Risk management in embedded finance wasn’t working, so Alloy fixed it.

Alloy introduces a win-win risk management solution for embedded finance partners

Key Takeaways

• Banks and fintechs have different priorities when onboarding new customers into their embedded finance ecosystem — but those priorities don’t have to compete.
• Embedded finance risk management forces banks and fintechs to adopt one of two flawed compliance models, Compliance-as-a-Service or Bank-as-a-Regulator, with neither offering the real-time visibility and control both parties need.
• With Alloy for Embedded Finance, sponsor banks can enforce compliance requirements at scale while giving fintech partners flexibility to tailor their approach.
• Merged lists help detect fraud across entire partner portfolios while access to our hub of data partners helps both banks and fintechs meet evolving compliance needs and avoid vendor lock-in.

Today, 9 in 10 sponsor banks agree that embedded finance partnerships make up a significant portion of their revenue. However, as regulatory scrutiny grows, the profitability of bank-fintech embedded finance partnerships depends on how effectively sponsor banks can control and monitor their embedded finance programs. Sponsor banks receive more regulatory enforcement than traditional banks, making compliance extremely important.

Read the 2024 State of Embedded Finance Report

What has been working in embedded finance?

Integrating banking services into nonbanking apps has helped banks serve financial solutions to new customer segments. Sponsor banks can significantly boost deposits and revenue without increasing their marketing spend. New digitalization opportunities for banks have meant growth for other businesses. Digital platforms with embedded financial services offer more avenues for customer acquisition and retention. E-commerce retailers like Amazon Marketplace embed financial services at checkout, such as PayPal’s digital banking solution, branded credit card offers, and Klarna/AfterPay’s buy-now-pay-later (BNPL) services. By letting customers select their digital wallet from a lineup of payment options, or complete a purchase in installments, companies can make their platforms stickier for customers. 

So, what hasn’t been working?

Fintech companies offering embedded finance products typically prioritize user experience. While less user friction can yield high growth, it also means more fraudulent customers and a greater likelihood of receiving an enforcement order. This is especially true for early-stage startups looking to make their offering accessible to as many good customers as possible. Balancing risk management with customer experience is a constant negotiation within any financial institution. Scale this across a fintech partner network, and the system starts to break.

Alloy is helping players in the embedded finance ecosystem manage shared risk together

Delivering a differentiated client experience that also considers the complexities of compliance requires a novel approach. Alloy’s embedded finance solution applies our learnings from years of powering identity and fraud decisions for sponsor banks, banking-as-a-service (BaaS) providers, fintechs, Electronic Money Institutions (EMIs) in the UK, and more. The result is a single API that gives banks visibility and control over their portfolio while enabling collaboration with their partners within one user interface.

Before discussing Alloy's expanded embedded finance functionality, I'll share a few of the industry challenges we've encountered to explain why we built our new solution.

There are two ways financial institutions manage risk in embedded finance

Financial service providers typically pick one of two common models for embedded finance compliance (as coined by Alex Johnson):

• Compliance-as-a-Service — The sponsor bank requires fintechs to adopt the bank’s compliance infrastructure and policies, limiting the control fintechs have over their risk management practices.
• Bank-as-Regulator — The sponsor bank outlines minimum requirements based on existing regulatory guidance and internal best practices, and leaves it to fintech partners to be responsible for standing up the technology and data sources to execute.

Neither model enables real-time visibility and control for all players in the ecosystem.

Challenges presented by a Compliance-as-a-Service model

• Banks will impose a “one-size-fits-all” approach that lacks flexibility for mature fintech partners. Existing tools used by banks to manage risk don’t provide fintechs enough insight into their own policies and performance. While some fintech partners might be young startups with little to no experience managing fraud and compliance risk, others are more mature and equipped to optimize their own controls.
• Both sponsor banks and fintech partners may be locked into data vendors that do not meet their evolving needs. A fintech partner may already have a preferred compliance data vendor that differs from what their sponsor bank is using. If the bank directs the fintech partner to use the bank’s chosen vendor, this might come at the cost of a poor client experience. Fintechs have unique business models and products that often target unique populations, and serving those populations well means tailoring the data providers and decisioning logic. As regulation, fraud, risk appetite, and growth goals evolve, so do the ideal data partners for each product and population.

