By Samah Chowdhury
As consumer demand for fintech continues to surge, U.S. banks increasingly are caught in a high-stakes tradeoff. On one hand, banking as a service offers a path to digital relevance, deposit growth and fee income. On the other hand, while scrutiny has eased since early 2025, regulators continue to review BaaS activities with skepticism. As of May 2025, nearly 45% of companies with BaaS programs are currently supported by banks under formal enforcement action, despite those banks representing a small share of the industry. Too many institutions face a false binary: either avoid fintech firms entirely or over-extend into partnerships they can’t effectively manage. But there is a middle path: strategic BaaS partnerships built on clear roles, aligned incentives and regulator-ready controls.
BaaS exists because fintech firms want to provide regulated financial products and services to their customers, yet lack access (charters, FDIC insurance, and payment rails) necessary to provide them. Meanwhile, many banks are searching for new sources of fee income, low-cost deposits and a stake in the evolving digital-first economy. Functionally, BaaS unbundles the traditional banking stack into modular components; a chartered bank provides core financial services through application programming interfaces, which a fintech integrates into its customer-facing platform.
Choosing a delivery model: Direct vs. Middleware
Incentives that work: Revenue models for scalable partnerships
Structuring BaaS partnerships around aligned incentives is critical to building sustainable programs. Interchange revenue sharing is the most common model, especially in debit and prepaid card programs. In these cases, fintech companies drive transaction volume while banks earn on spend. But this model is subject to volatility in consumer behavior and regulatory constraints, particularly for banks with assets exceeding $10 billion, where interchange fee caps and heightened oversight shape revenue sharing dynamics. Fee-for-service models, by contrast, provide more predictable income to banks that charge flat fees with usage-based fees (e.g., per API call, per account, per transaction). These arrangements work particularly well for lending-heavy or infrastructure-intensive partnerships that fintech firms monetize in other ways. Hybrid models are increasingly common, blending interchange, fixed fees, and net interest margin sharing. Banks may also receive a portion of loan origination or servicing revenue, with pricing tied to volume tiers or renegotiation triggers.
Counting the cost: Why many BaaS programs fail before they begin
A bank’s ability to capture upside in a BaaS partnership depends entirely on how well it understands the costs. Many BaaS programs fail not from lack of demand, but from unclear internal scoping. Before onboarding a fintech, banks must ask:
What are we committing to in terms of staffing, compliance oversight, data integration, and product support?
How will these costs affect our target profitability or extend our timeline to achieve it?
How long will integration take, and who owns which parts of the roadmap?
Are we investing in automation and tooling, or relying on manual monitoring?
Revenue sharing sounds appealing, but if the bank isn’t resourced to scale the partnership or can’t access timely, granular data, it will struggle to meet regulatory expectations, let alone extract meaningful returns. In BaaS, upfront investment is as strategic as revenue design.
Bank readiness before partner diligence
Before evaluating a fintech partner, banks must first evaluate themselves. BaaS cannot be a side experiment. It is a regulated product line that reshapes how the bank operates, monitors risk and engages with third parties. Do you have the governance muscle to manage a real-time program with platform-level visibility? Is your team resourced to respond to examiners, audit trails and customer incidents on short notice? What’s your integration timeline, and who owns delivery internally? BaaS partnerships scale quickly, but only successfully so when the bank is structurally prepared to own what it signs up for.
Real-time risk requires real-time data
Often, BaaS banks expect to grow via high transaction volume across automated clearing house, card, wallet and ledger movements. This means that reconciliation should be airtight. Strong programs include processes to reconcile the fintech’s ledger with the bank’s core general ledger at least daily, with clear protocols to promptly identify, investigate, and resolve any breaks. It’s also best practice to use separate sub-accounts, which are distinct ledger entries within the bank’s core account, for different payment flows. This helps isolate issues, making it easier to trace errors, monitor activity, and reconcile transactions. Success depends on assigning ownership for reconciliation reports and defining timing, delivery format and exception protocols.
During due diligence, banks should probe the fintech’s reconciliation track record and confirm their tools can support intraday accuracy. In BaaS, operational control lives and dies on ledger precision. If a bank cannot see what its fintech partner is doing in near real-time, it cannot monitor the program effectively. Transparency is non-negotiable. Banks may demand API-level access to transaction data, account balances, onboarding workflows, and risk signals. Dashboards should be operational before launch. Importantly, Banks need on-demand visibility into ledger entries to monitor fraud, liquidity, and compliance performance. This is certainly a best practice, and it may become a regulatory expectation. During the latter days of the Biden administration, the FDIC proposed a rule that would create compliance and reporting requirements for banks that maintain custodial deposit accounts with transactional features. While the proposal has not been finalized at the time of this writing, it remains on the rulemaking docket. This proposal could become an active rule, which would introduce a new variable into the BaaS calculus.
The operational backbone of BaaS
The most resilient partnerships operate like joint ventures. Strong BaaS programs are built on cultural and executive alignment, not just legal contracts. If a bank can’t get the fintech’s leadership on the phone within an hour, that’s a problem. Establish early how both sides will coordinate on operational tasks, product decisions, and incident management. Set expectations around cadence, such as weekly operating reviews, shared roadmaps, and escalation procedures, and treat these as part of the operating model. A disciplined communication structure reduces ambiguity.
A successful BaaS agreement needs role clarity. Banks should delineate “who does what” across compliance, customer service, fraud management, and oversight. Responsibilities should be contractually defined and documented. Regulators expect to see language around performance standards, data ownership, termination rights and remediation processes. Every assumption should be written down.
Hard truths about fintech vetting
Additionally, banks must rigorously assess whether their fintech partner is built to last and built to scale. This includes financial health (burn rate, funding runway) and compliance posture (audit history, examiner familiarity). Some banks may want to avoid being a fintech’s first banking partner unless they are resourced to provide extensive support. And banks may want to give preference to a fintech with proven product-market fit and credible internal risk management functions, but such partners are rare and often in high demand. Banks should be prepared to compete for relationships with the most experienced and operationally mature fintech. It is prudent to request the fintech’s compliance playbooks, sandbox demonstrations and third-party audit results. In addition, evaluate the fintech’s charter ambitions; are they planning to become a bank, or will they rely on partner banks indefinitely?
Equally important is ensuring a clean exit path. Every BaaS relationship should include a documented offboarding plan, covering data portability, customer migration, and service continuity. Contracts should give the bank the right to unwind the partnership if risk thresholds are breached, without operational disruption or reputational fallout. Without these protections, a short-term fintech misstep can become a long-term regulatory and reputational liability.
BaaS isn’t for everyone, and that’s OK
Not every bank is equally positioned to pursue every strategy. Some community banks have been market leaders in BaaS. However, as we have learned from public enforcement actions, lean technology, risk and compliance teams may need to be scaled up to provide the appropriate level of oversight that BaaS relationships demand. The right BaaS strategy is not about doing more; it’s about doing what fits, with discipline.
BaaS is a structural decision. Done right, it extends a bank’s distribution reach and builds durable, recurring revenue. Done poorly, it invites unmanaged risk and regulatory exposure. This isn’t a next-quarter growth play; it’s a long-term commitment that requires careful design and execution discipline. A bank’s first partnership likely won’t be perfect, and that’s expected. These lessons teach how to scope oversight, scale controls, and calibrate product-market fit. But make no mistake, not every bank and fintech is built for BaaS, and the market won’t reward half-measures.
Samah Chowdhury is senior director of innovation strategy at ABA.
