The relationship between banks and fintechs is undergoing a fundamental shift. For much of the past decade, Banking-as-a-Service (BaaS) allowed financial institutions to power innovation through third-party technology platforms. Now, heightened regulatory scrutiny and rising operational costs are redefining that model. The next phase of collaboration will be determined not by who builds the infrastructure, but by who maintains visibility and control.
The interagency Joint Statement on Banks’ Arrangements with Third Parties to Deliver Bank Deposit Products and Services released by the Federal Reserve, FDIC, and OCC in July 2024 highlighted the core weaknesses of the BaaS model. The agencies warned that banks relying heavily on third parties to manage deposits “can eliminate or reduce a bank’s crucial existing controls” and “impair the bank’s ability to determine its deposit obligations.” When a bank cannot directly access customer records or reconstruct balances, its ability to meet compliance obligations disappears.
The Hatch Bank consent order reported by PYMNTS in 2025 made this risk tangible. Regulators cited “loss of access to deposit records” and “insufficient oversight of third-party programs” as key deficiencies. Similar findings have appeared in multiple enforcement actions targeting sponsor banks that partnered with fintech intermediaries.
According to Corporate Compliance Insights, more than one quarter of FDIC enforcement actions in 2024 involved banks with fintech partnerships. Banking Dive noted that at least nine BaaS institutions received consent orders that year, most for gaps in AML, KYC, or vendor management. S&P Global Market Intelligence estimated that compliance costs tied to fintech programs rose by over thirty percent, eroding much of the profitability BaaS once promised.
FDIC Chair Martin Gruenberg summarized the concern in late 2024, stating that banks “must have clear sightlines into fintech operations and the data underlying them.” That expectation, now echoed across the regulatory community, has made traditional BaaS models increasingly difficult to sustain.
Supervisors are not trying to curb innovation. Their focus is ensuring that banks remain in control of financial activity conducted under their charter. The joint agencies have emphasized that using third parties does not diminish a bank’s legal responsibility to comply with laws and regulations.
New guidance on third-party risk management issued in 2024 requires banks to demonstrate continuous oversight of fintech partners, maintain real-time access to transaction data, and clearly define responsibility for AML, sanctions screening, and customer due diligence.
As Wolters Kluwer noted in its 2025 analysis, “Effective bank-fintech partnerships require governance models where risk oversight is built into the relationship, not outsourced from it.” That principle is quickly becoming the standard by which examiners evaluate sponsor-bank programs.
The rising cost of compliance and the operational fragility of BaaS are pushing institutions to rethink their approach. Rather than investing in new APIs, ledgers, and onboarding systems, many banks are investing in compliance frameworks and shared intelligence layers that provide continuous visibility into partner activity.
Under this oversight model, fintechs continue to manage customer experiences while banks maintain real-time insight into fraud patterns, alert volumes, and AML exceptions. Collaboration occurs through permissioned data sharing and standardized reporting rather than through direct operational integration.
This structure balances growth with accountability. It allows banks to expand fintech relationships while aligning with regulators’ expectations for transparency, governance, and clear data access.
A growing number of technology firms are developing platforms that support this compliance-first ecosystem. FiVerity’s Partner Hubs are one example. These hubs create secure environments where banks and fintechs can collaborate on fraud and AML monitoring without transferring operational control.
Banks connect their existing fraud, onboarding, and compliance systems to the hub, while fintech partners contribute approved risk data and alert summaries under defined permissions. The platform provides shared dashboards, escalation workflows, and immutable audit trails, enabling both sides to fulfill their regulatory obligations.
This model reflects a broader industry trend toward what many call “oversight infrastructure.” Instead of running fintech operations, banks are investing in visibility tools that let them demonstrate real-time supervision to regulators.
As Finextra observed in 2025, “The future of embedded finance belongs to banks that can manage partner risk as efficiently as they scale partnerships.” Oversight technologies are emerging as the mechanism for that efficiency.
The oversight model delivers operational advantages that extend beyond compliance.
This framework does not slow innovation; it organizes it. By embedding transparency into daily operations, banks can expand fintech partnerships while assuring regulators that governance is active and verifiable.
The BaaS era made banks technology operators. The next era of bank-fintech collaboration will make them visibility operators. Institutions that build oversight infrastructure, rather than infrastructure for its own sake, will be best positioned to balance growth with accountability.
If the industry can achieve continuous supervision without recreating the complexity of BaaS, it will unlock a more sustainable path for innovation. Oversight, not infrastructure, will define the future of bank-fintech collaboration.
References