These BaaS (referred to in the study as embedded finance) partnerships are a lot for a bank’s risk and compliance teams to handle, particularly in the community-bank segment. Banks that depend on manual processes and the sheer size of their risk and compliance teams to mitigate potential problems introduce fixed costs that a sponsor bank may be unwilling or unable to bear. Suboptimal compliance practices — passing spreadsheets back and forth between the bank and partners, doing manual reviews, and conducting periodic but only occasional audits — cause delays, lag the high growth typical of BaaS partnerships, and introduce additional risk.

Enter the idea of programmatic compliance orchestration. It in theory makes managing partner compliance more efficient and cost-effective (it’s offered by at least several providers, and we’ve touched on it before). From the bank’s perspective, it means real-time oversight of partners’ compliance policies and practices and the ability to adjust and enforce policies in near-real time. It also means that, ideally, a platform doesn’t require programming expertise, and the risk and compliance teams can make changes with little to no back-and-forth with the IT team, avoiding lengthy in-house development cycles.

Risk management and compliance orchestration extends to platform integrations, including the data sources banks use in risk decisioning and point solutions that may provide certain functions, like monitoring for AML compliance or KYC, for example. The outputs flow downstream from the bank to program partners to provide parameters for policies, visibility into outcomes based on those policies, and the ability to make quick changes.

As we’ve written, and as Parilee Wang, chief product officer at Alloy, reiterated in an interview with CCG Catalyst, there’s a balance sponsor banks need to strike between responsible growth and innovation. As the cost of compliance for sponsor banks grows, some will make the right investments in oversight and control. Others that aren’t willing to commit will exit or scale down BaaS, or in the context of new entrants, never start a program. To create a healthy long-term BaaS ecosystem, that’s for the best.