Banking-as-a-service (BaaS) partnerships between banks and fintech companies promise innovation, access to new customer segments and increased revenue streams for financial institutions but although it is growing exponentially, it introduces new types of risks. Over the past few years, we’ve seen fintechs risk quickly, gain traction and abruptly collapse, leading to increased rise in concerns from regulators. This leaves financial institutions in a limbo, excited for the possibilities of Bank-Fintech partnerships but fearful of the risks it introduces.
We provide a quick rundown of fintech failures and some lessons they offer for financial institutions to better manage their risks associated with fintech programs.
Barclays Bank UK PLC was fined for opening a client money account for WealthTek, a wealth-tech platform in the UK, without verifying whether WealthTek was authorized to hold client funds. Despite WealthTek not being authorized by the Financial Conduct Authority (FCA) to hold client money, Barclays permitted WealthTek to deposit into an account that should never have been opened.
Even a check in the FCA register of WealthTek’s status would have revealed their regulatory standing. Onboarding should include evaluating whether the status of the fintech’s account type matches their licensed/approved activities and business model. Moreover, continuous monitoring of fintech activity is also key to ensure the fintech is operating within the boundaries of the approved program and their regulatory status.
Synapse, once a darling of the BaaS world, filed for bankruptcy in 2024 after failing to reconcile discrepancies in its ledgers with its banking partners. They offered APIs for fintechs to connect to regulated banking infrastructure, but its failure to maintain clear reconciliation processes and data governance coupled with multiple high risk practices created a chain reaction across its partner network. Users couldn’t access funds, and millions in customer balances went unaccounted for. Most importantly, the high profile breakdown negatively impacted trust in the BaaS and fintech ecosystem.
This shows that financial institutions must evaluate not just the fintech, but the fintech’s underlying dependencies, including infrastructure and nested partners. In such relationships, data ownership and reconciliation must be clearly defined and auditable amongst the parties. A fintech with weak operational oversight or complex intermediaries can create systemic exposure for the financial institution.
Green Dot is one of the longest standing BaaS banks in the U.S., offering services to major fintech programs. Over the past few years, Green Dot has repeatedly faced scrutiny by regulators regarding anti-money laundering and risk management with specific concerns also raised on their ability to meet consumer protection obligations in their third party and fintech programs.
With the increased partnerships, financial institutions need to be prepared to manage their now complex compliance and operations. Financial institutions need to not only scale operational infrastructure proportionately with their fintech programs but also understand their roles and responsibilities in the complex partnerships, not losing sight of their own regulatory requirements and obligations to consumers.
In each case, onboarding failures played a central role from opening accounts without verifying regulatory permissions to missing key details about a fintech’s operational and technological dependencies. Onboarding should not be treated as a checklist or a sales formality. Instead, it should function as a core risk control that evaluates a fintech’s business model, regulatory authorizations, operational and technological robustness, product scope, and third-party relationships. Financial institutions should conduct thorough due diligence across regulatory, financial, operational, and technical domains to assess whether the fintech’s risk profile aligns with their own risk appetite and compliance expectations.
Ongoing oversight is just as critical as onboarding. Fintech partnerships must be continuously monitored to ensure that their operations remain consistent with the approved program scope and applicable regulations. This includes monitoring for anti-money laundering (AML) risks, fraud, and consumer protection issues. Financial institutions should always have access to relevant data streams and maintain visibility into fintech and their user’s activity. As fintech programs scale, the institution’s oversight infrastructure must also scale with them. It should be made clear that the ultimate responsibility for BSA/AML, fraud prevention, consumer protection, and complaint handling always sits with the regulated financial institutions.
Fintechs are dynamic by nature. Their business models, ownership structures, products, and user bases can change quickly and those changes can materially impact risk. Financial institutions should implement structured, periodic risk reviews to re-evaluate fintechs beyond the onboarding stage. This may include reviewing changes in business operations, comparing current activity to the originally disclosed model, examining updated audit reports or control attestations, and reassessing risk exposure across key domains. Regular assessments help detect issues early, such as compliance drift, growth without governance, or weakened controls, allowing institutions to respond proactively rather than reactively.
Fintech failures don’t just reflect poorly on the fintech but they crumble trust that has been built over decades and expose gaps in a financial institution’s own oversight. As regulators turn more attention to fintech program risk, financial institutions that build structured, transparent and repeatable oversight processes will be better positioned to innovate compliantly. At Across, we believe that fintech partnerships should not be feared but instead better managed. Explore Across’ suite of products for onboarding risk assessment, transaction oversight and periodic risk reviews that help you stay two steps ahead of the risk.
