Embedded Finance and Banking as a Service (BaaS)

Embedded Finance and Banking as a Service (BaaS)

Concepts

Both concepts are directly related. A digital strategy, to efficiently achieve its objectives, starts from understanding the concept and its main actors: Who consumes and who provides this service and/or product.

Embedded Finance: Refers to the integration of financial services, such as payments, loans, and insurance, directly into platforms of companies that are not in the financial sector. 

BaaS: Involves offering banking infrastructure by financial institutions to non-financial companies through APIs.

Companies that adopt this integration also strengthen their brands by providing enhanced customer experiences within their platforms, significantly increasing the chances of customer loyalty.

Impacts of Adoption

The impact of this integration is reflected in the market with competition. Not only financial institutions, which are capable of offering banking products and operations, but also new competitors (fintechs) that act as integrators.

A digital strategy to provide this service must be well-orchestrated, and corporate architecture plays a role in this adoption. It is necessary to present the risks and benefits of adoption, reinforce technologies and development practices to ensure proper implementation in various product, service, and infrastructure segments.

APIs:

The architecture of both actors depends on integration strongly supported by APIs, ensuring communication between different existing systems and platforms.

Revisiting and reinforcing the adoption of the set of communication principles between applications is a necessary initiative to ensure integrations.

From the perspective of application and component communication, the use of REST is a good choice, widely used, allowing integration between heterogeneous platforms. The focus is to understand the maturity level of using this set of communication principles.

It is common, and erroneously, to attribute REST to a protocol or standard; it is actually an architectural constraint to represent the state transfer of an object.

The maturity level was proposed by Leonard Richardson, being a model and a good way to think about the use of these techniques.

 

Still from the perspective of application communication, establishing a standardization of error responses in APIs is another initiative that deserves attention.

The adoption of RFC-9457 enables important resources and benefits:

  • Standardization: Enables a standard to represent and handle error responses in different APIs, facilitating error handling for clients.
  • Documentation: Can provide links to documentation that describes errors in more detail.
  • Usability: Can be programmatically analyzed by clients to extract error details.


Modularity:

Modularity in software engineering, architecture, and product design refers to the ability to divide a complex system into smaller, independent parts called modules.

In the context of financial services, modularity allows companies to choose and integrate only the services they really need. This avoids overloading platforms with unnecessary functionalities and allows for more efficient customization, reducing maintenance costs and facilitating the evolution of the product and/or services.

From the perspective of Banking as a Service (BaaS), reassessing the services that will be exposed, in a granular way, will allow more personalized offers with the desired functionalities for customers on their platforms, with transparency and less dependency.

This modular delivery capability requires an initiative to adopt software engineering practices that favor domain encapsulation, reduce, and abstract external dependencies.

Event-driven communication patterns can be a good practice to mitigate dependencies outside the domain and gain independence of components using microservices (this can increase accidental complexity! The real impacts should be weighed).

Despite the advantages, modularity also presents challenges, such as clearly defining module boundaries and efficient communication between them. Good planning and cross-team and product communication are essential to ensure that modules work harmoniously and as independently as possible.

There is no superior architectural standard or design. The images presented only enrich the forms of modularization at various levels. Each proposal brings accidental complexity (added to the project) and essential complexity (inherent to the business). Choices depend on culture, technical skills, team communication capacity, and limiting technical aspects. Imposing a single choice of accidental complexity is a mistake in my opinion, as it assumes that all business problems are best solved in the same way.

As complexity generates cost, the idea of reducing costs and accelerating deliveries fades when unnecessary complexities are inserted, increasing delivery time, support, and solution evolution.

An environment of architectural diversity, guided by market standards, significantly improves business solutions. Modularity should be adapted to each type of product or service offered.

Additionally, diversity allows corporate software engineering to address and focus on structuring elements that can be used in different patterns, flexibly delivering the best solution for the business with appropriate modularization in each scenario, especially for Embedded Finance and BaaS.

Governance of External and Internal Communication:

The communication of APIs with business partners requires governance to ensure auditable services, financially aligned with the product offering, preserving the environment and delivery platform to meet volumes and keep systems healthy.

An API Gateway acts as an intermediary between client applications and backend services, controlling traffic, applying security policies, and optimizing performance.

To ensure modularity and the domain concept, this element (Gateway) can be a good choice for communication between domains and needs to be revisited for adequacy.

On the other hand, the API Manager is a platform that offers additional features, such as API lifecycle management, developer portal, and traffic analysis, being a desired choice for external communication.

