There is some BAD advice going around.
Here is GOOD advice:
If you run a chartered bank, THE BANK is responsible for all regulated activities.
If you outsource anything to third parties, including “partners”, THE BANK must demonstrate effective control and governance of those third party risks.
When regulators come knocking…
They will not tolerate the blame game.
If the bank opened accounts for money-laundering shell companies that would have been caught by a halfway decent in-house process…. The regulators will crack down on the bank’s AML/BSA process AND ALSO lousy third party risk management.
Anyone who tells you otherwise is wrong.
They might charge you big consulting fees for that bad advice.
To be clear: Compliance & AML are never 100%. I don’t blame banks when the occasional mistake happens. The point is: Standards need to be kept just as tight whether controls are performed in-house or by 3rd parties. The bank needs to prove that the controls are working.
Build your BaaS business with this understanding.
Partnerships can be tremendously valuable. The best partners unlock profitable growth in a well-controlled manner.
But never forget where the buck stops. Non-bank partners do not have a “neck to grab”. The regulator will impose consequences on the BANK when the partnership creates regulatory and customer issues.
