Banking-as-a-Service and partner risk
BaaS products depend on regulated bank sponsors whose requirements, risk appetite, and operational decisions can determine whether and how the fintech product can operate.
Embedded finance and commercial responsibility
Embedded finance products distribute commercial and compliance responsibility across multiple parties — and the allocation only works if the agreements reflect what actually happens.
Embedded finance products integrate regulated financial services — payments, lending, insurance, investment — into non-financial platforms. The model works because it allows companies outside the financial services industry to offer financial functionality to their customers without building regulated infrastructure themselves. The legal question the model creates is: who is responsible for what?
How embedded finance distributes responsibility
In a standard embedded finance structure, three categories of party are typically involved. The regulated provider — a bank, licensed lender, insurer, or registered MSB — provides the regulated product or service. The platform — an e-commerce company, SaaS business, or marketplace — provides the customer interface and distribution channel. The infrastructure layer — a BaaS provider, embedded finance platform, or technology intermediary — may sit between the regulated provider and the platform, providing the connectivity and operational infrastructure.
Each of those parties has a different set of obligations depending on its role. The regulated provider is responsible for the regulated activity. The platform is responsible for its own conduct in the customer relationship, including what representations it makes about the financial product and how it markets it. The infrastructure layer’s obligations depend on whether it is performing regulated activity independently or providing technology services to the parties that are.
What customer-facing product claims create
The platform’s conduct in the customer relationship matters independently of the regulated provider’s obligations. A platform that tells customers that a loan is guaranteed, that an insurance product covers risks it does not cover, or that a payment account earns returns that it does not earn has made representations that create legal exposure regardless of what the regulated provider’s terms and disclosures say.
Customer-facing product claims in embedded finance contexts need to be reviewed against the actual terms of the regulated product and the legal obligations that apply to the claims being made. Marketing language that implies features, protections, or outcomes that the regulated product does not provide is a source of regulatory and litigation risk that sits with the platform, not only with the regulated provider.
Data, complaints, and support responsibility
Embedded finance products collect significant financial data about customers. The allocation of responsibility for that data — who owns it, who can use it, how it is protected, and how customers can access or correct it — needs to be addressed in the agreements between the parties.
Complaint handling is a related issue. When a customer of an embedded finance product has a problem, the complaint may be directed to the platform, to the regulated provider, or to both. The agreements need to specify how complaints are handled, who is responsible for resolution, what obligations each party has to the other when a complaint is received, and how regulatory complaints are managed.
Support responsibility — who handles customer inquiries, who is responsible for operational errors, and who bears the cost of service failures — follows a similar structure. The agreements need to reflect how these responsibilities actually operate, not just how the parties prefer to describe them.
Contract structure that reflects the actual operating model
The most common legal problem in embedded finance products is a mismatch between the agreements and the actual operation of the product. That mismatch arises because agreements are often drafted based on the intended structure at launch, and the actual operation of the product evolves as it is used by real customers in real circumstances.
Agreements that do not reflect the actual operating model create problems when they are scrutinized. A regulatory examination of the platform’s conduct may reveal that the platform is performing functions that the agreement assigns to the regulated provider. A dispute with a customer may reveal that the agreement does not address who is responsible for the specific situation at issue.
Maintaining alignment between the agreements and the actual operation of the embedded finance product is an ongoing obligation, not a one-time exercise at launch.
Related topics
Related Posts
View All Posts »Payments-as-a-Service and role allocation
PaaS platforms that enable clients to offer payment functionality need to define clearly whether the platform or the client bears the regulatory obligations that follow from the payment activity.
Supply chain finance and funds flow analysis
Supply chain finance platforms move funds in patterns that can engage MSB registration requirements depending on who holds money and how it flows between buyers, sellers, and capital providers.
Trade and fintech: where legal infrastructure starts to matter
Companies building at the intersection of trade, treasury, supply chain, and fintech payment infrastructure face legal questions that arise earlier than they expect.