Back to Blog
Industry InsightsJune 2, 2026Updated: July 7, 202616 min read

Banking-as-a-Service (BaaS) Explained: A 2026 Guide for Financial Institutions

Banking-as-a-Service (BaaS) Explained: A 2026 Guide for Financial Institutions

Banking-as-a-Service (BaaS) is the model in which a licensed, chartered bank rents its regulated capabilities (deposit accounts, payments, debit and credit cards, lending) to non-bank companies through APIs, so those companies can offer banking products under their own brand. The bank keeps the charter, the insured deposits, and the regulatory obligations; the brand keeps the customer. After the 2024 Synapse collapse froze over $265 million belonging to more than 100,000 end users, BaaS split into two models: a sponsor-bank model regulators now watch closely, and an embedded-software model a financial institution can adopt with ordinary vendor diligence.

Key takeaways:

  • BaaS is governance first, technology second. The bank, not the middleware, owns every obligation in the program.
  • The brand never needs a banking license. The sponsor bank holds the charter, and renting access to it does not transfer the obligations that come with it.
  • After the 2024 Synapse collapse, the lightly-governed BaaS era is over. Regulators issued enforcement actions against sponsor banks and proposed new recordkeeping rules.
  • There are two distinct BaaS models. The sponsor-bank model carries the heavy regulatory exposure; the embedded-software model lets an FI modernize without it.
  • The middleware ledger was the single point of failure at Synapse. If you cannot reconcile balances down to each end customer, you have exposure, not a program.

BaaS stack diagram: Brand/Fintech on top, Middleware/BaaS Platform in the middle marked as the Synapse failure point, and Licensed Sponsor Bank at the bottom, with charter and money responsibility flowing down to the bank and brand flowing up

Save this reference card — the three-layer BaaS stack and its failure point in one image.

What Banking-as-a-Service Actually Is

BaaS is a compliance program with an API attached. A ride-share company that gives drivers a debit card, a payroll platform that pays workers instantly, a software tool that issues virtual cards — none of these are banks. They rent regulated banking functions from a chartered institution and present the experience as their own. The brand on the app is rarely the bank holding the money.

The charter never moves. Only a bank can hold insured deposits, move money across the payment rails, and answer to federal regulators. BaaS rents access to those capabilities; it does not hand off the obligations that come with them. Lose sight of that one distinction and you get the failures this guide walks through.

The Numbers That Make This Worth Your Time

Roughly 25% of retail members already run a business on a personal account. Only about 8% of credit union members use their institution for business banking. An estimated 87% of new LLCs never see a credit union offer at all, and the average small business stays with its first bank for about 7 years. The members are already in the building. The gap is the product, not the relationship.

How BaaS Works: The Three Layers

A working BaaS arrangement has three layers, each with a different role and a very different level of regulatory responsibility. Risk flows down to the bank; the brand and the customer relationship sit up top.

LayerWho it isWhat it doesCarries the charter?
Brand / FintechThe customer-facing companyOwns the app, the relationship, and the brandNo
BaaS PlatformMiddleware / API providerConnects the brand to the bank, runs the ledger and toolingNo
Licensed (Sponsor) BankChartered, insured institutionHolds deposits, moves money, owns regulatory obligationsYes

The sponsor bank holds the charter and the deposit insurance, and answers to the OCC, FDIC, or Federal Reserve for everything in the program, including the conduct of partners several steps removed from it. The BaaS platform sits in the middle, providing the APIs, the tooling, and the ledger that tracks which end customer owns which dollar. That middleware makes integration fast. It was also the single point of failure in the industry's worst collapse. The brand or fintech owns the experience but holds neither the money nor the charter.

The appeal is speed: a brand can stand up a banking product in months instead of years. The danger is the distance that grows between the people using the product and the bank legally responsible for it. The further those two ends drift apart, the harder it gets to answer a question that should always be simple: where is the money, and whose is it?

BaaS Licensing: Who Needs a License and Who Doesn't

The licensing question has a short answer: the fintech or brand does not need a banking license; the sponsor bank supplies it. That is the entire commercial logic of BaaS. The longer answer determines what each party can legally do.

