is provided by a traditional, licensed and regulated bank. Above this bank would be the centralized Middleware layer that Skinner refers to as “Bank as a Service.” Added on to the Bank-as-a-Service is a group of decomposed banking services consisting of an ecosystem of FinTech startups and service providers. With this technology, based on the BaaS-platform, it is possible to create FinTech banks, which could improve banking processes and provide increased convenience for banking clients. In such a constellation, FinTech banks are enabled to compete directly with banks by offering core-banking services without having to build all the products that would be needed. The API-based Bank as a Service platform serves as the back-end that hosts standalone independent FinTech startups and integrates seamlessly with any existing back-office of traditional banks. This allows non-banks to easily and cost-effectively launch additional financial products and expand into additional markets.[3]

Cloud-based Banking as a Service stack[edit]

Dynamic development and growth in the world of FinTech have made the API-based Bank-as-a-Service stack obsolete in contexts where tech-companies, now own licenses to operate as regulated banks, thus eliminated the reliance on classic banks (e.g., Solaris Bank).[4] Embracing the new developments in financial technology and services, the Banking-as-a-Service stack can be redefined in analogy to the Cloud stack.[5][1]

Infrastructure as a Service (IaaS)[edit]

The Infrastructure as a Service (IaaS) layer provides basic infrastructure services through an IaaS provider. A majority of these services would be available on demand and do not necessarily need to be FinTech services (like Amazon Web Services or OVH). This layer would include the server and communication hardware (physical layer).[1]

Banking as a Platform (BaaP)[edit]

At the top of the IaaS model would be Banking as a Platform provider (BaaP). The BaaP would be a bank that is fully licensed or use an external regulated bank’s licensed banking services. The decomposed banking services (FinTech SaaS) are in essence, plugged into this layer. Data-security plays a crucial role in the BaaP. There is a need for monitoring functions that will enable seamless and secure operations across applications and domains through secure authentication.[1]

FinTech SaaS[edit]

FinTech SaaS (Software as a Service) refers to all atomic or composite software-based financial services that are available on-demand. When these services are provided through a BaaP, they will need to be compliant with the BaaP’s API specifications. The services may either be physically deployed in the BaaP's domain or work externally. This gives the potential for the ability to plug financial services from other banks into the BaaP to create new composite application services. The result is that traditional banking services can now be virtualized and dispatched via composite application services. This does, however, present a challenge in verifying that none of the plugged-in services will violate regulations that have been imposed by banking authorities.[1]

HuaaS[edit]

Humans as a Service [5] represents the top layer of the proposed revision of the BaaS stack. While at the onset this layer may not seem especially important, as FinTech services continue to grow as a segment in the financial service market, services performed by Cloudworkers will take on increased importance. This is a behind the scenes component that end-users will be unable to discern between a complete automated service and one that includes HuaaS.[1]

Potential consequence[edit]

The consequence of having a decomposed stack is that there are multiple ways how the customer’s front-end could be presented. One way would allow the BaaP provider to directly appear as a bank to its customers. This necessitates the provision of a front-end user interface to the end-customers including user authentication and other features. The bank would appear as any other online bank where all banking services are presented and seamlessly integrated in a single user interface. Another option is that the bank will operate as a white label bank, which will then have a Software as a Service provider on top of the BaaP operating as the front-end to the end-customer. White label banking can be an answer to the challenge platform providers face in attaining customers. It can be used to offer banking services in environments where a large group of users already exist, including chains of grocery stores, hypermarkets or existing online portals.[1]

Integrated BaaS structure vs. single service offering[edit]

A single service provider is at a greater risk of failure than a provider that offers a larger portfolio of services. Using an integrated BaaS structure efficiently provides an end-to-end value proposition that frees the service provider from having to develop all the needed peripheral services, including authentication and other security services. Those who adopt the BaaS structure are able to provide a higher level of trust than a smaller provider might do.[6][1]

Security[edit]

Cyber-crime remains a constant and serious threat to the banking industry. The introduction of additional entrance gateways by offering increased amounts of composite online services does increase the risk for cyber-crime. It is important that each service to be properly firewalled to prevent malicious intrusions. As such, this presents a challenge to a satisfactory user experience if the user needs to constantly be authenticated while performing an online transaction across several domains or applications. Instead, the many domains and apps that are used need to be interwoven in such a way that once a user has been authenticated, this authentication will carry through as he conducts his transaction. This can be accomplished through the 3 degrees of freedom in digital banking, involving:

  • Identity federation across domains
  • Identify propagation across apps
  • Level of authentication [7]

Regulations[edit]

Banking is a closely regulated industry throughout the world and online banks utilizing BaaS are no exception.

