How we made embedded finance safe (and got proof from the regulator)

Authored by: Alex Mifsud, Co-founder & CEO, Weavr.

For the last few years, the innovation race has been on to place financial services within non-financial applications, and one approach for implementing embedded finance has dominated so far:

Build what you want, so long as you make it compliant.

It’s a concept that sounds simple enough. But over the years, it’s been proven (time and again) that asking non-financial companies to launch financial products and handle compliance isn’t viable in practice, and continues to become less so as regulators introduce more obligations on regulated financial institutions and safeguards for customers.

In this model, lapses inevitably happen, and sometimes regulators step in to shut it all down.

But just because this approach has held sway for so long, doesn’t mean it’s the only – or the best – way to deliver embedded finance. At Weavr, we’ve introduced the concept of financial solutions that are designed specifically to be embedded: embeddable financial solutions.  These solutions include within them the means – both technology and services – to deal with the inherent risks and challenges of managing financial products that are integrated into non-financial applications.
We’ve addressed the problems inherent with the “build what you want” model, and, importantly, in securing an Electronic Money Institution (EMI) licence from the Malta Financial Services Authority, we know regulators believe we have as well.

Complete freedom, complete share of the responsibility

Perhaps, as crucial, our embeddable financial solutions remove the burden, and the risk, inherent in the responsibility for compliance without compromising on the quality of the user experience when the solution is integrated.

Historically if a SaaS player wanted to add financial services to their platform, the BaaS provider would hand over their APIs and say ‘Here’s everything you need to build the functionality you want.’ They were offering total freedom – a toolkit for SaaS developers to build on as they saw fit.

In return for that near-maximum freedom, there was just one small catch – namely that the SaaS players have to make sure they’re fully compliant with an exhausting list of checks, standards and processes.

Five years ago, those compliance responsibilities were limited to identity verification, the screening of customers against certain lists and monitoring their financial activities, so the concept didn’t seem that unreasonable. But there’s been a regulatory arms race since then, and many BaaS solutions still using this model are buckling under the weight of compliance systems that are three or four times more complex than the solution itself.

In the UK alone, obligations such as APP fraud compensation, Consumer Duty, Strong Customer Authentication, evolving open banking rules that require deep domain knowledge and specialist technical expertise have been introduced over a relatively short period. Keeping up with every regulation is a specialist task, and the chances of a B2B SaaS developer and operations teams becoming experts in financial compliance are incredibly slim. It’s a model that works for fintechs, but not for everyone else for whom embedded finance is such an attractive opportunity.

The Fatal Flaw in traditional BaaS

It isn’t hard to see the problems that can – and have – come out of the “build what you want” idea.

For one, it burdens SaaS teams with becoming or building expert compliance teams. Second, it leaves them open to serious consequences if something goes wrong: BaaS agreements inevitably impose serious sanctions, including in some cases uncapped financial liability for regulatory breaches. And something may well go wrong because they – quite rightly – aren’t prepared to be compliance specialists.

For the BaaS providers themselves, any security or compliance loopholes on the SaaS side of the partnership will come back to bite them once the regulator catches wind. 

It’s happened plenty of times and in several places in the recent past – regulators approached BaaS players to investigate reports of money laundering, fraud and the loss of customer money, and regulators ended up restricting the BaaS providers’ activities because they didn’t have the reporting to know what was going on.

With enough cases like this, it wasn’t long before regulators got spooked. It didn’t matter what benefits embedded finance might have for businesses and consumers – under the traditional BaaS model, regulators could not reconcile themselves to a model where there is a fundamental exposure to the behaviour of companies that are, not only ill equipped to ensure high standards across an increasingly complex set of regulations, but that such companies are unregulated and therefore cannot be supervised directly. .

The Weavr model addresses the root of this concern: Weavr’s core technical and operational competence is in ensuring compliance to all applicable regulations specifically in the context of embedded finance. To deliver the full potential of Weavr’s approach, we needed to work with financial institutions that were willing to rely on it, and not just through the opinions or assessments of advisors, but by having actual regulators review it.

That trust problem is one of the key reasons why we applied for an EMI licence. To help speed up the adoption of embedded finance, we need to have the ability to deliver our solutions as easily and as broadly as possible – and that can only happen if the regulators know that our approach to compliance and security isn’t more of the same.

Long live the new model for embedded finance

When we began our application to the Malta Financial Services Authority, we didn’t open with our products or Weavr’s approach to embedded finance. 

We started by laying out a critique of the traditional model of embedding finance and BaaS – how financial institutions can’t rely on third party SaaS platforms to be on it with every element of compliance, and how that problem only gets worse the more platforms an institution is plugged into.

In other words, we were putting forward what we’ve always believed: that the “build what you want” model isn’t viable anymore, and that there are better ways to connect businesses with embeddable financial services.

That belief has shaped how we’ve designed Weavr’s embedded finance solutions:

1. We’re targeting specific SaaS use cases – like paying suppliers or incentivising and rewarding staff – and creating embeddable financial solutions designed specifically for those jobs-to-be-done.  This allows us to deliver narrow but deep solution which requires no additional investment in financial technology and expertise from the SaaS embedder.  

2. We’ve designed our solutions with all the risk management and managed services they require, and with all the compliance handled by our specialists, not handed off to embedders. Because we’re designing around specific use cases, we can take into account the context when solving for risk and compliance management – this is critical since one-size-fits-all works for none as BaaS providers know only too well. 

3. We deliver no-compromise seamless embeddability – the lure of BaaS is that it enables the SaaS application to completely design and build the customer experience, from customer on-boarding, through to customer access and approval of transactions.  We wanted to ensure that SaaS embedders would not need to compromise on their control over the customer experience when they opt for the Weavr approach.

In securing our EMI, we’ve also secured a regulatory stamp of approval for this new kind of embedded finance model. It’s good news for the market as a whole, because it shows that regulators aren’t inherently distrustful of non-financial companies embedding financial products in their platforms – so long as the embedder takes all the responsibility for building it by the rulebook.

More importantly, our EMI licence is good news for embedders. When embedders choose an embedded finance solution that’s trusted by the regulator, they too can trust that all of the necessary security, compliance and risk management is being taken care of by expert teams who will help keep the platform’s users safe.

Whether your offering is an application, marketplace or platform, if you’re looking to embed finance into your business, set up a meeting with one of our experts in your industry and request a chat today here.

Weavr is authorised by the Malta Financial Services Authority (MFSA) as an Electronic Money Institution (EMI). Customer funds are not protected by the Depositor Compensation Scheme (DCS) but are safeguarded in accordance with regulatory requirements.