Banking-as-a-Service: How to Build a Fintech Product Without a Banking Licence

What Banking-as-a-Service Actually Means

Banking-as-a-Service (BaaS) is a model in which a licensed financial institution — a bank, electronic money institution, or payment institution — provides its regulatory infrastructure, banking connectivity, and core financial capabilities to third-party businesses through APIs. The third party (the "BaaS user" or "fintech partner") builds a customer-facing product on top of this infrastructure without needing to obtain its own licence.

The BaaS model has enabled the rapid growth of embedded finance, neobanks, and vertical fintech products across Europe, the Middle East, and beyond. However, the regulatory and operational complexities of BaaS arrangements are frequently underestimated, and the recent regulatory scrutiny of BaaS partnerships — including enforcement actions against both BaaS providers and their partners — has reshaped the risk landscape.

How BaaS Works in Practice

A typical BaaS arrangement involves:

The BaaS provider holds the regulatory licence (EMI, PI, or banking licence) and provides:

• IBAN issuance and account infrastructure
• Access to payment rails (SEPA, Faster Payments, SWIFT)
• Card programme capabilities (BIN sponsorship, transaction processing)
• Safeguarding of client funds
• Regulatory reporting and compliance oversight

The BaaS user operates as the customer-facing brand and handles:

• Customer acquisition and marketing
• User interface and application development
• First-line customer support
• Product design and pricing

The regulatory relationship between the BaaS provider and the BaaS user is typically structured as either:

• An agent appointment, where the BaaS user acts as an agent of the licensed provider under PSD2 Article 19, or
• A distributor arrangement, where the BaaS user distributes e-money on behalf of the EMI under EMD2

The critical distinction is that the BaaS provider retains regulatory responsibility for the activities conducted under its licence, even when those activities are performed by the BaaS user.

The Compliance Obligations That Transfer

This is where most BaaS relationships encounter difficulty. While the BaaS provider holds the licence, significant compliance obligations are operationally delegated to the BaaS user:

AML/KYC The BaaS user typically performs customer onboarding, including identity verification, document collection, and initial risk assessment. However, the AML/CFT obligation remains with the licensed entity. The BaaS provider must ensure that the BaaS user's KYC processes meet the standards required by:

• Directive (EU) 2015/849 (AMLD5) in the EU
• The Money Laundering Regulations 2017 in the UK
• The applicable national AML law in the licensing jurisdiction

Transaction monitoring The BaaS provider must monitor all transactions processed through its licence for suspicious activity. In practice, first-line transaction monitoring is often performed by the BaaS user, with the BaaS provider conducting second-line review. This split must be clearly documented in the contractual agreement.

Complaints handling Under PSD2 Article 101 and applicable national law, the licensed entity must have a complaints handling procedure. If the BaaS user handles customer complaints, the complaints procedure must meet the BaaS provider's regulatory standards.

Data protection Under GDPR, both the BaaS provider and the BaaS user will typically be data controllers (or joint controllers) for customer data. The data processing agreement must clearly allocate responsibilities.

Major BaaS Providers in 2025

The BaaS market has consolidated significantly since its early days. Key providers include:

Banking Circle A Luxembourg-licensed credit institution providing BaaS services including IBANs, SEPA payments, and multi-currency accounts. Banking Circle focuses on B2B payments and fintech infrastructure.

Modulr An FCA-authorised EMI providing accounts, IBANs, and payment capabilities via API. Modulr has been widely used by neobanks and payroll providers in the UK.

ClearBank A UK clearing bank providing direct access to payment schemes (Faster Payments, BACS, CHAPS, SEPA) for fintech businesses. ClearBank is one of the few BaaS providers offering direct payment scheme participation.

Solarisbank (now Solaris) A German banking-licensed BaaS provider offering accounts, cards, lending, and digital assets infrastructure. Solaris has been a major enabler of European fintech products.

Railsr (formerly Railsbank) Offers card issuance, accounts, and payment capabilities through API integration. Railsr has experienced operational challenges but remains active in the BaaS market.

Swan A French EMI-licensed BaaS provider offering euro IBANs, SEPA payments, and card programmes through a developer-friendly API.

