Compliance Drives BaaS Evolution
Justin Howell, co-founder and CEO of Rize, on the horizontal infrastructure missing from fintech today
Compliance is where banking infrastructure stops being software integration and starts being bank grade operations. In practice, that means knowing exactly how an account was opened, which partner approved what, where funds moved, which rules applied in that vertical, and how to show all of it to a regulator in one audit trail. That is much harder than exposing APIs, because weak links often sit between the fintech, the middleware layer, and the sponsor bank.
-
Early BaaS platforms sold speed by bundling banks, KYC vendors, processors, and compliance workflows into one product. But that convenience also created dependency on a chain of partners, and sponsor banks still set the real pace because their approval and monitoring duties determine what can launch.
-
The market has since shifted toward more vertically integrated models. Column put charter, ledger, payment rails, and compliance under one roof, and won business from large fintechs like Brex and Mercury after Synapse entered Chapter 11 in April 2024 and Evolve received a consent cease and desist order in June 2024.
-
That helps explain why chartered banks with API layers are gaining share. Lead Bank positions itself as the regulated banking backbone for fintech partners, and Cross River has built cards, payments, lending, and compliance into a bank owned stack, because control over compliance is now a product feature, not just a legal requirement.
The next phase of BaaS will reward providers that can make regulators comfortable at scale, across deposits, cards, lending, and newer embedded finance use cases. The winners are likely to look less like thin middleware and more like software driven banks, where compliance data, transaction controls, and partner oversight are built into the core system from day one.