An API Manager facilitates the integration of financial services into a single platform, allowing non-financial companies to access these services with security, regulatory compliance, and a simplified and well-documented interface.

Other features such as monitoring and traffic analysis allow companies to track API performance and make data-driven decisions.

API Management solutions are generally provided by third parties, which can create dependency and risks associated with changes in the services and policies of these providers, in addition to significant licensing, infrastructure, and maintenance costs.

Therefore, the exchange and adoption of an API Manager should be treated with caution, being an essential component for the governance of Embedded Finance and Banking as a Service (BaaS) solutions.

Scalability:

A scalable infrastructure is essential to support the growth and demand for integrated financial services, especially in Embedded Finance and Banking as a Service (BaaS).

With the increase in integration offerings, the transactional volume also grows. It is not enough to isolate and modularize products and services; applications need to be elastic to meet seasonal, increasing, and decreasing demands. It goes beyond just applying design patterns in the code.

An adequate infrastructure, with components that monitor and execute horizontal and vertical scaling, is a point of attention to ensure stability and efficient delivery in BaaS.

Traditional environments tend to waste resources and have difficulty performing downgrades, resulting in unnecessary expenses and perpetuation of assets.

The adoption of public cloud environments is becoming a trend in the financial market due to its elasticity and management of computational resources. In this context, dynamic infrastructure cost management (FinOps) is essential.

Networking:

The adoption of Embedded Finance tends to increase the size of payloads for integration endpoints between institutions, especially for batch transactions or reconciliation processes.

Reviewing APIs and size restrictions of network elements and traffic to meet these demands may be a necessary initiative.

Security:

The implementation of Embedded Finance and Banking as a Service (BaaS) does not escape the rule of security implementations.

Data and infrastructure security is an aspect that permeates all activities of any system that makes use of technology.

Some points should always be observed.

  • End-to-End Encryption: End-to-end encryption to protect data during transmission and storage should be considered. This ensures that only authorized parties can access the information.
  • TLS/SSL: Implement security protocols such as TLS (Transport Layer Security) and SSL (Secure Sockets Layer) to protect communication between systems and integrations.
  • Multi-Factor Authentication (MFA): Adopt multi-factor authentication to add an extra layer of security, requiring users to provide two or more forms of verification.
  • Role-Based Access Control (RBAC): Use RBAC to ensure that users have access only to the information and functionalities necessary for their specific roles.
  • Intrusion Detection Systems (IDS): Implement IDS to monitor and detect suspicious or unauthorized activities on the network.
  • Behavioral Analysis: Use behavioral analysis tools to identify anomalous patterns that may indicate a security breach.
  • Fraud Prevention Systems: Adopt advanced fraud prevention systems that use, for example, machine learning to detect and prevent fraudulent activities.
  • LGPD and GDPR: Ensure that data collection, storage, and processing comply with data protection laws, such as LGPD in Brazil and GDPR in Europe.
  • Security Culture: Promote a security culture within the organization and among partners.

Use of AI as a Differentiator

The use of Artificial Intelligence (AI) in conjunction with Embedded Finance and Banking as a Service (BaaS) can be a competitive differentiator, especially when aligned with data analytics.

Financial institutions have a large amount of strategic data from customers and partners. Investing in the classification and understanding of this data with AI allows identifying trends, biases, and behaviors, creating new opportunities and highlighting the company in the market with a robust and customized platform.

AI Applications:

  • Hyper-Personalization: Analysis of large volumes of data to offer personalized financial services, such as specific product recommendations and personalized reports for each customer and usage behavior.
  • Automation: Processes such as credit analysis, fraud detection, and customer service can be automated, increasing efficiency and reducing costs.
  • User Experience: AI integration improves the user experience, making interactions faster and more intuitive. Access to natural language resources can enable a smoother experience between parties using social media.
  • Fraud Detection: Advanced methods such as real-time analysis, anomaly detection, and natural language processing to identify fraud.

Combined Benefits:

The combination of Embedded Finance, BaaS, and AI creates a more efficient, secure, and customer-centric financial ecosystem, offering integrated and personalized services, and providing a smoother and more convenient experience for consumers.

Conclusion

The introduction of Embedded Finance and BaaS in the financial market is requiring financial institutions to rethink their processes, products, and services.

For a successful execution with minimal obstacles, it is essential to involve multidisciplinary teams and ensure smooth communication between business and technology areas. The digital strategy of the technology area should focus on the purpose of each product functionality and the business fundamentals.

It is important to remember that decisions are not just technological. They should be made to best serve the business, using technology appropriately and balancing innovation, maintenance, and ecosystem evolution.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics