The Quiet Restructuring of Finance

When a consumer taps “confirm” on a rideshare app, they are usually too busy scanning the road ahead to consider the technical acrobatics occurring in the blink of an eye. In that instant, a payment is authorized and executed, seamlessly woven into a non-financial experience. This is the face of embedded finance, a quiet revolution that is fundamentally restructuring how financial services are distributed and consumed. This is not an incremental shift; it is a re-architecting of the financial landscape on a generational scale.

The market opportunity is staggering. In the United States alone, embedded finance accounted for $2.6 trillion in transactions in 2021, a figure projected to surge past $7 trillion by 2026. Globally, the market is valued in the hundreds of billions of dollars and is expanding at a compound annual growth rate that dwarfs that of the traditional financial sector. This explosive growth is powered by an underlying technological model: Banking-as-a-Service (BaaS). BaaS unbundles the monolithic bank into a series of discrete functions—account opening, payment processing, lending, compliance—and delivers them as modular services via Application Programming Interfaces (APIs).

Herein lies the central paradox for founders and investors. The very model enabling this multi-trillion-dollar opportunity is being built upon a BaaS infrastructure that, while driving unprecedented innovation and convenience, simultaneously introduces concentrated points of failure and operates within a dangerous regulatory vacuum. This dynamic has created a generational opportunity shadowed by significant, and often misunderstood, systemic risk. For the fintechs building the future and the investors funding them, mastering this paradox is no longer optional; it is the prerequisite for survival and success.

The BaaS Engine – Unbundling the Bank, Concentrating the Risk

The architecture of modern finance is being discreetly re-drawn. What began as a regulatory push for data transparency has morphed into a market-led disassembly of the bank itself. This process, while unlocking immense value, has created structural fragilities that are only now coming into view, posing profound challenges for participants and supervisors alike.

From Open Data to Open Functions: A Foundational Shift

The story begins with Open Banking. In the wake of the 2008 global financial crisis, policymakers in the United Kingdom and the European Union sought to inject competition into staid retail banking markets. Their solution, codified in regulations like the second Payment Services Directive (PSD2), was to mandate that banks share customer data with third parties, with the customer's permission, through standardized APIs. The goal was data portability—to give consumers control over their information and lower barriers to entry for new services.

However, technology and market ambition quickly outpaced this initial regulatory intent. Innovators realized that if they could access data via APIs, they could also access core banking functions through the same channels. This marked the pivotal evolution from Open Banking to Banking-as-a-Service. BaaS moves beyond merely sharing data to unbundling and distributing the fundamental operations of a licensed bank. It allows a non-financial company, be it a ride-hailing platform or a retail app, to embed financial products—deposit accounts, debit cards, loans—directly into its user experience without needing to become a bank itself.

This transition represents a critical escalation of risk that existing regulatory frameworks are ill-equipped to manage. Open Banking primarily concerns data privacy and security, risks that can be addressed through consent frameworks and robust technical protocols. BaaS, in contrast, externalizes core prudential functions like deposit-taking, payment execution, and compliance to a complex, multi-layered chain of intermediaries. The central question of risk has shifted from "who can see the money?" to "who is responsible for the money?" The regulatory system, designed to supervise vertically integrated financial institutions, now confronts a horizontally layered ecosystem where risk is diffused, and accountability is dangerously ambiguous.

Anatomy of a Systemic Failure: The Synapse Case Study

The collapse of BaaS provider Synapse serves as a definitive and cautionary case study of this new architectural fragility. Synapse's model was emblematic of the BaaS value proposition: it partnered with small, licensed banks to offer deposit accounts, debit cards, and payment services to a host of consumer-facing fintech companies, allowing them to circumvent the long and arduous process of securing their own banking charters. The system appeared efficient, accelerating innovation and lowering costs.

The outcome, however, was catastrophic. When Synapse collapsed, thousands of consumers lost access to their funds overnight. The failure exposed a gaping hole in accountability. Was the consumer-facing fintech app responsible? Was it the middleware provider, Synapse? Or was it the underlying partner bank whose license gave the entire structure a veneer of legitimacy? The event left this crucial question unanswered, stranding consumers in a regulatory no-man's-land.

The Synapse failure should not be viewed as an isolated incident but as a proof-of-concept for the inherent design flaw of the current BaaS model: the "accountability gap." This is a classic law-and-economics problem where private contracting between the parties in the chain—the fintech, the BaaS provider, and the bank—fails to account for the severe negative externalities imposed on the end consumer and the broader financial system when a single link breaks.

The incentives of the participants are fundamentally misaligned. The consumer-facing fintech is optimized for rapid user growth. The BaaS provider is driven to scale its platform and transaction volume. The partner bank seeks to generate low-risk fee income from its charter. In this arrangement, operational and compliance risks are often shifted down the chain, ultimately resting with the partner bank or the consumer, who lacks the information or power to properly assess them. When a failure occurs, each party can point to another, creating a circular chain of liability that leaves the consumer unprotected. This is not a bug in the system; it is a feature of a model where responsibility is diffused by design.

A New Model: Integrating Compliance to Close the Accountability Gap

In response to the structural fragilities exposed by failures like Synapse, a new BaaS paradigm is emerging—one that re-centralizes the most critical risk functions. This model, exemplified by platforms like Gemba, operates on a simple but powerful premise: the technology provider remains the sole licensed and regulated entity, offering a comprehensive compliance shield to its partners.

Under this framework, the BaaS provider assumes full legal and regulatory responsibility. All critical functions—Know Your Customer/Business (KYC/KYB), Anti-Money Laundering (AML) monitoring, and reporting—are handled internally by the provider. Partners, whether they are new fintech startups or established SaaS companies, can launch branded financial products without needing their own license or in-house compliance team. This closes the dangerous "accountability gap" by design. The line of responsibility is no longer blurred; it leads directly back to the licensed provider, creating a clear framework for regulatory oversight and consumer protection.

The Global Regulatory Lag and the Cost of Ambiguity

Regulators around the world are struggling to apply supervisory frameworks designed for monolithic banks to this new, disaggregated financial architecture. The existing system is ill-equipped to address the novel risks generated by BaaS, from hidden dependencies to cascading failures. This regulatory ambiguity carries tangible costs.

The case of Chime, a popular fintech app in the U.S., provides a clear example. In 2020, Chime faced regulatory scrutiny for marketing itself as a "bank" without adequate disclosure of its partnership structure with The Bancorp Bank and Stride Bank. Regulators, notably the California Department of Financial Protection and Innovation, intervened, stating that such representations were deceptive and violated state banking laws.

The consequences for Chime were severe, even without a publicly disclosed monetary fine. The company was forced into a costly rebranding effort, incurring millions in legal fees, marketing campaign changes, and operational resources. The violation led to significant reputational damage and a temporary slowdown in customer acquisition as the company worked to rebuild trust. The Chime case demonstrates that compliance failures in this ambiguous environment can be extraordinarily expensive, eroding brand equity and delaying growth.

This regulatory gap creates a wide spectrum of risks for all BaaS participants. Key among them are ensuring compliance with the Bank Secrecy Act (BSA), Anti-Money Laundering (AML), and Know Your Customer (KYC) regulations; managing third-party operational and compliance risks; maintaining robust information and cybersecurity controls; and mitigating reputational damage from the failures of partners. Crucially, regulators have made it clear that licensed banks are ultimately responsible for ensuring their third-party relationships are fully compliant, placing an immense due diligence burden on the institutions lending out their charters.

A Strategic Playbook for FinTech Founders

For early-stage fintechs, navigating the BaaS ecosystem is a high-stakes endeavor. Success is no longer just about a sleek user interface or a clever go-to-market strategy. It now demands a sophisticated understanding of the underlying economic models and a strategic approach to technology that builds resilience and a competitive moat from day one.

The Economics of Service Delivery: Pricing Models for Sustainable Growth

One of the most foundational decisions a fintech founder will make is the selection of a BaaS provider and, critically, its pricing model. This choice directly impacts revenue predictability, cost structure, and long-term scalability. While BaaS pricing often mirrors well-understood Software-as-a-Service (SaaS) models, it comes with unique financial nuances that can determine a startup's viability. Founders must evaluate these models not on headline price, but on their strategic implications for cash flow and partner alignment.

The primary models include:

• Subscription-Based (SaaS Model): This involves a fixed monthly or annual fee for access to the BaaS platform's APIs and services. It offers high predictability in costs for the fintech, which is valuable for budgeting. However, this model can disincentivize scale; if costs rise linearly per user or account, they may outpace the revenue generated from that user, compressing margins as the business grows.
• Usage-Based (Pay-As-You-Go): Here, costs are tied directly to consumption metrics such as the number of API calls, accounts opened, or transactions processed. This model feels inherently fair and aligns costs directly with revenue-generating activity. The downside is unpredictability; a spike in user activity can lead to a surprise increase in costs, making financial forecasting difficult for a young company.
• Tiered and Feature-Based: This model bundles features or usage limits into different price tiers (e.g., Basic, Pro, Enterprise). It provides a clear upgrade path, allowing a fintech to start with a low-cost entry point and scale its commitment as its needs grow. The risk is that the tiers may not align with genuine customer value, making upgrades feel like a forced upsell rather than a natural progression.
• Revenue Share: In this model, the BaaS provider takes a percentage of the revenue generated by the fintech, such as a share of interchange fees from card transactions or interest from loans. This approach creates powerful incentive alignment—the provider is only successful if the fintech is successful. It dramatically lowers upfront costs but can become the most expensive option at scale and requires complex systems for tracking and reconciliation.

Here is a comparative framework for evaluating these options from the perspective of an early-stage founder:

Monthly Subscription (SaaS Model): This model uses a fixed recurring fee for platform access.

• Revenue Predictability: High, as the fintech's revenue is independent of provider costs.
• Cost Scalability: Poor. Costs often scale per user or account, which may outpace the revenue generated from that user.
• Upfront Investment: Moderate to high due to the fixed monthly commitment.
• Incentive Alignment: Low. The provider is paid regardless of the fintech's success.
• Best For: FinTechs with a clear path to high-margin revenue per user.

Usage-Based (Pay-As-You-Go): With this model, a fintech pays per API call, transaction, or active account.

• Revenue Predictability: Variable, as it is dependent on user activity.
• Cost Scalability: Excellent, because costs are directly tied to revenue-generating activity.
• Upfront Investment: Low, as the fintech pays only for what is used.
• Incentive Alignment: Medium. The provider benefits from higher volume but not necessarily higher-value transactions.
• Best For: High-volume, low-margin businesses where transaction costs are a key metric.

Tiered and Feature-Based: This approach offers different price points for bundles of features or usage limits.

• Revenue Predictability: Predictable within each tier.
• Cost Scalability: Good, as the fintech can upgrade as needed.
• Upfront Investment: Varies by tier, allowing for a low-cost entry point.
• Incentive Alignment: Medium, as it nudges fintechs toward higher-value features.
• Best For: Products with clear feature differentiation for different customer segments.

Revenue Share: In this model, the BaaS provider takes a percentage of the revenue generated by the fintech.

• Revenue Predictability: Directly tied to provider costs.
• Cost Scalability: Fair, as the provider's cut scales with the fintech's success.
• Upfront Investment: Very low, with minimal fixed fees.
• Incentive Alignment: High, creating a shared interest in maximizing revenue.
• Best For: FinTechs in lending or payments where revenue is transaction-based, such as interchange or interest.

The No-Code to Low-Code Pathway: Accelerating Time-to-Market

The challenge for new entrants has traditionally been the immense upfront investment in time and technology. However, the new BaaS model is radically lowering this barrier, making it possible to launch a financial product in minutes, not months. This is achieved through a "no-code to low-code" pathway that prioritizes speed at the outset and flexibility for the long term.

Platforms like Gemba offer a white-label, no-code solution that allows a partner to launch a fully branded web banking app in as little as seven minutes. This turnkey approach eliminates the need for an IT team for the initial setup, allowing founders to go from concept to a minimum viable product (MVP) almost instantly. For financial SaaS companies, this provides a frictionless way to embed banking and payment services, unlocking new, high-margin revenue streams with minimal operational overhead.

Crucially, this speed does not come at the cost of future scalability. The model is designed to evolve with the partner. While the no-code app provides an immediate market entry point, the platform also offers robust APIs and is developing standalone web and mobile apps that allow for deep, low-code customization. This gives successful partners unlimited flexibility to create a unique user experience and integrate financial services more deeply into their core offerings as they grow. This strategic pathway—starting with a no-code solution to validate the market and transitioning to a low-code, customized platform to build a competitive moat—is fundamentally changing the calculus for starting a fintech, a community banking app, or a financial SaaS business.