Challenges presented by a Bank-as-Regulator model

• Sponsor banks don’t have sufficient oversight or control over whether their fintech partners follow the compliance requirements they set 

Sponsor banks are ultimately responsible for the customers their fintech partners onboard. As regulated entities, they take a strong interest in ensuring KYC/KYB, AML, and ongoing due diligence has been conducted on customers. When fintech partners leverage their own technology to manage and monitor customer activity, it becomes very difficult for their partner banks to know whether their fintech portfolio is following requirements. This can open them up to regulatory penalties and financial losses. Sponsor banks are tasked instead with lengthy, manual audits, adding operational overhead to their already stretched teams.

• Fintechs are reliant on point solutions that support a limited number of data sources

Fintechs are frequently hampered by vendor lock-in challenges, limiting their ability to scale and adapt to embedded finance market threats. This limitation can lead to increased fraud losses and regulatory scrutiny.

How is Alloy transforming risk management for bank-fintech partners?

Alloy’s platform is designed to solve the identity risk problem for financial institutions and fintechs. Today, we service over 600 of the world’s largest banks, credit unions, and fintechs — including sponsor banks and BaaS providers — with our compliance, fraud, and credit risk management solutions. Alloy’s new product gives sponsor banks better control over their compliance programs while allowing fintechs to customize risk management based on their specific needs.

Oversee your entire partner portfolio with parent/child account structures

We recognize that our clients have different approaches to embedded finance: Some prefer to maintain complete control over their portfolio policies, while others delegate risk management to their fintech partners. 

To accommodate these diverse operating models, we introduced a provisioning dashboard with parent/child account structures. 

Sponsor banks (or ‘parent accounts’) are able to designate the level of autonomy or guardrails for each of their fintechs (or ‘child accounts’) directly in the platform. Child accounts can be set to:

• Controlled — These accounts can view their policies, manual reviews, and performance metrics while operating under parent account restrictions. This visibility allows them to gradually take a more active role in risk management.
• Autonomous — These child accounts can create additional custom rulesets while maintaining their parent account's baseline policies. As a result, they can implement more targeted security measures and fine-tune their user experience.

Regardless of the child account model used for each fintech, parent accounts have complete oversight across their programs to ensure compliance. Parent accounts can build and enforce policy changes at scale by defining and passing rules onto select (or all) partners with one click — no coding required. This gives sponsor banks peace of mind that their policies are consistently implemented.

Keep your fintech partners happy

Every fintech has its own unique requirements and objectives — a policy or data vendor that works for one fintech may not necessarily be the best fit for another. With Alloy, you can do away with ‘one-size-fits-all’ policies and tailor your controls to align with each fintech partner’s specific needs. Whether you're satisfied with your current data sources or seeking better options, Alloy provides access to the industry's largest network of providers. This flexibility helps sponsor banks and their fintech partners streamline compliance reporting and auditing, so fintechs can focus on their core products and customer experience.

Eliminate bad actors across your entire partner portfolio

We also introduced merged lists, an enhancement to our approve/deny lists, which automatically approves or denies customers based on one or more PII elements. The lists defined at a parent level are synced to all child accounts, but child accounts can also customize their own lists, effectively ‘merging’ lists with their parents. This powerful feature enables embedded finance providers to detect and decision on bad actors across their entire portfolio. Fintechs have access to more customer data, and can adapt decisioning to fit the nuances of their own customer relationships.

Your embedded finance risk problem is solvable

Alloy’s Identity and Fraud Prevention Platform provides flexibility in how embedded finance providers manage identity risk across their programs, enabling greater alignment with partners and ensuring compliance every step of the way. Our best-in-class compliance and risk tooling allows banks to focus on growing their business and open up new revenue streams, without compromising on risk, while enabling fintechs to customize controls and maintain their competitive edge.

By embracing a collaborative approach to risk management, sponsor banks and fintechs can unlock new opportunities, drive revenue growth, and deliver unparalleled value to customers in the age of embedded finance.