Banking-as-a-Service: Why it pays for banks and brands to team up

It’s easier than ever for banks to expand their digital offerings through partnerships. How should you get started? Look to API management.

Matthias Biehl Matthias Biehl

Are you a small- or medium-sized bank looking for new ways to grow your business? If so, you’re likely familiar with the concept of banking-as-a-service. BaaS, as it’s commonly known, allows non-banks to embed financial services into their own products—whether a credit card “issued” by a retailer, personal finance software that integrates with users’ accounts or a money transfer service that requires only the recipient’s phone number. BaaS has much in common with open banking, which gives customers the ability to share their financial information with third parties, typically to access more innovative and personalized services. BaaS, though, is far more expansive; whereas open banking is limited to the sharing of data, BaaS allows banks to embed their core financial services into new products from brands that people love.

As a bank, this comes with several advantages. Embracing BaaS is a great way to affordably gain new customers and open up new channels of revenue from your existing banking products. It can also help you diversify your revenue product portfolio, and increase your digital offerings, at a far lower cost than doing it alone. That’s because you won’t need to invest as much in building out  new UIs since your partners embed BaaS it into the ones they’ve already built.

While banks typically address the entire mass market with their digital products, partners typically focus on one particular sub-segment. This allows them to focus on the specific needs of their customers, which results in personalized UIs for the specific segment or niche they are serving.

Beyond this, a BaaS strategy also allows banks to offer innovative products (via their partners) without the risks associated with innovation. The innovation risk is shouldered by the partner, who has a good grip on the sub-segment it addresses and thus can evaluate the risk much better.

It is a win-win. Not only you as a bank profit from a BaaS strategy, but also your partner brands as well. They can avoid the hefty requirements of obtaining their own banking license — and still offer banking services that are seamlessly embedded in their digital products.

But most importantly, the banking customers win! They get access to new, innovative and personalized banking products when and where they need them.

With all these benefits, it’s no surprise that BaaS is booming: According to one recent estimate, the global BaaS market is growing at 16% per year and will reach $75 billion by 2030.

The building blocks of digitization

If this all sounds enticing, where should you begin? In one word, with APIs: The digital building blocks. that make your banking services embeddable, so they can be integrated and become a part of your partners’ innovative offering

Not only have APIs become the primary way that BaaS is implemented; they also represent a key source of revenue for BaaS-participating banks, which typically charge their partners a fee for each API transaction. APIs are increasingly vital to the broader banking ecosystem, too. According to research by McKinsey, they account for half of all interfaces used by banks today. And 81 percent of bank IT executives consider them a priority for business and IT functions.

While an API-first BaaS strategy could help to expand and diversify your business, getting things off the ground can be tricky. As a bank embarking on this journey, you’ll need a way to build, promote and publish APIs on a marketplace for prospective partners. You’ll need to know who is accessing the APIs and how they’re using them. You’ll also need to protect consumer data from attacks and other threats. Although APIs can help you fast-track innovation, they also leave you vulnerable to attack: one survey by Salt Security conducted in 2022 found that 95% of organizations had experienced an API security incident over the previous 12 months.

Managing your APIs with confidence

In order to embrace the world of BaaS APIs and all they offer—while steering clear of their potential security risks—your best bet is turning toward a dedicated API management solution. Some banks will forgo this, opting for a do-it-yourself approach that can lead to major headaches, and mounting costs, if they haven’t done things “right.” Yet there are plenty of off-the-shelf solutions that can help you build, publish, administer, secure, and monetize your APIs. Some of them come with flexible pricing models to ensure you only pay for what you use—as well as implementation support to guarantee you get the most out of your investment.

If you’re considering embarking on an API-enabled BaaS journey, there are multiple components to API management you’ll want to consider. The first relates to the developer experience: how users create, promote, market, and launch their APIs, commonly through a developer portal. The trick is to look for a tool that offers end users a consistent experience—so your partner brands can easily discover your APIs, use them to build their own apps, and have access to support at every stage of the API lifecycle. The ideal portal should treat your APIs as products—and make developers feel they’re part of a centralized ecosystem.

Another vital element is API security: a breach of data, after all, can set your business back for years, and the threats are always changing. When it comes to protecting your systems, the tool of choice is an API gateway, which functions as an intermediary between your backend services and clients. You can think of a gateway like a bouncer at a club: it lets in the patrons you need to keep your establishment vibrant and keeps the would-be troublemakers out. A good one will come with a deep and broad set of policies for threat protection, access control, mediation, and throttling to protect your financial and user data. It will also be your key to API monetization: if you’re planning to charge a fee per API transaction, you’ll need analytics to measure what’s being consumed, and gain insights into your customers’ habits. The right gateway will do this as well—with the help of dashboards that enable you to visualize emerging threats and understand exactly how your BaaS journey is contributing to your wider goals as a business.

Invest in your digital future

Could all of this be part of your future? If you’re like most small or medium-sized banks today, we suspect you’re on the hunt for ways of keeping up with your larger competitors—and BaaS is an increasingly effective way of doing so. If it seems daunting, we get it: Most banks eyeing a BaaS future have concerns about their ability to execute, or the risks that come from opening up their systems and data. The right API management platform, though, can go a long way toward combatting them—by making it easy to build an API marketplace, ensuring you have deep and broad security that can evolve with changing threats, and offering tools to help you to track and manage your new clients.

Where, then, should you look? In the final blog of this three-part series, we’ll introduce you to webMethods, our own industry-leading API management solution. Next up, though, we’ll dive a little deeper into what it takes to build an effective API-led banking strategy, whether through BaaS, open banking, or related embedded banking solutions. We hope you’ll read on to learn more about how APIs are central to the digital banking future.

We will also be hosting an upcoming webinar where we dive into APIs, BaaS and how you can make them both work for you. 👇