  • Holding insured deposits requires a bank charter. State or national, with FDIC insurance. No API contract transfers this. Whoever holds the deposits answers to a federal banking regulator for the whole program.
  • Issuing cards requires a bank on the card networks. Visa and Mastercard issue through member banks, so every fintech card program runs on a sponsor bank's network membership and BIN. "Card issuing" middleware still terminates at a chartered institution.
  • Moving money without a bank partner requires money transmitter licenses. A company that only transmits payments can pursue state-by-state money transmitter licenses (MTLs) instead. MTLs allow money movement, but not insured deposit-taking and not card issuing on bank rails, which is why most fintechs choose a sponsor bank over the 50-state licensing path.
  • A few fintechs bought the whole stack. Square obtained an industrial loan company charter (Square Financial Services, operating since 2021), and Column is a nationally chartered bank selling developer APIs directly. Owning a charter removes the middleware gap and adds the full weight of bank regulation. It is the exception, not the pattern.

For a financial institution reading vendor decks, the licensing lens cuts fast: whoever asks you to hold the deposits is asking you to be the sponsor bank, with everything the next sections describe. A vendor that never touches your charter, your ledger, or third-party deposits is selling software, not BaaS sponsorship.

Two Models of BaaS: The Split That Matters

In 18 years of bringing digital banking to credit unions, no term has caused more boardroom confusion than BaaS, and the confusion usually comes down to this split. Post-Synapse, BaaS divides cleanly into two models. They share a name and almost nothing else.

Sponsor-bank BaaSEmbedded-software BaaS
Who holds depositsThe sponsor bank, for fintech customers it never onboardedThe FI, for its own members (no change)
Who owns the ledgerThe middleware platformThe FI, on its own core
Regulatory exposureHigh — full BSA/AML, fair-lending, and third-party liability across the partner chainLow — standard vendor diligence; no new deposit-pooling risk
What you can offerRented charter, cards, and accounts for outside brandsModern tools for your own members: formation, bookkeeping, tax, compliance
ExampleEvolve Bank powering dozens of fintech apps through SynapseA credit union embedding small-business software in its own app

The first model produced the consent orders. The second is how a community bank or credit union modernizes without becoming the kind of institution regulators now watch most closely. When a vendor says "BaaS," your first question should be: which of these two am I being offered?

BaaS vs. Embedded Finance vs. Embedded Banking

BaaS, embedded finance, and embedded banking get used interchangeably, and that looseness causes real confusion in partnership conversations. Keep them straight:

  • Banking-as-a-Service is the supply side — the infrastructure. It is the plumbing that lets a non-bank offer banking products through a chartered institution. BaaS is the engine that makes the other two possible.
  • Embedded finance is the broad outcome: any financial product offered inside a non-financial experience — a "buy now, pay later" button at checkout, insurance offered during a car purchase, a payment feature inside a software tool. Some of it runs on BaaS; some does not. See our guide to embedded finance in 2026.
  • Embedded banking is a more specific case: bank-grade products (accounts, cards, payments, and increasingly accounting and tax tools) delivered inside an app the customer already uses, often the bank's own. We cover the distinction in our embedded banking explainer, and the accounting layer specifically in our embedded accounting guide.

BaaS is the engine, embedded finance is the broad category of what you build with it, and embedded banking is one important product family inside that category. An institution does not have to become a high-risk sponsor bank to take part in embedded banking, and for community banks and credit unions, that is the whole point.

BaaS Solutions: The Named Platforms and Sponsor Banks

Decision-makers ask for names, so here they are. The middleware tier is where the 2024–25 shakeout hit hardest; the sponsor-bank tier is where the enforcement landed.

Middleware / BaaS platforms

ProviderWhat it doesWhat happened in 2024–25
UnitBaaS middleware, card issuing, accountsActive; tightened bank-partner and compliance requirements
Treasury PrimeBank-direct BaaS connectivityActive; pivoted toward a bank-led, direct-relationship model
SyncteraBaaS platform with sponsor-bank marketplaceActive; leaned into compliance tooling and program management
ColumnNationally chartered bank with a developer APIActive; bank and platform are the same entity, removing the middleware gap
Stripe TreasuryEmbedded banking via partner banksActive; large-scale, bank-partner model
SynapseMiddleware that pooled customer funds in FBO accountsFiled Chapter 11 in April 2024; ledger shortfall triggered the crisis
Bond, SolidBaaS middleware startupsExited the market amid the broader BaaS pullback

Sponsor banks

BankRoleWhat happened in 2024–25
Evolve Bank & TrustMajor Synapse sponsor bankFederal Reserve cease-and-desist order (June 2024) over its fintech risk-management framework
Blue Ridge BankActive BaaS sponsorOCC consent order over BSA/AML deficiencies in its fintech programs
Lewis & Clark BankSmaller sponsor bankContinued operating; representative of community-bank entrants
Coastal Community BankHigh-volume sponsor bankContinued operating with significant fintech-program exposure

The pattern across the survivors is consistent: the ones still standing rebuilt their compliance functions before they grew their partner books, not after.

The 2025–2026 Regulatory Reality

The lightly-governed BaaS era is over. That is not a forecast; it is what the public record now shows. Each fact below comes with what it means for you.

The Synapse collapse. In April 2024, Synapse Financial Technologies, a middleware provider in that middle layer, filed for Chapter 11. Synapse did not hold deposits; it reconciled and routed pooled customer funds into "for benefit of" (FBO) omnibus accounts at partner banks. When the relationships unraveled, the bank-held balances did not match Synapse's records, with an estimated shortfall of up to $95 million between bank-held funds and amounts owed. More than 100,000 end users lost access to over $265 million, and many were locked out of their money for months. This was a ledger and reconciliation breakdown, not a hack or a market crash. (CNBC, Banking Dive, Fortune) What this means for you: if you cannot reconcile down to each end customer independent of the middleware, you do not have a program — you have exposure.

Enforcement against sponsor banks. Regulators did not stop at the middleware. The Federal Reserve issued a cease-and-desist order against Evolve Bank & Trust, a Synapse partner, in June 2024, citing an ineffective risk-management framework for its fintech partnerships. The OCC placed Blue Ridge Bank under a consent order over Bank Secrecy Act and anti-money-laundering deficiencies. The common thread was weak due diligence and inadequate ongoing monitoring of partners. (Federal Reserve, Banking Dive) What this means for you: outsourcing the activity does not outsource the responsibility. Earn the upside of a partner's program and you own the full downside of its conduct.

What regulators expect. The governing framework is the interagency Third-Party Relationships: Risk Management guidance the Federal Reserve, FDIC, and OCC finalized in June 2023, followed in May 2024 by a companion guide written specifically for community banks. The principle is blunt: a bank's use of third parties does not diminish its responsibility for the activity. (Federal Reserve, OCC) What this means for you: due diligence before a partnership, contractual controls during it, continuous monitoring throughout, with oversight scaled to the risk.

The FDIC custodial-account rule. In September 2024 the FDIC proposed a rule requiring banks that hold custodial deposit accounts with transactional features to keep accurate per-owner records, reconcile them, and submit to independent validation. As of July 2026 it remains in proposed status: the comment period closed in January 2025, the FDIC withdrew several other 2024 proposals in March 2025, but left this one pending. (FDIC, Federal Register) What this means for you: the direction is set even though the rule is not final. The recordkeeping responsibility lands on the insured bank, so build for it now.

BaaS is not dead. The loose version is, and the version that survives is a compliance discipline first and a technology product second.