The Open-Source Imperative: Building a Competitive Moat

For a modern fintech, adopting open-source technology is no longer a niche technical choice but a strategic imperative, analogous to the adoption of cloud computing a decade ago. While cost savings are an obvious benefit, the true advantages are multi-faceted and create a durable competitive advantage.

First, open source accelerates innovation and speed-to-market. By leveraging vibrant communities and pre-built, robust platforms—such as Apache Fineract for core banking systems or the Open Bank Project for API standards—startups can avoid reinventing foundational infrastructure. This allows them to focus their scarce and expensive engineering resources on their unique value proposition—the "special sauce" that differentiates them from competitors.

Second, it mitigates the critical risk of vendor lock-in. Proprietary systems can expose a fintech to unpredictable and potentially crippling price hikes, as seen in the market's reaction to Oracle's changes to its Java SE subscription model. Open-source software ensures long-term viability; because the source code is accessible, the software can be maintained and updated by the community or other firms even if the original vendor disappears, future-proofing the technology stack.

Third, open source can lead to enhanced security. While seemingly counterintuitive, the public transparency of open-source code allows for continuous scrutiny by a global community of developers and security experts. Vulnerabilities are often discovered and patched more quickly and collaboratively than they might be within a closed, proprietary system.

Finally, and perhaps most importantly for an early-stage company, a commitment to open source is a powerful magnet for elite engineering talent. Top engineers are drawn to working on impactful, industry-wide tools and value the ability to build a public portfolio of their contributions. In the fierce war for talent, an active and respected presence in open-source communities has become a key differentiator for recruitment and retention.

For an early-stage fintech, a well-articulated open-source strategy is a powerful signal to investors. It demonstrates capital efficiency, as precious seed funding is not being wasted on rebuilding commoditized infrastructure. It signals technical sophistication and an ability to attract and retain a high-caliber engineering team, mitigating a key scaling risk. It shows a focus on building a defensible, proprietary moat on top of a stable, collaborative, and globally validated foundation. In short, a smart open-source strategy is not just a technical choice; it is a core component of a sound fundraising and growth strategy.

An Investor's Guide to the New Fintech Paradigm

The investment landscape for financial technology has matured. The market correction of 2022 brought an end to the "growth-at-all-costs" era, ushering in a new paradigm where operational discipline is valued as highly as top-line expansion. For investors, this requires a more nuanced approach to due diligence and a sharper focus on the underlying structural integrity of a fintech's business model.

Beyond Growth-at-all-Costs: The New Metrics of Success

The era of zero-interest-rate policy (ZIRP) fueled a venture capital boom where fintechs could afford to sprint, pursuing growth above all else. The subsequent market correction triggered a fundamental shift. A challenged funding environment now demands a clear and credible path to profitability.

The most resilient founders have responded. Recent data reveals a dramatic improvement in operational efficiency across the sector. Nearly 80% of fintech companies improved their year-over-year EBITDA margins, and burn rates have improved by 23% from their peak in 2022. This demonstrates a laser focus on building sustainable business models. However, this newfound discipline does not come at the expense of opportunity. The same research shows that revenues in the fintech industry are projected to grow almost three times faster than those in the traditional banking sector between 2022 and 2028.

This confluence of factors creates a compelling investment thesis for the current market cycle: identify and back the companies that combine the high-growth potential inherent in financial technology with the rigorous operational discipline now demanded by the market. The challenge lies in separating the truly resilient from the "walking dead"—companies with improving margins but a median EBITDA that remains deeply negative, suggesting no viable path to profitability or an exit.

Due Diligence for a Decentralized World: A New Framework for Risk Assessment

In this new paradigm, traditional fintech due diligence focused on total addressable market (TAM), user experience (UX), and customer acquisition cost is no longer sufficient. The distributed nature of the BaaS model means that a fintech's success is inextricably linked to the resilience of its partners. Investors must now underwrite the integrity of the entire value chain. This requires a new framework for risk assessment that probes the hidden dependencies within the ecosystem.