Regulatory Scrutiny of BaaS

Regulators across Europe have intensified their scrutiny of BaaS arrangements:

EBA Guidelines on Outsourcing Arrangements (EBA/GL/2019/02) These guidelines apply to all BaaS relationships where the licensed entity outsources operational functions to the BaaS user or to third parties. The BaaS provider must:

• Maintain an outsourcing register
• Conduct due diligence on the BaaS user
• Ensure contractual provisions for audit rights, termination, and data access
• Avoid outsourcing critical functions in a manner that impairs supervisory access

FCA Dear CEO letters The FCA has issued multiple communications emphasising that EMIs and PIs are fully responsible for the activities of their agents and distributors. The FCA expects licensed firms to:

• Exercise meaningful oversight of agent activities
• Maintain adequate resources to supervise agent networks
• Terminate agent relationships where compliance standards are not maintained

BaFin enforcement The German regulator has taken enforcement action against BaaS providers for inadequate oversight of their fintech partners, including failures in AML/KYC processes conducted by BaaS users on behalf of the licensed entity.

Structuring a BaaS Relationship

A well-structured BaaS arrangement requires:

Contractual framework The agreement between the BaaS provider and BaaS user should cover:

• Scope of services and permitted activities
• AML/KYC responsibilities and standards
• Transaction monitoring allocation
• Complaints handling procedures
• Data protection obligations
• Audit rights for the BaaS provider (and the regulator)
• Termination provisions and wind-down procedures
• Service level agreements and liability allocation

Compliance governance

• Regular compliance reviews by the BaaS provider of the BaaS user's activities
• Quarterly or monthly reporting from the BaaS user to the BaaS provider
• Escalation procedures for suspicious activity and regulatory enquiries
• Joint training on AML/CFT obligations

Technology integration

• API connectivity for account creation, payment initiation, and card management
• Webhook notifications for transaction events and compliance alerts
• Sandbox environments for testing before production deployment
• Documentation and developer support

Cost Structure of BaaS

BaaS pricing typically involves a combination of:

• Setup fee: €10,000-€50,000 for technical integration and compliance onboarding
• Monthly platform fee: €1,000-€10,000 depending on the provider and product scope
• Per-account fee: €0.50-€3.00 per active account per month
• Per-transaction fee: €0.05-€0.50 per payment transaction
• Card issuance fee: €2.00-€8.00 per physical card issued
• Revenue share: Some BaaS providers take a percentage of interchange revenue or transaction fees

For a neobank with 10,000 active customers processing 50,000 transactions per month, the monthly BaaS cost would typically be €5,000-€25,000, equating to €0.50-€2.50 per customer per month.

When to Move Beyond BaaS

The BaaS model is optimal for market entry and early growth, but most successful fintechs eventually consider obtaining their own licence:

Reasons to move to own licensing:

• Margin improvement (eliminating BaaS fees)
• Product control (the ability to offer services not supported by the BaaS provider)
• Strategic independence (reducing dependency on a single provider)
• Regulatory credibility (own-licence entities are viewed more favourably by banking partners and institutional customers)
• Valuation impact (licensed fintechs command higher valuations than unlicensed ones)

Typical transition point: When the fintech reaches 50,000-100,000 active customers or €10-€20 million in annual revenue, the economics of own licensing become favourable.

Key Takeaways

• BaaS enables fintech businesses to launch financial products without obtaining their own regulatory licence, significantly reducing time-to-market and initial capital requirements
• The BaaS provider retains regulatory responsibility for all activities conducted under its licence, but operational compliance obligations are delegated to the BaaS user — this allocation must be clearly documented and rigorously governed
• Regulatory scrutiny of BaaS relationships has intensified across Europe, with the EBA, FCA, and BaFin all emphasising the licensed entity's responsibility for agent and partner oversight
• BaaS costs typically range from €0.50 to €2.50 per active customer per month, making it cost-effective for early-stage businesses but increasingly expensive at scale
• The transition from BaaS to own licensing typically makes commercial sense at 50,000-100,000 active customers
• When selecting a BaaS provider, the quality of compliance oversight, contractual flexibility, and regulatory track record are more important than headline pricing