Whether you are a fintech choosing a sponsor bank or an FI evaluating whether to become one, the same file has to hold up. Before signing anything:

  • Identify which of the two BaaS models the arrangement is, and therefore which risks you would own
  • Confirm balances can be reconciled down to each end customer, daily, independent of any middleware ledger
  • Require a direct contractual relationship with the bank, not only with the middleware in between
  • Document how FDIC pass-through insurance conditions are met: FBO account titling plus per-owner records
  • Check the bank's public enforcement record (consent orders, cease-and-desist orders) with the OCC, FDIC, and Federal Reserve
  • Map BSA/AML, fair-lending, and KYB/KYC obligations across the full partner chain, with named owners
  • Negotiate exit and wind-down provisions: data portability, customer notification, and fund-return mechanics
  • Budget continuous oversight (monitoring, BSA/AML staffing, audit) as a permanent expense, not a one-time integration cost

How a Community Bank or Credit Union Participates Responsibly

Modernizing does not mean becoming a sponsor bank, no matter how often vendor decks imply it does.

The high-risk version rents your charter to many unknown fintechs, holds pooled deposits for customers you never onboarded, and leans on a middleware ledger you do not control. That is the model that produced the consent orders. The embedded-software version is different in every dimension: you embed better tools for your own members, inside your own app, on your own ledger. The products small businesses actually need (formation, bookkeeping, accounting, and tax filing) do not require deposit-pooling or third-party-fintech risk.

The opportunity is large and largely unserved. With a quarter of retail members already running a business on a personal account and only 8% banking their business with you, the members are already in the building. You can serve them with embedded software that runs inside your existing app, vendor-managed, on your terms, with proper due diligence and clear data boundaries, without ever becoming the kind of sponsor bank regulators watch most closely. For where this is heading, see our 2026 credit union trends piece, our look back at the 2025 fintech year, and our state of community banking.

Common Mistakes and Pitfalls

  • Treating BaaS as a technology decision. It is a governance decision with an API attached. Risk, compliance, and legal belong in the room before engineering does.
  • Trusting the partner's ledger. Synapse showed the bank, not the middleware, has to answer "whose money is this?" at any moment. No reconciliation down to the end customer, no program.
  • Skipping the KYB and KYC chain. Knowing your partner is not enough; you have to know your partner's customers. Weak business verification ran through every enforcement action.
  • Underpricing the cost of oversight. Continuous monitoring, BSA/AML staffing, and audit are permanent expenses. The programs that priced for a one-time integration are the ones that failed.
  • Confusing reach with control. Nationwide deposits look appealing right up until they leave overnight, or carry compliance problems you never underwrote.

Business Tools Without Sponsor-Bank Risk: How Jupid Helps

Jupid sits at the responsible end of this spectrum: no charter rental, no pooled deposits, no outside fintech program. Jupid embeds small-business financial tools (incorporation, accounting, tax, and compliance) natively inside the bank or credit union's own app, for its own members. You keep the relationship, the brand, the deposits, and the regulated activity. Members reach an AI accountant through WhatsApp and iMessage that connects to their bank accounts, categorizes transactions at 95.9% accuracy, and handles tax filing. Jupid integrates with Banno, Q2, and Alchemy across 3,000+ financial institutions and is SOC 2 certified, which keeps vendor diligence short. Our team previously built Anna Money, serving 60,000+ small businesses at $40M ARR. Explore a partnership with Jupid or reach us at [email protected].

Sources


This article is for educational purposes only and does not constitute legal, regulatory, tax, or financial advice. Regulatory rules and guidance change; the FDIC custodial-account rule discussed here was in proposed status as of July 2026. Consult qualified legal and compliance counsel before entering any banking-as-a-service or bank-fintech partnership.

Anna Khalzova
Anna Khalzova

CBO & Co-Founder

Business leader with 18 years embedding fintech into U.S. banks, leading 200+ integrations across products and partnerships. Deep expertise in digital banking and fintech partnerships, building lasting relationships with financial institutions across the US.

Keep reading

Limited-time offer

Your first month of Jupid — completely free

New here? Enter this code at checkout and your first month is on us — full AI bookkeeping, tax filing, and a 24/7 accountant, $0 for 30 days.

New customers. First month free with code NEW2026, cancel anytime.

Ready to simplify your finances?

Join 1,000+ businesses using Jupid to save time and money. Start simplifying your finances today.

30-day money-back guarantee