A Guide to Banking as a Service (BaaS)

Ever wonder how a retail app launches a debit card or how a marketplace pays sellers instantly, without becoming a bank? You’re in the right place. 

In this post, we’ll demystify the concept of banking as a service (BaaS). 

Keep reading to learn what BaaS is, why it matters, how it works, best practices to follow, and common challenges. If you’re thinking of building a solution that offers banking as a service, this is the best place to start.

Let’s dive right in.

What is Banking as a Service?

Banking as a service (BaaS) is a service model where licensed banks expose regulated capabilities — like accounts, cards, payments, and compliance — through APIs so nonbanks can embed financial features into their products. Think “banking Lego blocks” for software teams.

Simply put, BaaS lets third parties connect to banks to build banking offerings on top of the bank’s established infrastructure and licenses.

If you’re thinking, “Isn’t that just embedded finance?” you’re exactly right.

BaaS is a close cousin to embedded finance. In short, embedded finance is the broader trend of putting financial services inside non-financial experiences. McKinsey frames it as a shift in where value accrues; distribution and risk-bearing providers each capture meaningful slices of the pie. 

In embedded lending, for example, more than half of U.S. revenue went to the balance-sheet provider (i.e., the risk taker). In other words, the bank/credit underwriter still plays a supercritical role.

Evolution of Embedded Finance

A few years ago, embedded finance was mostly encapsulated in the idea of “pay with one click.” 

Today, platforms launch wallets, brands issue cards, B2B SaaS offers working capital, and creators get instant payouts. 

Regulators noticed this shift, too. U.S. banking agencies have repeatedly reminded banks to manage third-party risk in fintech partnerships and sought input on bank-fintech arrangements.

If you’re aiming to build BaaS products, you now operate in a more scrutinized industry. This is good for customers, but it adds complications for builders.

What Business Problems Can BaaS Address?

The broad appeal of Banking as a Service solution is quite clear. Here’s why the BaaS market, which brought in $19.65 billion in 2021, is projected to reach nearly $75 billion by 2030:

Faster onboarding & revenue

BaaS allows you to monetize your existing user base and traffic with financial features like cards, accounts, and payments without the intricacies and limitations of becoming a bank.

Superior UX

Banks are slow to adapt to new trends and expectations. This allows your business to gain appeal by providing modern and intuitive experiences that users have come to expect.

Data leverage

Payment and account data can power better risk models, loyalty programs, and lifecycle marketing without the trappings of banking regulations (as long as you operate ethically and compliantly, of course).

Differentiation

Ultimately, for the average user, a vertical SaaS with integrated payouts and credit beats a generic tool with third-party links. This is great news for both users and your organization.

How Does Banking as a Service Work?

At a high level, an effective BaaS solution integrates three players: the sponsor bank, the BaaS API platform, and your product.

The sponsor bank is the financial institution that will effectively carry out all the financial operations you provide. They hold the licenses, charters, and the risk responsibilities of maintaining compliance.

The BaaS API platform is the front that allows your product to integrate with the banking institution. This API exposes bank capabilities like onboarding, know your customer (KYC)/know your business (KYB), accounts, cards, and payments, among other things.

Finally, your product is the combination of the user-facing platform that your clients interact with and the backend systems that handle operations and communicate with the BaaS API.

The typical flow for a new user looks something like this:

1. User signs up: You collect identity data.
2. KYC/KYB: You call BaaS APIs to verify identity and business details.
3. Account or card issuance: BaaS opens a deposit account or issues a card under the institution’s bank identification number (BIN).
4. Money movement: Cash moves across ACH, wires, RTP, or card rails via BaaS APIs.
5. Ongoing compliance & monitoring: This includes monitoring transactions, disputes, limits, and ledgering.

It’s important to note that regulators still hold partnerships responsible for non-compliance. Banks must actively manage risk, and programs must adhere to robust controls.

What’s Banking as a Service Used For?

Although new service models continue to emerge in the BaaS space, the most common use cases today include:

1. Wallets and stored value: Services like PayPal and Venmo that keep funds in-app for faster checkout and payout.
2. Card issuing: Virtual or physical corporate cards with real-time controls and budgets. 
3. Accounts and routing: Dedicated subaccounts for customers, with statements and reconciliation.
4. Payments orchestration: ACH, wires, RTP, and card acceptance under one roof.
5. Credit and working capital: Embedded lending for sellers or SMBs, often with risk-sharing.
6. Treasury automation: Sweeps, interest allocation, and fee accounting running in the background.

Best Practices for Banking as a Service

Financial services come with great scrutiny and risk — no matter how you play the game. This is why it is crucial to follow best practices as you get started on your BaaS journey.

1. Treat your ledger as sacred

Keep a clean internal ledger that mirrors your BaaS provider’s balances. Reconcile frequently, store immutable journal entries, and version your schemas.

2. Make idempotency the default

Use idempotency keys on every write, ensure that webhooks are processed exactly once, and handle retries with exponential backoff. Your future self will high-five you.

3. Build observable pipelines

Emit correlation IDs across requests, webhooks, and jobs. Centralize logs and traces. Set alerts on stuck queues, webhook failures, and reconciliation gaps.

4. Separate duties in code and in people

Require dual controls for production keys, payout approvals, and limit changes. Enforce them through policy and CI/CD.

5. Share dashboards with the bank and BaaS partner

Align on SLAs, fraud metrics, disputes, and program health. Shared visibility reduces surprises and speeds up audits. Regulators expect well-governed third-party relationships, so act like a partner — not a black box.

6. Automate the glue with Workato

Use Workato recipes to orchestrate onboarding, ticketing, fraud alerts, finance syncing, and growth signals. Less swivel-chairing between tools leads to more consistent outcomes.

Challenges and regulatory risks

Understanding BaaS best practices is critical, but you also need to be aware of the most common challenges and risks to increase your chances of success:

1. Third-party risk: Never outsource accountability. Banks must actively manage program risk, and you need to implement controls and transparent reporting. Expect reviews and audits.
2. KYC/KYB & sanctions: False positives slow growth; false negatives create existential risk. Calibrate rules carefully and document every decision.
3. Fraud & chargebacks: Budget for losses and staffing. Close the loop from disputes to product improvements.
4. Program changes: BIN migrations, new rails, and updated limits require coordinated testing across parties.
5. Data privacy: Data privacy is more important than ever before. To keep sensitive data safe, minimize PII surface area, classify data, rotate keys, and sign everything.
6. Economic realities: Interchange and take rates fluctuate. Underwriting mistakes compound. Model downside scenarios before you scale.

Getting Started with Banking as a Service

BaaS turns banking into features you can ship. That’s exciting — but it’s also serious. 

The upside is sticky revenue and delightful user experiences. The cost? Operational rigor and shared accountability. 

If you architect clean ledgers, idempotent flows, and automated operations, you’ll spend more time building value and less time fighting fires — and this is where Workato can be a game-changer.

Use your bank’s and BaaS partner’s expertise, follow interagency guidance as a checklist, and wire your business systems together with Workato so that onboarding, risk, finance, and CX stay in sync.

Next steps:

1. Draft your program RACI with your sponsor bank.
2. Prototype the core flows.
3. Stand up Workato recipes for onboarding orchestration, risk alerts, and finance reconciliation.

To learn more about how Workato can help you optimize your BaaS program, read this.

This post was written by Juan Reyes. With over 15 years of experience in the tech industry, Juan has had the opportunity to work with some of the most prominent players in mobile development, web development, and e-commerce in Japan and the US.