A revised due diligence checklist must now include the following critical questions:

• Partner Bank Risk: Who is the underlying licensed bank? What is its regulatory standing, capital adequacy, and overall balance sheet strength? What is the concentration risk—how many other fintech programs are running on this single bank's charter, and could their failure impact this investment?
• Middleware Provider Risk: Is the BaaS platform a single point of failure for the business? What are their documented business continuity and disaster recovery plans? What are the specific contractual liabilities and risk-sharing agreements in the event of their insolvency or operational failure? Who is left holding the bag?
• Compliance and Regulatory Risk: How robust is the fintech's internal compliance management system? Who in the value chain is contractually responsible for critical functions like KYC and AML, and how are these processes monitored and audited? Does the leadership team have a clear and proactive plan for navigating the evolving regulatory landscape, which is certain to tighten?
• Consumer Protection Risk: How are end-user funds segregated and protected from operational creditors? Is the marketing of FDIC insurance clear, accurate, and compliant, avoiding the pitfalls that ensnared Chime? In the event of a service disruption, who is responsible for customer support and remediation?

Mapping the Opportunity

A disciplined analysis of the market reveals several high-potential segments within the broader embedded finance ecosystem.

• Embedded Payments: This remains the largest and most mature segment, projected to account for over 45% of the market and exceed $400 billion in revenue by 2034. With US transaction values alone set to surpass $7 trillion by 2026, the opportunity lies in platforms that can embed seamless payment flows into high-growth B2B and B2C verticals, particularly retail and e-commerce, healthcare, and logistics.
• Embedded Lending: This is widely considered the fastest-growing segment, poised for explosive growth as it addresses significant unmet needs. This includes providing crucial working capital for small and medium-sized enterprises (SMEs), which face an estimated funding gap of £22 billion in the UK alone, and offering point-of-sale financing solutions like Buy Now, Pay Later (BNPL) to consumers.
• The "Picks and Shovels" Play: The inherent complexity, fragmentation, and risk of the BaaS ecosystem create a substantial opportunity for companies that build the enabling infrastructure—the "picks and shovels" of this digital gold rush. This category includes RegTech firms that automate compliance and monitoring; cybersecurity platforms that specialize in managing third-party vendor risk; and specialized professional services firms that provide the strategic, operational, and regulatory guidance fintechs need to navigate this complex landscape.

The most sophisticated investment opportunities may no longer lie in funding the next consumer-facing neobank. The first wave of fintech innovation was about perfecting the front-end user experience. The failures and regulatory clampdowns now reveal that the true, unsolved challenges are on the back end. This creates a new, and arguably more durable, market for B2B solutions that address these second-order problems. Investing in the "picks and shovels" is a leveraged bet on the growth of the entire embedded finance ecosystem. As regulatory scrutiny inevitably increases, the demand for these compliance, security, and resilience solutions will only grow, making them a potentially counter-cyclical and more defensible investment in the long term.

Forging a Path to Resilient Innovation

The financial services industry is at an inflection point. The immense, multi-trillion-dollar value creation promised by embedded finance is inextricably linked to the operational fragility and regulatory ambiguity of its underlying BaaS architecture. This central paradox will define the next decade of innovation, separating fleeting successes from enduring, category-defining companies.

The emergence of integrated compliance models and no-code to low-code platforms is providing a clear path forward. By centralizing risk and radically lowering barriers to entry, these new architectures empower founders to build resilient, scalable businesses from day one.

For founders, the mandate is clear. The next generation of fintech success will be defined not merely by a superior user interface or a viral customer acquisition loop, but by architectural resilience and regulatory foresight. In an ecosystem where a single partner's failure can be catastrophic, building a "bankable" business now means proving that the entire value chain is robust, compliant, and prepared for failure. The focus must shift from simply building a product to engineering a resilient system.

For investors, the calculus has changed. The most compelling returns will not come from backing another slick application built on a fragile foundation. They will be found in identifying the founders who deeply understand the ecosystem's systemic risks and are building solutions to mitigate them. This may mean investing in the enabling technologies—the "picks and shovels"—that make the entire system safer and more efficient, or backing consumer-facing companies whose leaders have prioritized compliance and third-party risk management from day one. In the new fintech paradigm, managing risk is the ultimate value proposition.

// Alexander Legoshin, CEO