Europe[edit]

In Europe, BaaS for FinTechs is overseen by the Payment Services Directive (PSD, 2007/64/EC) and its 2nd amendment (PSD2) that was adopted in November 2015.[8] Banking licenses are overseen by competent national authorities in accordance to Directive 2013/36/EU and Article 14 of Regulation (EU) No 1024/2013.[9] The eIDAS Regulation provides requirements for authentication and electronic identification and trust services for electronic transactions throughout the entire end-to-end process.[10] Additional oversight for financial and insurance transactions are provided through Directive 2004/39/EC [11] and Directive 2016/97/EU.[12]

USA[edit]

In the United States, banks are highly regulated at both the state and federal levels. The Securities and Exchange Commission (SEC) is responsible for much of this regulation.[13]

Asia[edit]

Asia is a great disadvantage because of its high fragmentation of jurisdiction areas compared to Europe. FinTechs can plug into the national Banking-as-a-Service hub to provide their specific regulated and licensed face to their customers.[3]

Africa[edit]

FinTechs in Africa have provided an original financing solution in a previously unserved and untapped banking market. Because it is primarily mobile-based, Africa FinTech is subject to national jurisdiction in regards to regulating financial markets and mobile telecommunications.[14]

Australia[edit]

Australia’s government is behind in regulating FinTech in comparison to the European Payment Services Directive.[15]

Outlook[edit]

Currently, the banking market in the whole is just beginning to adopt the BaaS model. It is expected that new business models will emerge in the near future. Enhanced security will be needed, like the inclusion of electronically signed signing transactions with authenticated originators and signed code by authenticated FinTech SaaS providers documenting the origin of the service and preventing tampering with code.[1]

See also[edit]

References[edit]

  1. ^ a b c d e f g h i Scholten, Ulrich. "Banking-as-a-Service - what you need to know". VentureSkies. Retrieved 16 January 2017.
  2. ^ "FinTech Definition". FinTech Weekly. Retrieved 16 January 2017.
  3. ^ a b Chris, Skinner. "Overview of APIs and Bank-as-a-Service in FinTech" (PDF). ASAP Agency Moskow. Retrieved 16 January 2017.
  4. ^ Blankenagel, Philipp. "A tech company with a banking license: solarisBank offers the first banking platform for the digital economy". Solarisbank.de. Retrieved 16 January 2017.
  5. ^ a b Lenk, Alexander; Klems, Markus; Nimis, Jens; Tai, Stefan; Sandholm, Thomas (May 23, 2009). "What's Inside the Cloud? An Architectural Map of the Cloud Landscape" (PDF). CLOUD’09, Vancouver, Canada. Retrieved 16 January 2017.
  6. ^ Skinner, Chris (September 7, 2014). Digital Bank: Strategies to Launch or Become a Digital Bank. Singapore: Marshall Cavendish International (Asia) Pte Ltd. ISBN 978-9814516464.
  7. ^ Balbas, Luis. "Digital Authentication: Factors, Mechanisms and Schemes". Cryptomathic. Retrieved 17 January 2017.
  8. ^ The European Parliament and the Council. "Directive (EU) 2015/2366 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC". Official Journal of the European Union. Retrieved 17 January 2017.
  9. ^ The European Parliament and the Council. "Directive 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC". Official Journal of the European Union. Retrieved 17 January 2017.
  10. ^ Turner, Dawn M. "Understanding eIDAS". Cryptomathic. Retrieved 17 January 2017.
  11. ^ Commission of the European Communities. "Commission Directive implementing Directive 2004/39/EC of the European Parliament and of the Council as regards organisational requirements and operating conditions for investment firms, and defined terms for the purposes of that Directive" (PDF). European Commission. Retrieved 17 January 2017.
  12. ^ The European Parliament and the Council. "Directive (EU) 2016/97 on insurance distribution (recast)". EUR-Lex. Retrieved 17 January 2017.
  13. ^ Marino, Jon. "A wave of regulation is coming for fintech". CNBC. Retrieved 17 January 2017.
  14. ^ van der Beek, Wim. "Five factors that differentiate Africa's fintech". CNBCAFRICA. Retrieved 17 January 2017.
  15. ^ Lucas, George. "Australia needs to foster FinTech with level playing field". The Australian Business Review. Retrieved 17 January 2017.